We recently published a comprehensive guide to the new obligations for employers and the expanded protections for whistleblowers, under Australia’s revised corporate whistleblowing regime.
That regime commenced operation on 1 July 2019 and creates a significant compliance burden for all companies, including the requirement for some companies to have a whistleblower policy.
Under the new whistleblower regime:
must implement a whistleblower policy by 1 January 2020. All companies must otherwise comply with the new whistleblower obligations.
Where a company grows and then qualifies as a large proprietary company during a financial year, it must have a whistleblower policy and make it available to its officers and employees within six months after the end of that financial year.
For relevant companies their whistleblower policy must contain information about:
The policy should also include information about the protections provided in the equivalent tax whistleblower regime.
Additional matters to be included in a policy may be prescribed by regulation. This is designed to ensure that policies can be required to adapt to developments in whistleblower protections and remedies in the future.
ASIC has recently published a consultation paper and draft regulatory guide seeking feedback on its proposed guidance to companies on the matters to be covered by a policy and what ASIC considers to be good practice guide on establishing, implementing and maintaining a policy. Copies of that consultation paper and draft regulatory guide can be found here. ASIC is seeking comments on that draft guidance by 18 September 2019.
ASIC considers that its guidance is consistent with research on whistleblower management, which indicates that while having a policy plays a critical role, having a policy is not enough unless it is implemented consistently and applied throughout the company in practice. As such the guidance is intended to provide companies with a potential structure from which they can develop their own robust policy.
The draft regulatory guide contains both further detail as to how a company can meet its mandatory policy obligations, together with recommendations as to “good practice”. Those good practice recommendations are not strictly mandatory, but they provide a clear indication of what ASIC expects from a whistleblower policy, how ASIC will interpret the new whistleblower obligations, and the issues ASIC will consider when carrying out its enforcement role in respect of the whistleblower protections.
The good practice guidance includes that:
ASIC expects companies to take steps to ensure that there whistleblower policy is widely disseminated to, and easily accessible by, its officers and employees. ASIC has stated that a company should, for example:
Presumably at least some of those steps should be undertaken prior to the implementation of the policy itself and prior to 1 January 2020.
The requirement to have a whistleblower policy was not extended more broadly to all companies, regardless of type or size, so as to avoid creating a disproportionate regulatory burden. As part of its consultation process, ASIC is also seeking views on whether public companies that are small, not-for-profit companies or charities should be exempted from the requirement to have a policy.
Gadens can assist organisations to comply with the new whistleblower provisions, including by reviewing existing whistleblowing policies or drafting new policies, and conducting training for employees on the new protections.
Authored by Brett Feltham.