Whistleblower Compliance

Recent action by the Australian Securities and Investments Commission (ASIC) has made it clear that it is serious about Whistleblower compliance and that Employers need to keep on top of its compliance actions.

ASIC has commenced the first case under the amended whistleblower protections in the Corporations Act, seeking civil penalties against mining company, TerraCom Limited. ASIC alleges that TerraCom caused detriment to an employee whistleblower who alleged falsification of coal quality certificates by making misleading public statements denying the allegations and stating that it had independently investigated the allegations.  ASIC alleges that the statements caused detriment to the whistleblower’s reputation.

It is important to remember that even though it is only public companies, large proprietary companies and corporate trustees of registrable superannuation entities who must have a whistleblower policy, all Australian companies must comply with the whistleblower protection provisions in the Corporations Act.  It is therefore advisable that all companies have a policy in place to assist with compliance.

ASIC has identified in its Good Practices for Handling Whistleblower Disclosures report that good whistleblower practices will involve:

1. Strong foundations

   – not only a comprehensive policy but a system where roles and responsibilities are clear, there are documented procedures for assessing, triaging and investigating disclosures, IT resources are used for security of confidential information and possibly external resources engaged as additional eligible recipients for disclosures

2.   Support for whistleblowing and whistleblowers

   – active and regular education using a variety of methods about when and how to make disclosures, appointment of people responsible for proactively supporting and protecting whistleblowers, assessment of risks of whistleblower identity being divulged or of detriment to a whistleblower and preparation of guidelines or checklists to control risks identified

3.   Training

   – particularly for those who are eligible recipients of disclosures, those who investigate and those responsible for ensuring legal compliance including confidentiality, anonymity and that there is no detrimental action against whistleblowers

4.   Monitoring, reviewing and improving

   – many organisations will have had a policy in place for some time now and have received and managed disclosures enabling them to implement processes to review and assess ways to improve management and processes

5.   Effective use of information from disclosures

   – although it is important to investigate disclosures where possible to identify and address or remedy issues ASCIC has highlighted that this can be difficult where a focused investigation may compromise a whisteblower’s anonymity.  It may be necessary to ‘think outside the square’ and, for example, conduct a cultural review and use those findings as a catalyst for further investigation.  Analysis of data of disclosures to reveal any emerging areas of risk and sharing this information with senior leaders, with appropriate de-dentification, should be considered

6.    Embedded executive accountability for the whistleblower program

   – ASIC encourages firms to consider designating an accountable senior manager for its whistleblower program potentially with broader executive oversight and what information they receive, or need to receive, to discharge their accountability

7.   Effective Director oversight

   – this will involve clarifying which Board committee will have oversight of the policy and program and considering the frequency, type and level of information management should provide to that committee. ASIC considers that a firm’s board is ultimately responsible for its whistleblower policy and program as part of its broader risk management and corporate governance framework

We recommend that Employers do a preliminary audit against this list and take action to address any ‘gaps’ as a priority.

Edge Legal

Relationships.  Respect.  Results