Back to Insights

It’s A Blow Up: New Whistleblowing Policy Requirements In Effect From 2020

Dec 2019

Updated laws in the Corporations Act will require certain companies to have in place a compliant whistleblower policy before the 1st of January 2020.

ASIC has also provided explicit guidance on the new laws and on what it expects a policy to contain. The updated laws and guidance go beyond the existing regime, with a view to providing better whistleblower protections and processes than the legislation currently provides.

Given the new laws and associated guidelines, it is unlikely that existing whistleblower policies will comply with the new requirements. It is critical therefore that affected businesses put in place new or updated policies as a matter of urgency.

What are the new laws?

The new provision, s1317AI of the Corporations Act, requires all public companies (including all listed companies), large proprietary companies, and proprietary companies that are trustees of a registrable superannuation entity, to have a compliant whistleblower policy in place. A large proprietary company is a company that satisfies at least two of the following:

  • has a consolidated revenue of over $50 million in a financial year;
  • consolidated gross assets of $25 million or greater;
  • employs at least 100 employees.

If a company qualifies under the provision at the conclusion of any financial year, it must implement a policy within 6 months of the end of that financial year.

Failure to have a policy in place from 1 January 2020 is a strict liability offence. ASIC expects the policy to be made available on a business’ website, and has advised that it will be undertaking surveillance and monitoring on an ongoing basis.

What does the whistleblower policy have to include?

The Government and Regulators policy intent is clear: Whistleblower policies are important for sound risk management and corporate governance, and provide important means of uncovering misconduct that would otherwise go undetected. This is because disclosing wrongdoing can expose whistleblowers to great personal and financial risk. Comprehensive and clear policy may minimise such risk by protecting the whistleblower and encouraging disclosure.

Broadly, a good whistleblower policy should provide information about the legal protections available to whistleblowers, indicate how a company will investigate whistleblower disclosures, and outline how the company will protect whistleblowers from detriment.

ASIC has released Regulatory Guide 270 (RG 270) to assist in creating an effective whistleblower policy and to ensure compliance with legislative requirements. Notably, RG 270 makes clear that ASIC expects policies to be broader than the strict legislative requirements. These additional requirements include setting out whistleblower eligibility under the Corporations Act and Taxation Administration Act, a provision allowing whistleblowers to make emergency disclosures to journalists or Members of Parliament, and a provision indicating to whom whistleblowers may make a disclosure.

RG 270 also contains a number of ‘good practice’ recommendations, although ASIC acknowledges that the nature and extent of a whistleblowing policy and procedures can be tailored having regard to the nature of the business.

Hazelbrook Legal can advise on and assist in putting an appropriate whistleblower policy in place. Please don’t hesitate to contact us if you would like to discuss further.

Material in this article is available for information purposes only and is a high level summary of the subject matter. It is not, and is not intended to be, legal advice. You should first obtain professional legal advice prior to taking any action on the basis of any information contained in this article. This article is copyright. For permission to reproduce this article please email Hazelbrook Legal:

Contact Home

Welcome Internet Explorer User

We've noticed you're using Internet Explorer, so some things may not look quite right — For the full site experience we recommend visiting in a modern browser such as Chrome.