Earlier this week, the Australian Securities and Investments Commission (ASIC) released guidance to help companies meet their obligations under the new whistleblower reforms.
“Robust and transparent whistleblower policies are essential to achieving sound risk management and corporate governance,” Commissioner John Price said, in an official statement.
“Whistleblower policies will influence behaviour and corporate culture in positive ways—for example, by encouraging greater disclosures of wrongdoing and by deterring people from doing the wrong thing. They play a crucial role in achieving a more fair and accountable corporate environment.”
Regulatory Guide 270 Whistleblower Policies is intended to help companies meet their obligations. Its key components, highlighted by the corporate regulator, include:
Types of matters covered by a policy.
Who can make and receive a disclosure?
How to make a disclosure.
Legal and practical protections for disclosers.
Investigating a disclosure.
Ensuring fair treatment of individuals mentioned in a disclosure.
When addressing the importance of whistleblower policies, the Guide states:
Transparent whistleblower policies are essential to good risk management and corporate governance. They help uncover misconduct that may not otherwise be detected. Often, such wrongdoing only comes to light because of individuals (acting alone or together) who are prepared to disclose it, sometimes at great personal and financial risk.
In the section entitled Requirement to have a whistleblower policy, the Guide lists some of the essential elements that need to be listed in a whistleblower policy:
the protections available to whistleblowers, including protections under the Corporations Act;
to whom disclosures that qualify for protection under the Corporations Act may be made, and how they may be made;
how the entity will support whistleblowers and protect them from detriment;
how the entity will investigate disclosures that qualify for protection under the Corporations Act;
how the entity will ensure fair treatment of its employees who are mentioned in disclosures that qualify for protection, or its employees who are the subject of disclosures;
how the policy will be made available to officers and employees of the entity; and
any matters prescribed by regulations.
The Guide also highlights the regulator’s expectations as to what these whistleblower policies should look like for companies. That is, a whistleblower policy:
is aligned to the nature, size, scale and complexity of the entity’s business;
is supported by processes and procedures for effectively dealing with disclosures received under the policy; and
uses positive tone and language that encourages the disclosure of wrongdoing.
The Guide also indicates the expectation that regulated entities should implement the policy throughout their organisation and should have arrangements in place to review and update the policy to ensure any issues are identified and rectified.
Earlier this month, the GRC Professional Podcast spoke to Nathan Luker of YourCall about the changes he has seen in companies’ approaches to whistleblowing.