Whistleblowing continues to be front of mind for ASIC, triggering a need to reflect, review and refreshed whistleblowing protections across a range of industry segments. ASIC has released REP 758 on “Good practices for handling whistleblower disclosures” on 2 March 2023 which lay down good practices for implementing whistleblower programs and follows a number of activities taken by the regulator to uplift practice across the industry.
ASIC had released RG-270 on Whistleblower Policies in November 2019 where they had advised on the guidelines to establish a whistleblower policy in line with the pre-requisites and instil a culture of whistleblowing to public companies, large proprietary companies, and corporate trustees of registrable superannuation entities (entities). ASIC also advised of its intention to implement the full range of regulatory tools available, including enforcement action, where non-compliance is identified.
Pursuant to RG-270 and part of a phased approach to overseeing how firms are implementing the 2019 reforms to the whistleblower protection regime, ASIC reviewed 102 whistleblower policies of leading organisations in various sectors in 2020 and advised their observations on inaccurate, incomplete or obsolete policies in the subsequent open letter to CEOs in October 2021. Many of the policies did not include the details of the required oversight arrangements.
ASIC indicated in its Corporate Plan for 2022-26 that it intends to review whistleblower programs from a sample of regulated entities to assess:
In 2022, ASIC had conducted an intensive review of whistleblower programs of seven firms, Within REP 758 ASIC advises entities to consider how to scale and tailor good practices to suit their operations. ASIC clarified through the report that they will continue to review entities’ whistleblower policies and arrangements for handling whistleblower disclosures, including when they receive reports from whistleblowers alleging breaches of the whistleblower protections. Where serious harm is identified, ASIC will continue to consider the full range of regulatory tools available including, where appropriate, civil, or criminal enforcement action.