Book A Demo

To book a demo please complete the form and we will come back to you shortly.



What We Learned from the ASIC Whistleblower Questionnaire: July 2024 to June 2025

ASIC Whistleblower Questionnaire

Australia’s corporate regulator just released the most comprehensive benchmark of whistleblower programmes ever conducted in the region, the ASIC Whistleblower Questionnaire: July 2024 to June 2025 [PDF]. The findings? A wake-up call for every organisation that thinks having a policy is the same as having a programme that works.

ASIC surveyed 134 companies representing thousands of employees across every major industry. They received data on 8,095 whistleblower disclosures and asked hard questions about what’s actually happening when employees try to report misconduct.

Insights from the ASIC Whistleblower Questionnaire: July 2024 to June 2025 reveals a corporate sector struggling with the basics of whistleblower protection—and five critical lessons that every Australian organisation should pay attention to.

1. The “Zero Disclosure Problem” Is Bigger Than Anyone Expected

Here’s the stat that should make every compliance officer nervous: 22% of surveyed companies received zero whistleblower disclosures during an entire year. Including six companies with more than 2,500 employees.

Zero disclosures aren’t a sign of a healthy workplace culture. They’re a red flag that your whistleblower programme isn’t working—that employees either don’t know about it, don’t trust it, or don’t believe anything will happen if they use it.

The data backs this up. Companies with mature whistleblower practices consistently received more reports. The median disclosure rate was 0.22 reports per 100 employees, well below international benchmarks of 0.94 to 2.56 per 100 employees.

When employees aren’t reporting, misconduct isn’t disappearing. It’s just going undetected until it becomes a crisis.

2. Multichannel Reporting Isn’t Optional—It’s Essential

69% of all whistleblower disclosures came through dedicated webpages or hotlines. Yet 36% of companies don’t offer a dedicated webpage, and 20% don’t provide a dedicated hotline.

The impact of this gap is measurable. Across every company size, organisations with dedicated webpages had dramatically higher disclosure rates:

  • Large companies (5,000+ employees): 0.45 median rate WITH webpage vs 0.25 WITHOUT
  • Medium companies (2,500-4,999 employees): 0.23 WITH vs 0.06 WITHOUT
  • Smaller companies (1,000-2,499 employees): 0.20 WITH vs 0.05 WITHOUT

Employees want accessible, purpose-built channels for reporting. When you make them use general HR email addresses or force them to approach managers directly, they simply don’t report. The technology matters because it removes barriers and provides the anonymity that enables people to speak up.

This validates what we’ve seen at Report It Now: independent, accessible reporting infrastructure isn’t a luxury. It’s the foundation of an effective programme.

3. Third-Party Providers Drive Higher Disclosure Rates

82% of companies surveyed in the ASIC Whistleblower Questionnaire engaged external third-party providers as eligible recipients for whistleblower reports. The larger the company, the more likely they were to use external providers—but even among smaller organisations, the adoption rate was significant.

Why does this matter? Because external channels provide something internal systems can’t: independence and perceived safety.

Companies using third-party providers saw higher disclosure rates, particularly when those providers offered dedicated webpages and hotlines. When ASIC controlled for channel availability, the difference narrowed—but disclosers still felt more comfortable reporting to external parties than to internal channels alone.

The lesson here isn’t complicated. Employees reporting serious misconduct don’t want to hand their concerns to the same organisation they’re reporting about. They want an independent pathway that feels separate from internal politics, hierarchies, and potential retaliation.

That’s not a reflection on any individual organisation’s integrity. It’s human nature. And effective whistleblower programmes account for it.

4. Training and Communication Directly Correlates with More Reports

Here’s where many organisations are failing: 25% of companies don’t provide regular training about their whistleblower programme. Another 16% only provide training during induction and never again.

The companies that did provide recurring training saw significantly higher disclosure rates:

  • For large companies: 0.45 median rate WITH regular training vs 0.05 WITHOUT
  • For medium companies (2,500-4,999 employees): 0.20 WITH vs 0.00 WITHOUT

Similar patterns emerged for companies that communicated regularly about their programmes through periodic emails, posters, or intranet articles. Ongoing visibility drove higher reporting rates across all company sizes.

The ASIC Whistleblower Questionnaire findings align with previous Australian research showing that successful whistleblowing processes rely on “high awareness of the processes and high confidence in the overall responsiveness and seriousness of management.”

You can’t expect employees to use a system they don’t know exists or don’t understand how to access. Regular communication isn’t about compliance—it’s about creating a speak-up culture where reporting misconduct is normalised rather than seen as a dramatic last resort.

5. Most Companies Are Failing at Basic Best Practices

The ASIC report revealed systematic gaps in how organisations approach whistleblower protection:

  • 36% have no dedicated webpage for whistleblower reporting
  • 20% have no dedicated hotline
  • 30% don’t regularly review their programme’s effectiveness
  • 58% haven’t sought employee feedback on their whistleblower programme or speak-up culture in the past year
  • 14% have no designated person responsible for protecting whistleblowers from detriment
  • 13% don’t offer counselling or support services to whistleblowers

These aren’t minor oversights. ASIC explicitly identified each of these as problems that likely affect employees’ willingness and ability to make disclosures.

The report also found that just 8% of companies had made referrals to regulators or law enforcement agencies as a result of whistleblower disclosures—a surprisingly low figure given the sample included companies from highly regulated industries.

What does this tell us? That having a whistleblower policy isn’t the same as having an effective whistleblower programme. And most organisations are doing the bare minimum.

What This Means for Australian Organisations

The Corporations Act requires public companies, large proprietary companies, and corporate trustees of registrable superannuation entities to have whistleblower policies. But as this report makes clear, compliance with the law and effectiveness in practice are two very different things.

The ASIC report confirms what the data has been showing: policies don’t protect anyone. Infrastructure does. Training does. Independent reporting channels do.

Organisations that invest in mature whistleblower practices—accessible channels, regular training, external providers, ongoing communication, and systematic programme reviews—consistently receive more disclosures. Not because they have more misconduct, but because they’ve created environments where employees feel safe reporting it before it escalates.

The alternative is the “zero disclosure problem”: silence that looks like compliance but is actually risk accumulating undetected until it becomes a crisis that makes headlines.

The question isn’t whether misconduct exists in your organisation. The question is whether your systems allow you to detect it early—or whether you’ll only find out when it’s too late.

EthicsPro® by Report It Now® addresses exactly what the ASIC data shows is missing: a comprehensive platform combining dedicated reporting channels, secure case management, and the independent third-party oversight that drives higher disclosure rates.

Let’s talk.