by Rachel Nicolson and Katie Gardiner · 4 June 2024
Does your organisation have a trusted whistleblower program?
Under corporate and public interest disclosure legislation, organisations have obligations in relation to how they handle whistleblower information and ensure that people who speak up or intend to speak up are not subjected to detrimental conduct for doing so.
Public companies, large proprietary companies and proprietary companies that are trustees of a registrable superannuation entity must also have a compliant whistleblower policy that provides information including in relation to how the company will investigate disclosures that qualify for whistleblower protection.
What is next for boards?
- Boards should ensure there is formal reporting from management to the board or a sub-committee of the board in relation to the company whistleblower program.
- Boards that ensure frequent and specific (but de-identified) reporting of information in relation to whistleblower reports and their outcomes will have greater visibility and insight into the organisation's overall risk and exposure.
- Understanding where problems lie can also enable boards to strategically focus on proactive measures to prevent wrongdoing in the first place.
- Boards should also ensure that they and the senior executive team are adequately trained on their whistleblower obligations.
What are the risks to be aware of?
- Failing to have a trusted whistleblower mechanism or act on disclosures adequately can lead to serious risk to the organisation or allegations being raised externally such as to regulators or the media.
- There is a legal risk of regulatory enforcement action where companies do not comply with whistleblower laws and ASIC currently have civil penalty proceedings on foot.
- ASIC has conducted a number of reviews of company whistleblower programs, including by way of issuing statutory notices to produce, and has indicated that it intends to conduct further reviews.