On 1 July 2019, the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Act) came into force. The Act broadened the scope of protections and remedies available to whistleblowers, and introduced the requirement for certain companies to have a whistleblower policy in place. We reported on the amendments in March, which you can read about here.
Earlier this month, ASIC released a draft Regulatory Guide for Whistleblower policies. The draft guide comprehensively sets out the information that must be included in a company's whistleblower policy, as well as good practice guidelines on establishing, implementing and maintaining a whistleblower policy. The requirements are extensive, and the regulator has stated its expectation that companies have a "robust" yet "clear" policy to effectively deal with disclosures.
Under the Regulatory Guide, it is suggested that (among other things) a compliant whistleblower policy will need to detail the following:
- who is an eligible whistleblower
- types of reportable conduct
- who is an eligible recipient of a protected disclosure (which includes both internal officers and external advisors such as legal practitioners, regulatory bodies, journalists and parliamentarians)
- a requirement for a designated "whistleblower protection officer", or similar person responsible for protecting or safeguarding disclosers
- a requirement for a separate designated "whistleblower investigation officer" or equivalent responsible for investigating disclosures
- an outline of the measures the entity has in place to protect the confidentiality of a discloser's identity.
ASIC is conducting a consultation period seeking feedback on the proposed Regulatory Guide prior to 18 September 2019.
K&L Gates will be drafting a submission to the regulator providing our perspective based on our experience with assisting clients develop "user friendly" whistleblower policies that are compliant with the requirements under the Act. In our view, the draft Regulatory Guide imposes fairly onerous requirements on companies that are required to have whistleblower policies, and goes further than required to protect whistleblowers and comply with the terms of the Act.
For example, the multitude of roles and responsibilities required to be allocated in a policy could confuse potential whistleblowers, rather than provide a clear and understandable process for making a disclosure. Also, the level of detail required may actually be counterintuitive to achieving the goal of the new laws, being to protect whistleblowers and make the process of disclosure clearer and more understandable to all stakeholders.
As the Regulatory Guide is only in draft form at this stage, in our view, companies ought to be considering and starting work in respect of any updates required to their whistleblower policies/regime. However, companies may not want to finalise the relevant documents until after the final Regulatory Guide is adopted (but prior to the legislative deadline for a compliant policy being adopted, as prescribed under the Act, being 1 January 2020).
If you have any questions about the whistleblower laws and policies, please feel free to contact us.