What is Required?
Under the whistleblower protection amendments to the Corporations Act 2001 (Cth) (which came into effect on 1 July 2019), all public companies, large proprietary companies and corporate trustees of registrable superannuation entities were required to have a whistleblower policy in place from 1 January 2020. For background on the topic, see our earlier article ASIC Whistleblower Policy Requirements More Onerous but 1 January Deadline Remains.
The new laws require whistleblower policies to include the following information:
(a) the protections available to whistleblowers
(b) to whom whistleblower reports can be made, and how
(c) how the company will support whistleblowers and protect them from detriment
(d) how the company will investigate disclosures that qualify for protection
(e) how the company will ensure fair treatment of employees of the company who are mentioned in disclosures that qualify for protection, or to whom the disclosure relates
(f) how the policy is to be made available to officers and employees of the company.
So did ASIC's Guidance Material Change Anything?
In November 2019, ASIC published Regulatory Guide 270: Whistleblower policies. RG270 set out significant additional content which ASIC says must be included for a whistleblower policy to be compliant. This includes:
(a) a policy purpose statement
(b) criteria for how a discloser will qualify for protection, and when a disclosure will not be protected, including information about personal work-related grievances and when such grievances qualify for protection under the policy
(c) practical measures taken by the entity to protect whistleblowers, as well as the legal protections available
(d) how the entity will document, report internally and communicate the findings of an investigation to the discloser, and that the entity will provide regular updates to the discloser.
So, What Next?
If your policy has not been reviewed to take into account the requirements of the guidance materials issued in November 2019, we recommend that you do so as soon as possible. RG270 recommends that entities conduct upfront and ongoing education and training regarding its whistleblower policy, processes and procedures to every employee, as well as specialist training to staff members who have specific responsibilities under the policy (such as investigation officers and people eligible to receive disclosures).