On 2 March 2023, the Australian Securities & Investments Commission (ASIC) published a report on its review of whistleblower frameworks implemented by some of Australia’s largest organisations. The report offers useful guidance on good practices in the management of disclosures under the private sector whistleblowing regime.
Existing guidance
The report is the latest in a series of information and guidance initiatives from ASIC, following various information sheets on the obligations of specific roles, the detailed guidance and practical tips for compliant whistleblower policies it published in Regulatory Guide 270 in November 2019, and the open letter issued to CEOs in October 2021 noting widespread non-compliance with those policy obligations. As our alert flagged at the time, ASIC had identified fundamental deficiencies in the accuracy, completeness and oversight of policy frameworks that required urgent rectification.
This most recent report moves beyond policy compliance towards real world practical implementation. Now that we are nearly four years into the new regime, it offers useful examples and insights into how some of our largest organisations are managing whistleblower disclosures, and how these could be applied to other organisations of all sizes and sectors.
Click to expand image


Investigations and enforcement activity
ASIC has warned that it will continue to act in response to whistleblower reports of alleged breaches, and will consider the full range of enforcement action against those that fail to manage disclosures appropriately. It’s a warning not to be taken lightly: there is regular investigation activity, and on 1 March 2023, ASIC commenced its first civil penalty proceedings for alleged breaches of the whistleblower protection provisions against a company and four of its current and former leaders.
What do you need to do?
ASIC’s report acknowledges there’s no one-size-fits-all approach to managing whistleblower disclosures: each organisation needs to tailor its whistleblower management program to its own size, scale and complexity. And this, of course, is where much of the challenge lies.
In our experience, striking a workable balance between the legal requirements of the regime and the resourcing and operational complexity of the organisation, and doing all of this in a way that is efficient, effective and exemplifies and embeds the organisation’s culture, values and purpose, is an ongoing endeavour. It’s helpful to view ASIC’s guidance materials through this lens.
We have extensive expertise, including on-the-ground practical experience, across the full lifecycle of whistleblower management systems, including framework development, training at all levels, policies, processes, templates and guidance materials for program managers, investigations and enforcement activity. Please get in touch if we can help to elevate your whistleblower management system in line with this guidance, or for an external review of how it measures up.