The Senate Economics References Committee recently handed down its much-anticipated report on the operation of the Australian Securities and Investments Commission. The report concerns ASIC’s capacity and capability to undertake investigation and enforcement actions arising from reports of alleged misconduct. As has been widely reported in the media, the Committee found that ASIC has “comprehensively failed to fulfil its regulatory remit” and that ASIC has systematically mishandled misconduct reports (including whistleblower disclosures) made to it directly:

ASIC’s response to most reports of alleged misconduct is to take no further action, and only a fraction of reports are investigated. For the matters where ASIC proceeds to take enforcement action, the civil penalties imposed are often at odds with the scale of the offending, and few criminal sanctions are achieved.

The Committee made 11 recommendations in total. Two recommendations, if implemented, are likely to substantially change the scope of Australia’s whistleblower regime and related enforcement. 

Financial incentives to blow the whistle

The Committee recommends that the government investigate introducing financial incentives and compensation for whistleblowers. The proposed regime would operate not only with respect to disclosures made to ASIC, but also internal disclosures made to eligible recipients within a company (eg company directors and officers).

The Committee referred to submissions outlining the impact the whistleblower regime had on reports made to the regulator, including that the reforms to the whistleblower regime in 2019 “coincided with a substantial increase in whistleblower disclosures to ASIC from 278 disclosures (2018–19) to 644 disclosures (2019–20)”. However, the Committee also noted that despite this increase, there was not a proportionate increase in the enforcement actions taken by ASIC.

This is in stark contrast to the regulatory actions taken in the US and Canada (which have comparable whistleblower regimes) where:

• in the US, more than $6.3 billion in monetary sanctions were imposed as a result of information provided by whistleblowers to the US Securities and Exchange Commission; and
• in Canada, their whistleblower program resulted in $44 million in sanctions and voluntary payments over a 5-year period.  

One key difference between those regimes and the one currently in place in Australia is the “cash for information” programs in place in those jurisdictions.  

The data from those jurisdictions suggests that incentive schemes generate valuable information, with whistleblowers being seen to play a “critical role” in the US in the SEC’s enforcement activity.   

The structure of a scheme for incentivising whistleblowers was not dealt with by the Committee. For example, there was no consideration in the report about strategies that should be implemented to discourage false disclosures being made or to reduce the number of ineligible disclosures received by ASIC or a company. If incentives were introduced in Australia, measures to prevent false disclosures should be considered. How such a system would operate in the Australian legislative context remains to be seen. The experience in the US indicates that (if introduced) it would increase the number of disclosures made by whistleblowers. 

ASIC prompted to litigate more and seek tougher penalties

The other key recommendation made by the Committee is that “regulatory authorities adopt an enforcement approach which prioritises the litigation of all serious instances of suspected breaches of corporations law, particularly in cases where consumer losses arise, or could have potentially arisen, from such breaches.”

The Committee was highly critical of ASIC’s approach to enforcement, finding that “corporate law is unenforced,” and that the “evidence suggests that ASIC is not pursuing enough of the ‘right matters’”. 

In the area of whistleblower compliance, we expect that this will include referrals for breach of the victimisation provisions of the Corporations Act. Until now, ASIC’s focus has been on the civil penalty provisions. In its ongoing case against TerraCom, a Queensland coal producer (in respect of statements it made in its ASX releases and one-page notifications published in national newspapers), ASIC elected to pursue civil penalties only. This is the first time that ASIC has sought to enforce whistleblower victimisation protections using its whistleblower-related regulatory powers. That matter is back in court in February 2025 after the parties file their evidence. 

It is notable that the Corporations Act also includes significant criminal offences with respect to the victimisation of whistleblowers. Following TerraCom, and the findings of the Committee, we anticipate that ASIC will seek to use these provisions.

Key takeaways

The Committee was highly critical of ASIC’s approach to investigation and enforcement. In the coming months, we expect to see:

• reforms targeted at encouraging more disclosures; and
• the regulator taking a tougher stance on prosecuting breaches of corporate law, including laws protecting whistleblowers. 

With the whistleblower regime due for its 5-year review following the implementation of the laws in 2019, these recommendations are likely to feature in discussions concerning changes to the regime. Should these reforms and changed approach materialise as expected, the need to ensure that whistleblower policies and processes are compliant and robust enough to manage disclosures effectively to reduce the prospect of external escalation will assume even greater importance.