ASIC Whistleblower Policy Requirements More Onerous but 1 January Deadline Remains

What has happened?
ASIC has released Regulatory Guide 270 for Whistleblower Policies (see here). Despite concerns raised that the Guide's requirements are onerous and will require companies to once again amend their policy to ensure compliance, ASIC has not extended the 1 January 2020 deadline.

Following amendments to the Corporations Act earlier this year, public companies, large proprietary companies and proprietary companies that are trustees of registrable superannuation entities must have a Whistleblower Policy in place from 1 January 2020.

The Corporations Act prescribes that a Whistleblower Policy must cover information about: 

• the protections available to whistleblowers
• to whom disclosures that qualify for protection may be made and how they may be made
• how the entity will support whistleblowers and protect them from detriment
• how the entity will investigate disclosures
• how the entity will ensure fair treatment of its employees mentioned in disclosures and its employees who are the subject of such disclosures
• how the policy will be made available to officers and employees of the entity
• any matters prescribed by regulations.

The Regulatory Guide now introduces additional requirements in relation to the content of policies (some of which were inferred, but not prescribed by the Act) including that a Policy must include:

• a brief explanation about the purpose of the Policy
• the types of wrongdoing that can be reported
• the types of matters not covered by the policy (eg personal work-related grievances)
• information about who a discloser can contact to obtain additional information before making a disclosure
• how to make a disclosure, and the different options available for making a disclosure
• information about how to access each option, along with the relevant instructions
• the key steps an entity will take after it receives a disclosure, including how it will keep a discloser informed and how it will document, report internally and communicate to the discloser the investigation findings
• how the entity will ensure its policy is widely disseminated to and easily accessible for disclosers (including by making the policy available on its public website).

The additional requirements introduced by the Regulatory Guide are onerous and prescriptive and unfortunately appear to be a shift away from "user friendly" policies that can be easily accessed and understood by employees and other eligible whistleblowers.

What Does it Mean? 
Companies are required to have a Whistleblower Policy in place by 1 January 2020. Failure to do so is an offence.

If your company has introduced a new Whistleblower Policy since the new laws came into effect on 1 July 2019, this policy may now need to be reviewed again to ensure compliance with the Regulatory Guide.

If your company still does not have a Whistleblower Policy or has not reviewed its Whistleblower Policy since the new laws came into effect in March, now is the time to act.

Now What?
We encourage all companies required to have a Whistleblower Policy in place by 1 January 2020 to review their policy for compliance with both the Corporations Act and ASIC's Regulatory Guide.

Our team is well placed to assist in this review and ensure that new or updated Whistleblower Policies interact appropriately with a company's existing complaints and grievance procedures.

For background on the topic, see our earlier article ASIC Releases Draft Whistleblower Policy Guide.