Free tool

Whistleblower policy builder

Generates a draft whistleblower policy aligned with Part 9.4AAA Corporations Act + ASIC RG 270. Mandatory for public companies, large proprietary companies and corporate trustees of RSEs.

Your entityEntity nameEntity type

Multiple offices / sites Offshore operations

Intake channels (select all you'll offer)

Internal emailExternal hotlineOnline portalPostal address

Mandatory

Draft Whistleblower Policy — [Entity]

Applicability: 1 January 2020

Purpose

This policy supports compliance with Part 9.4AAA of the Corporations Act 2001 (Cwlth) . It sets out how [Entity name] ("we") receives, investigates and responds to eligible whistleblower disclosures + protects whistleblowers from detriment.

Who can be a whistleblower

Current + former officers, employees, contractors, suppliers, family members of any of the above + associates within the meaning of s 1317AAA Corporations Act. Anonymous disclosures accepted.

What can be disclosed

Misconduct or improper state of affairs regarding the entity or its officers + employees — including dishonesty, fraud, corruption, illegal activity, danger to the public or financial system, or breach of Australian financial laws. Personal work-related grievances (managed under HR processes) are not 'protected disclosures' but can be raised via this channel — we will route appropriately.

How to make a disclosure

Disclosures can be made to any 'eligible recipient' as defined in s 1317AAC. We offer the following intake channels: - Designated internal email (e.g. whistleblower@example.com.au) monitored by a Whistleblower Protection Officer Disclosures may also be made to ASIC, APRA, AUSTRAC, an Australian Federal Police officer, a registered tax agent or BAS agent, or a lawyer (legal advice is always permitted).

Protections

Whistleblowers are protected from civil, criminal + administrative liability for the disclosure (subject to s 1317AB exceptions). Confidentiality of the discloser's identity is protected — disclosure of identifying information without consent is itself a criminal offence (s 1317AAE). Victimisation is prohibited and attracts civil + criminal penalties.

Investigation process

On receipt: acknowledge within 5 business days. Triage + risk assess. Appoint independent investigator (internal or external) free from conflicts. Document evidence + decisions. Provide periodic update to discloser where feasible without compromising confidentiality. Conclude with findings + remediation actions.

Responsibility

The board oversees the policy. A Whistleblower Protection Officer + Whistleblower Investigations Officer are appointed. Annual report to the audit + risk committee or equivalent. Senior management embed the policy in onboarding + recurring training.

Disclosure to the public or media

Public + emergency disclosures to journalists or members of parliament are protected in specific circumstances (s 1317AAD) — typically after disclosure to ASIC/APRA, when there are reasonable grounds the matter is of public interest or there is substantial + imminent danger.

Policy review

Reviewed annually + on material change to Part 9.4AAA or ASIC guidance (RG 270).