Skip to content

Six indicia of a strong corporate whistleblower program: new Australian guidance

A new report from the Australian Securities and Investments Commission (ASIC) should prompt companies to consider whether any changes need to be made to align their whistleblower program with ASIC’s proposed “good practices”. 

ASIC has released a report on “Good practices for handling whistleblower disclosures”  which sets out features it found were shared by companies with strong whistleblower programs.

Laws on whistleblowing in Australia – a reminder

In Australia, it is illegal to victimise whistleblowers, or to disclose a whistleblower’s identity (other than through authorised channels or with their consent). 
Public companies and large proprietary companies are also required under the Corporations Act 2001 (Cth) (the Act) to have a whistleblower policy that sets out:

  • the protections available to whistleblowers, including protections under the Act
  • how and to whom disclosures protected under the Act may be made
  • how the company will support and protect whistleblowers from harm
  • how the company will investigate disclosures
  • how the company will ensure fair treatment of employees mentioned in or the subject of a disclosure
  • how the policy will be made available to the company’s officers and employees.

Failure to comply is an offence, and can also result in serious reputational consequences for a company.

ASIC’s six indicia of strong corporate whistleblower programs

ASIC has previously released guidance on the operational arrangements it expects companies to have in place.   This guidance has now been supplemented by the Report, which identifies six indicia of strong corporate whistleblower programs.

1. Strong corporate infrastructure

“Companies with strong whistleblower programs have clearly defined roles and responsibilities, clear systems and guidelines to assess and investigate disclosures and organisational procedures that keep the personal information of whistleblowers safe.”

ASIC have previously provided guidance that each company’s whistleblowing program should align with the nature, scale and complexity of its activities.

Acknowledging this, the Report emphasises that delegates should be known and identifiable to officers and employees in the company and that creating internal systems and guidelines – such as template reports, forms or even whistleblower conversation guides – can promote consistency when handling disclosures.

The Report also notes that the majority of the companies reviewed had in place an additional third party system through which disclosures could be made.

2. Demonstrable culture of supporting whistleblowers

“Companies with strong whistleblower programs consistently promote whistleblowing, to foster a culture where officers and employees feel they are able to make a disclosure and will be supported if they do so.” 

The Report recognises different avenues to promote whistleblowing, including ad hoc communications, eg all-staff emails, team meetings, training, posters and dedicated intranet pages providing access to the different resources available.

Good practices for supporting and protecting whistleblowers include having dedicated support individuals for those considering making a disclosure and guidelines for protecting the whistleblower’s identity.

3. Effective resourcing and training

“Companies with strong whistleblower programs ensure that ‘eligible recipients’ (i.e. persons designated by a company as being able to receive a disclosure) receive regular training.”

Eligible recipients can often be the first point of contact for whistleblowers, and provide valuable and necessary information about the process and next steps required.

Effective training coupled with appropriate resources, such as process maps and standard forms, equip eligible recipients with the tools necessary to respond appropriately and effectively if a disclosure is received.

4. Measuring, reviewing and improving the policy

“Companies with strong whistleblower programs take a structured approach to improving their whistleblower program.” 

ASIC has previously said that a company should periodically review and update its policy, and ensure it is implemented appropriately and consistently carried out in practice.

In this Report, ASIC suggests that a company should use appropriate metrics and indicators to measure the effectiveness of its whistleblower program. The chosen metrics should correspond with the objectives of the company’s program and can provide helpful insights during periodic reviews on what updates may be required to improve the program.

5. Using information from disclosures

“Companies with strong whistleblower programs can show a track record of action and consequence.”

An important part of any whistleblowing program is understanding whether and how a company actually uses information from disclosures, when substantiated, to remedy underlying harms and improve performance by:

  • imposing consistent disciplinary consequences where a disclosure is substantiated
  • sharing anonymised information from disclosures with senior leaders to identify emerging areas of risk, or systemic or cultural issues
  • including high level statistics from the whistleblower program in employee communications and annual reports to support a culture where whistleblowing is encouraged and valued.

6. Executive accountability for the policy and effective director oversight

“Companies with strong whistleblower programs feature individual executive accountability and formal Board oversight.”

ASIC has previously indicated that a company’s board is ultimately responsible for its whistleblower program and that the program should sit within its broader risk management and corporate governance framework.

The Report suggests that accountability for the whistleblower program should be designated to a senior manager of the company and that arrangements for board committee and broader executive oversight should be formalised where appropriate.

Embedding accountability at the highest level promotes greater management engagement with, and interest in, disclosures and may result in additional resources being directed at addressing issues raised in disclosures.


Acknowledging that each company’s whistleblower program should be tailored to the nature, scale and complexity of its activities, ASIC’s latest report provides a snapshot of modern Australian better practice in this area, and a handy yardstick for Australian companies.


A good whistleblowing program is an intrinsic part of a healthy corporate culture. Ensuring that a company's culture supports effective compliance even during an economic downturn was one of ten key challenges identified for in-house counsel and heads of risk in our 2023 Cross-Border White Collar Crime and Investigations Review.