New ASIC guidance: obligations under whistleblower protection provisions

ASIC has released a new information sheet (Information Sheet 247 (INFO 247)) summarising the obligations of company officers and senior managers under the whistleblower protection provisions in the Corporations Act 2001 (Cth) (the Corporations Act). The information sheet provides practical guidance for companies on complying with the whistleblower provisions, with a focus on how eligible recipients should manage disclosures. The new guidance is relevant to all companies incorporated under the Corporations Act, Government Business Enterprises, State-owned corporations and not-for-profit organisations incorporated under State or Territory legislation that are trading or financial corporations.

Reinforcing key obligations

Company officers and senior managers are ‘eligible recipients’ of qualifying disclosures under the Corporations Act. ASIC reinforces that the main legal obligations of eligible recipients are not to:

  • disclose a whistleblower’s identity or information likely to lead to their identification, unless authorised by the law; or
  • cause, or threaten to cause, detriment to (or victimise) a whistleblower for making their disclosure.

The information sheet also highlights that:

  • A matter that is solely a personal work-related grievance is not considered a qualifying disclosure. Eligible recipients should seek legal advice if unsure whether a disclosure is a qualifying disclosure.
  • Public companies, large proprietary companies and corporate trustees of registrable superannuation entities must have whistleblower policies. ASIC’s Regulatory Guide 270 contains more information about the requirement to have a whistleblower policy.
  • While not all companies are required to have a whistleblower policy, ASIC encourages all companies to have in place arrangements for handling whistleblower disclosures.

Whistleblower anonymity

ASIC reminds companies that it is important to clarify how a whistleblower wishes their identifying information to be treated as soon as possible after a qualifying disclosure is made. This includes discussing how the company will protect their identity if the whistleblower does not consent to their identity to be disclosed. For example, a company may offer to protect a whistleblower’s identity by only sharing identifying information with staff:

  • involved in investigating and addressing the concerns; or
  • responsible for supporting the whistleblower or protecting them from detriment.

The eligible recipient should inform the whistleblower if it is necessary to disclose a whistleblower’s identity to effectively investigate a complaint. They should discuss the process with the whistleblower and maintain open communication with them.

Companies can disclose information likely to lead to identification without the whistleblower’s consent under the ‘investigation defence’. This applies where the disclosure is part of the company’s investigation and:

  • the information does not include the whistleblower’s identity;
  • all reasonable steps have been taken to reduce the risk that the whistleblower will be identified from the information (e.g. removing name and other identifying details); and
  • it is reasonably necessary for investigating the whistleblower’s concerns.

Legal advice should be sought if there is any uncertainty about relying on the investigation defence.

Concurrently addressing employment issues

ASIC also reinforces that the whistleblower provisions do not constrain a company’s ability to lawfully address employment issues relating to an employee who has made a qualifying disclosure. For example, companies can manage performance, modify employment arrangements, discipline, or terminate an employee. This will not breach the whistleblower provisions unless the reason (or part of the reason) that the company takes these actions is because of the qualifying disclosure.

ASIC suggests that in these situations, the company should handle the employment issue separately from the whistleblower’s qualifying disclosure by:

  • having separate documentation; and
  • ensuring there are different staff members responsible for handling each issue.

More information

ASIC’s new guidance is comprehensive. You can access the full guidance on the ASIC website here.

If you have any queries or would like further information about this article, please contact:

Kathryn Speed
M: 0408 446 013

Ella Wade
T: (03) 6235 5161

Published: 22 July 2020

Copyright © 2020 Page Seager. Privacy Statement Privacy Policy