The Australia Securities & Investments Commission (ASIC) is urging CEOs of public companies, large propriety companies, and trustees of registrable superannuation entities (RSEs) to review their whistleblower policies.
ASIC reviewed samples of whistleblower policies across the country and has found that most policies reviewed did not fully address relevant requirements. Therefore, whistleblowers might not know how they are protected or feel unsure about speaking up – resulting in entities missing opportunities to identify and address potential misconduct at an early stage.
In a letter to Australian CEOs, ASIC emphasised that whistleblowers are essential to help organisations detect misconduct and identify, escalate, and address issues.
ASIC Commissioner Sean Hughes said in the letter that reviewing whistleblower policies is significant because they encourage potential whistleblowers to speak up.
“Whistleblowers help companies and RSEs identify problems and issues that they need to address to comply with the law and improve their performance,” Hughes said. “Policies must clearly set out the legislated whistleblower protections and the process for reporting misconduct.”
ASIC's letter to CEOs:
- Reminded entities about their obligation to have a whistleblower policy that reflects the strengthened whistleblower protection regime that started on July 01, 2019;
- Identified where policies in the samples fell short; and
- Highlighted what entities can do to improve their policies.
“We call on CEOs and RSE trustees to discuss this letter within your organisation and to think about the culture of speaking up in your workplace,” Hughes said. “If the issues we observed from our review are present in your policy, we expect you to address and correct them without delay.”
ASIC will monitor compliance with the whistleblower policy requirements and the handling of whistleblower disclosures. It will also conduct a further review of whistleblower policies in the future and consider the full range of regulatory tools available, including enforcement action, where it identifies non-compliance.