Search for:

In brief

ASIC has written to public companies, large proprietary companies and trustees of registrable superannuation entities urging them to review their whistleblowing policies to ensure they are compliant with the Corporations Act 2001 (Corporations Act). A copy of ASIC’s announcement relating to the letters is available here.

The warning comes after ASIC reviewed a sample of whistleblowing policies and found that the majority were not compliant with the requirements for whistleblowing policies set out under the Corporations Act.

In particular, ASIC is concerned that a number of the policies contained unclear, incomplete or inaccurate information about how potential whistleblowers can make a qualifying disclosure and about whistleblower protections that are available under the Corporations Act.

ASIC also took the opportunity to repeat its expectation that officers and senior managers of large corporate entities are responsible for ensuring that the entity complies with Australia’s whistleblower protection regime.

ASIC also warned that it intends to conduct further reviews of whistleblowing policies and will consider taking enforcement action in relation to non-compliant policies. For large proprietary companies and other entities that are required to have a compliant whistleblower policy in place under the Corporations Act, failure to have and make available a compliant whistleblowing policy is a strict liability offence that carries a penalty of 600 penalty units for companies (currently AU $133,200).

Key Takeaways

Implementing a whistleblower policy that is both effective and compliant with the robust Australian regime can be difficult, especially in circumstances where companies are trying to fit an Australian specific whistleblowing policy into a global compliance framework. Including all of the recommendations contained in ASIC’s guidance in RG270 will protect companies from a fine from ASIC but can result in a lengthy policy which if not structured effectively may be confusing for employees and not fulfill the objective of encouraging employee to report issues that they have identified.

There are a number of ways for whistleblowing policies to remain user-friendly whilst still being compliant with the Corporations Act, including:

  • through the use of annexures to set out the detailed information required under the Corporations Act. Companies with global whistleblowing policies may also consider dealing with the Australian whistleblowing rules through an Australian specific annexure to existing policies.
  • using the policy to encourage potential whistleblowers to make reports to dedicated third party hotlines or reporting services in an effort to streamline and simplify the reporting process. This must be done in a way that still makes clear that reports made to other eligible recipients under the Corporations Act will also provide the legislative protections to the whistleblower.

ASIC’s warning comes as a reminder to all Australian entities subject to review their whistleblower policies and procedures and ensure they meet the requirements set out under the Corporations Act.

Companies should also train Board members and senior managers, as well as other potential recipients of whistleblower reports, on how their whistleblowing policies work in practice, particularly given ASIC’s comments in relation to their responsibilities. This is especially important given the severe penalties that can result from incorrectly handling whistleblowing reports and breaching confidentiality. In addition to criminal penalties (including up to six months imprisonment for individuals), breaching confidentiality protections could potentially result in the following pecuniary penalties:

  • for an individual, 5,000 penalty units (currently AU $ 1.1 million), or three times the benefit derived or detriment avoided; or
  • for companies, up to 50,000 penalty units (currently AU $11.1 million ), or three times the benefit derived or detriment avoided or 10% of the company’s annual turnover (up to 2.5 million penalty units or AU $555 million).

Those entities that are not ‘large propriety companies’ for the purposes of the Corporations Act (and, consequently, are not legally required to have a whistleblower policy in place), should also look to review their whistleblowing frameworks as the laws and penalties surrounding whistleblower confidentiality and victimisation still apply to those entities under the Corporations Act. These entities should ensure that any whistleblowing policy they have in place aligns with the requirements of the Corporations Act, as any inconsistencies could give rise to breaches of the whistleblower protections.


Georgie Farrant is a partner in Baker McKenzie's Dispute Resolution Practice Group in Sydney and head of the Firm's Compliance & Investigations team in Australia. She has over 20 years of experience in disputes and compliance matters, including working for a regulator and an in-house compliance team.


Michael has more than 15 years' experience as an employment law and industrial relations lawyer, acting for clients in a range of industries, including banking and finance, insurance, health and pharmaceuticals, telecommunications, real estate, media and entertainment, information technology and professional services. He has developed and published compliance programs and best practice policies locally and within Asia Pacific. He is the author and a developer of CCH’s Employment Contracts Manager, a software package that builds and tailors smart employment contracts. He has also authored a large number of chapters in every edition of CCH’s Australian Master Human Resources Guide. Articles written by Michael on employment law topics have appeared in the Melbourne University Law Review, CFO Magazine, Human Capital, Lawyers Weekly, Human Resources, and CCH’s Employment Law Bulletin. He has also spoken at events arranged by the College of Law, Macquarie Graduate School of Management, and various professional associations. He wrote and produced “Dismissal Impossible,” a training video on unfair dismissal and sexual harassment, for the Australian Stock Exchange. Michael regularly conducts employment-related litigation before State and Federal courts and industrial tribunals at an original and appellate level.


Lucienne Gleeson is a partner in Baker McKenzie's Employment Practice in Sydney.


Gareth Austin is a senior associate in Baker McKenzie’s Dispute Resolution practice group in Sydney. He joined the Firm as a Summer Clerk in 2014 and commenced his current role in 2017. Prior to this, Gareth had experience in construction and other commercial practice areas.

Write A Comment