A recent ASIC review has identified good practices for overseeing whistleblower programs, which all directors are encouraged to consider, writes Commissioner Danielle Press.
As a director, you know whistleblowers can come to you with their concerns. But what other responsibilities do you have for your company’s whistleblower program?
In 2022, ASIC conducted a review of whistleblower programs from a sample of seven large firms. In particular, we targeted the firms’ arrangements to handle and respond to whistleblower disclosures, and the level of executive and board oversight of the arrangements. Our report, Good Practices for handling whistleblower disclosures, identifies seven features of a strong whistleblower program and summarises the good practices we observed. For directors the message is clear: your responsibilities go beyond handling the whistleblower disclosures you receive, to overseeing your firm’s whistleblower program.
Boards are ultimately responsible for their firm’s governance and risk management arrangements, including whistleblower policies and programs. Directors have a key role to ensure their firm’s program is useful and effective.
To improve oversight of whistleblower programs, ASIC encourages directors to:
Carefully consider the outcomes they want from their firm’s whistleblower program, and
Ensure the program operates in such a way that those outcomes are achieved.
We encourage directors to ask themselves: How am I overseeing my firm’s whistleblower policy and program? Am I providing informed oversight? Do I have access to sufficient, relevant information to perform my oversight function and to achieve the program’s purposes?
To help directors answer these questions, below are some of the better practices we identified during our review. We expect directors to consider how these practices can be scaled and tailored to suit their operations.
Better practice identified in our review
The sample firms we reviewed were ANZ, AustralianSuper, BHP, CBA, Netwealth Group, Treasury Wine Estates, and Woolworths. Across these firms, we observed a range of practices adopted for their whistleblower programs that reflected differences in both operations and volume of disclosures. The better practices we identified include:
Firms considering how they can actively promote whistleblowing.
Firms consider the objectives of their whistleblower policy and program and identify indicators and metrics to monitor the program’s effectiveness.
Firms have defined roles and responsibilities for the program and its oversight, and clear operational procedures or guidelines.
Boards receiving regular information from executives about how their program is designed and resourced, and how it is operating.
For firms with a higher volume of whistleblower disclosures: executives provide boards with information and updates on the progress and resolution of disclosures that met a defined risk threshold, and details about the total number of disclosures.
Boards receive and consider insights from data analytics or individual disclosures, allowing them to understand any themes and emerging risks across their firm, and to improve operations.
Boards receive regular training or briefings on the firm’s whistleblowing regime, whistleblowing arrangements, and directors’ duties.
Whistleblowing is a key part of a transparent and accountable work culture. Addressing whistleblower disclosures promptly and effectively can also improve overall corporate performance and governance. We refer company directors to ASIC’s Information Sheet 247 Company officer obligations under the whistleblower protection provisions.
ASIC will continue to review firms’ whistleblower policies and arrangements for handling disclosures, including when we receive reports from whistleblowers alleging breaches of the whistleblower protections. We recently commenced proceedings against TerraCom for alleged whistleblower victimization, and will continue to act to protect whistleblowers where we identify serious harm.