Does your whistleblower policy comply with the Corporations Act 2001?

By Robyn Ferguson and Andrew Tobin / 17 December 2021

Partners Robyn Ferguson, Andrew Tobin and Solicitor Lily Robinson consider the legal requirements of the whistleblower regime, the deficiencies identified by the Australian Securities and Investments Commmission's (ASIC) review and the recommendations made by ASIC. 

During 2020, ASIC undertook a review of 102 whistleblower policies in order to understand how entities have been responding to the whistleblower protection regime introduced in July 2019.  Please refer to our previous alert, Whistleblower reforms now passed: what you need to know, for a general overview of the regime.

This review identified a general gap between the legal requirements of the regime and the implementation of these requirements in published policies.

On 13 October 2021, ASIC wrote a letter to the CEOs of public companies, large proprietary companies and trustees of registrable superannuation entities encouraging them to internally consider whether their current whistleblower policies comply with the requirements of the Corporations Act 2001 (Cth) (Corporations Act).

Corporations Act requirements

The Corporations Act requires entities to implement and publish a whistleblower policy that includes information about:

  • the protections available to whistleblowers;
  • how to make a qualifying disclosure, including to whom;
  • your entity’s measures to support and protect whistleblowers;
  • how your entity will investigate whistleblower disclosures and ensure fair treatment of employees named in disclosures or to whom such disclosures relate; and
  • how the policy will be made available to officers and employees.

Summary of ASIC findings

ASIC identified three major deficiencies in the reviewed whistleblower policies:

  1. Incomplete or inaccurate information. Approximately 1/3 of the policies reviewed contained incomplete or inaccurate information, including information about legally enforceable protections available to whistleblowers.
  2. Obsolete and out-of-date policies. Approximately 40% of the policies reviewed did not sufficiently summarise the threshold criteria for whistleblowers to be eligible for protection.  Further, many policies did not fully describe who a whistleblower can report to.
  3. Policies without oversight arrangements. Approximately 1/3 of the policies reviewed did not disclose whether the relevant entity had arrangements in place to monitor the effectiveness of its policy.


In light of these deficiencies, ASIC has recommended entities:

  • clearly articulate how a person can make a disclosure that qualifies for the legal protections, including to whom; 
  • update (if necessary) their whistleblower policy to ensure compliance with the current regime; and
  • accurately describe the legal rights and remedies whistleblowers can rely on when making a qualifying disclosure. This includes identity protection, protection from detriment, compensation and other remedies, and civil, criminal and administrative liability protection.

ASIC Commissioner Sean Hughes has advised that, in addition to monitoring compliance generally, one of ASIC’s priorities for 2022 is to review a selection of whistleblower programs of regulated entities to understand how practices are developing to address the reforms. In particular, how entities are using information from disclosures to address issues or misconduct and make appropriate changes to their operations, and to observe the level of board and executive oversight of whistleblower programs.

Key Takeaways

ASIC plans to conduct a further review of whistleblower policies in the future and will consider the full range of regulatory tools available, including enforcement action, where they identify non-compliance. ASIC Commissioner Sean Hughes has stated “If the issues we observed from our review are present in your policy, we expect you to address and correct them without delay.”

If your business does not have a whistleblower policy in place, or has a policy that has not been reviewed since ASIC Regulatory Guide 270 was published in November 2019, now is the time to review your obligations and ensure compliance.

Expert assistance with managing whistleblower requirements

For further information and discussion of whistleblower requirements, please contact HopgoodGanim Lawyers’ Corporate Advisory and Governance or Workplace and Employment team.

HopgoodGanim Lawyers’ whistleblower service provides employers a 24/7 dedicated email and telephone service for employees to contact to discuss and report their complaint or issue under the company’s whistleblower policy. Our legally qualified and experienced advisor explains the whistleblower policy to the employee, the processes to be followed and, as far as is possible, captures the relevant factual detail for your action.  For further information on the whistleblower service, contact Andrew Tobin


Robyn Ferguson
Robyn is a Partner in our Corporate practice with significant experience advising Australian corporations and their respective boards and senior management on capital raisings, IPOs, takeovers, mergers and acquisitions and compliance.
Andrew Tobin
Andrew is a Partner and the head of HopgoodGanim Lawyers’ Workplace and Employment practice.

What’s new

Receive email updates of our new publications.