ASIC calls on Australian companies to adopt better practices to protect whistleblowers

At a glance

• ASIC has published a report on its review of whistleblower practices across Australian companies.
• The report reveals gaps including poor training, limited feedback and weak reporting channels.  
• The regulator is urging businesses to improve whistleblower protections and compliance with legal obligations. 

Recognising the importance of effective whistleblower policies and programs, the Australian Securities and Investments Commission (ASIC) has undertaken a project to benchmark whistleblower practices of 134 companies across 18 industries in Australia and how well companies have progressed in adopting the practices outlined previously by the regulator. 

ASIC's objectives for the project were to understand the level of compliance with statutory requirements, measure companies’ adoption of practices outlined in previous regulatory guidance, and to understand to what extent practices are scalable. 

In December 2025, ASIC published a report on the outcome of its project - Insights from the ASIC Whistleblower Questionnaire.    The report finds that the adoption of good practices and the outcomes of whistleblower programs vary significantly. It acknowledges that there is no single approach to implementing a whistleblower program, and what is appropriate and effective will depend on the company.  However, ASIC found large differences between companies in investigation timeframes and substantiation rates and that many companies had not adopted best practices such as: 

• Providing a dedicated whistleblower webpage or hotline to raise concerns.
• Providing regular training to staff about the whistleblower programme.
• Seeking feedback from employees on their whistleblower program.  

The report observes that the absence of best practice likely affects the willingness and ability of people to make whistleblower disclosures.   ASIC encourages companies to benchmark themselves against the report findings and to review and improve their whistleblower policies and practices.   The report identifies key actions for companies to consider when conducting a review such as offering multiple, accessible whistleblower reporting channels, providing regular training, and ensuring strong governance practices. 

Companies are reminded that they are required to provide specific protections for whistleblowers and to manage whistleblower disclosures confidentially. Proper whistleblower policies should reflect these protections and outline how the employers will support and protect whistleblowers. 

For its part, the regulator says it will remain focused on supporting businesses to adopt good whistleblower practices. It will engage with companies which have been identified as having non-compliant or less mature practices, encouraging them to improve their whistleblower frameworks and practices.