On 2 March 2023, ASIC published a report setting out the findings of a 2022 review it conducted of whistleblower programs of seven prominent Australian businesses. ASIC’s report (‘REP 758 Good practices for handling whistleblower disclosures’) can be found here.
The key takeaway from ASIC’s report is that organisations can establish and implement good governance by taking time to consider the interplay between solid whistleblower frameworks and enhanced company culture and performance. Successful organisations accomplish this by promoting and building trust in their whistleblowing regime, and by consistently measuring and testing whether a regime is not only understood by those it applies to, but is effective and consistently executed. Businesses with effective regimes encourage disclosures and tip offs as a useful tool in identifying and addressing emerging risks and negative trends at an early stage.
Fundamental Messages from the Report
- A culture of transparency, accountability and good governance can be fostered by strong policies and procedures that clearly define why, who and how: easily understood roles, responsibilities, processes and consequences can educate and give confidence to employees about speaking up.
- Creating a culture in which employees are encouraged to call out corporate misconduct can be enhanced by implementing an independent third party triage service, as well as secure IT measures to safeguard confidentiality, and appropriate protocols and resources for any necessary investigations.
- Regularly promoting and publicising a company’s approach to both receiving and investigating whistleblowing complaints and protecting whistleblowers in simple and clear terms facilitates a full, frank and fearless environment.
- The need to carefully consider who will have roles and responsibilities within the regime (such as all eligible recipients, even if outside preferred channels), and provide them with proportionate and specialised training and support.
- Measure, measure, measure: as the TerraCom example below illustrates, it is not enough to have a detailed policy in place. Boards and executive management must consistently measure the effectiveness of the policy – specifically, is it understood by staff, is it being followed, is it always affording whistleblowers the type of protections called for by relevant legislation and does it represent best contemporary practice?
- Lessons learned: at the conclusion of a whistleblowing investigation, it is not only important to measure the effectiveness of the whistleblowing regime itself, but to address the harm raised by the whistleblower to improve company and executive performance and culture. In particular, executive performance and accountability can be sharpened by linking remuneration and incentives to an executive’s knowledge and support of the regime; conversely, disciplinary and financial consequences may flow from their involvement in any misconduct identified by whistleblowing investigations.
- Critically, the need for company directors to insist upon the above points. The report is clear in that, although directors do not have express responsibilities for whistleblowing regimes imposed on them by the Corporations Act 2001 (Cth), ASIC’s view is that because whistleblowing falls under the umbrella of risk management and corporate governance, Boards have ultimate responsibility for the effectiveness of their entity’s whistleblowing regime.
Whistleblowing: A Renewed Focus
ASIC has signalled that it is closely watching how Australian businesses implement, maintain and measure whistleblowing policies. The day before the report was released, ASIC announced its first ever action alleging breach of whistleblower protection laws. It has commenced civil penalty proceedings in the Federal Court against TerraCom Limited, an ASX listed mining resources company, and four of its current and former directors and officers.
The claim alleges that a former employee, who had blown the whistle on the alleged fabrication of coal quality certificates, was harmed because the company and its directors made misleading statements in 2020 to the market which effectively denied the whistleblower’s complaint. ASIC alleges that TerraCom’s managing director, CCO (then CFO), former chair and former director and deputy chair failed to prevent the making of the misleading statements, which caused detriment to the whistleblower’s reputation, earning capacity and psychological and emotional state. ASIC also claims that the directors breached their duties to exercise reasonable care and skill by failing to act on an independent investigator’s report into the whistleblower’s allegations.
TerraCom has a detailed whistleblowing policy, which is published on its website. The policy was authorised by its Board, and last reviewed in March 2022. ASIC’s proceedings emphasise, however, that it is not enough to have a policy in place. Companies and Boards must be able to demonstrate that their policy is effective, consistently measured, and properly executed.
What do I do now: Strategies for Your Business
Does your business:
- Have a culture which encourages full and frank disclosures, regardless of seniority, length of tenure, position title or remuneration level?
- Understand and adhere to the strict legislative requirements applicable to whistleblowing in Australia? See here for our further guidance.
- Have a clear and simple whistleblowing policy that is understood by staff?
- Regularly promote and publicise its whistleblowing regime?
- Provide specialised training for staff with defined roles and responsibilities?
- Ensure executive accountability and Board oversight for the whistleblowing regime?
- Have an independent third party triage service, sufficiently secure confidentiality mechanisms and the ability to procure appropriate investigations?
- Regularly and objectively review and test the effectiveness of the whistleblowing regime, and make improvements when required?
If the answer is no to any of the above questions, it is a timely opportunity to take action, avoid the attention of the corporate regulator and put in place good practices for the benefit of both the organisation and its people.