ASIC immunity to whistleblowers

By Felicity McMahon, George Blades, Kathryn Hender, Joy Jin
ASIC Competition law Consumer law Financial Services

Immunity from 'market misconduct' provisions 8 min read

In a significant enforcement move, ASIC has released a new 'immunity policy' which closely resembles the ACCC's cartel immunity policy.

The policy provides immunity from the 'market misconduct' provisions (including insider trading, false and misleading conduct and dishonest conduct) to the first person who reports the misconduct to ASIC where multiple persons are involved. The immunity is from both civil penalties and criminal prosecution. Importantly – and different to the cartel immunity policy – ASIC's policy allows only individuals (not companies) to seek immunity.

The provisions covered by the ASIC policy will pick up, in one way or another, a very wide variety of situations affecting the providers of financial products and services and market participants.

The policy appears to draw on the successes of the cartel immunity (and leniency) policies around the world which have encouraged cartelists to expose cartels. Experience shows immunity policies have been an effective way for regulators to detect conduct that is otherwise difficult to detect.

The benefits of cooperating with ASIC were previously limited to those stated in ASIC's Information Sheet 172 (INFO172). The immunity policy provides benefits of a much greater concreteness. It remains to be seen to what extent it will encourage individuals who have engaged in misconduct to come forward.

Conditions for immunity

The immunity policy includes conditions in respect of the particular conduct, the individual and the individual's immunity application:

in respect of the conduct:
  • it must contravene (or potentially contravene) a provision in Part 7.10 of the Corporations Act – this includes:
    • insider trading, market manipulation, false trading and market rigging; and
    • dishonest conduct and false and misleading conduct in relation to financial products and services;
  • it must involve one or more persons other than the immunity applicant – 'person' includes companies. While the policy doesn't state the minimum necessary 'involvement', it would seem logical the involvement must be sufficient to attract liability under the market misconduct provisions. This level of involvement would include being 'knowingly concerned' in the misconduct (see, eg, ss 79 and 1317E(4) of the Corporations Act);
  • the individual applicant must be involved in, but not the instigator of, the conduct – the policy says the level of involvement in the conduct cannot rise to its 'instigation'. This appears to be similar to the concept of 'ring leader' in the cartel immunity policy context. The applicant must also not have 'coerced' the involvement of another person;

Through the immunity policy, ASIC signals a preference for the detection of misconduct over and above every person responsible for that misconduct being held to account.

in respect of the individual, they must:
  • admit involvement in the misconduct, including by providing a 'proffer' (ie a written description of the misconduct);
  • provide 'full and frank' cooperation throughout ASIC's investigation and any ensuing court proceeding – the necessary degree of cooperation is likely to be extensive. It includes continuously updating the proffer with any new or corrected information, attending interviews, providing documents and giving evidence. In the cartel context the ACCC has relied heavily on the immunity applicant, including where it is a company procuring the cooperation of witnesses as well as providing documents throughout the course of the investigation and court proceedings;
  • forfeit any profits of the misconduct and, if ASIC considers it appropriate, make restitution to any victims of the misconduct;
in respect of the immunity application:
  • it must be the first application in relation to the conduct – ASIC's policy does not provide for immunity or 'tiered' leniency for second and third applications, as is the case in some foreign jurisdictions. It is similar to the ACCC's cartel immunity policy, which grants one immunity 'marker' and offers less concrete leniency for cooperation (although in rare situations this leniency can be complete immunity).

    In the cartel context, often a person considering an immunity application will want certainty they are first before coming forward. ASIC's policy accommodates this. It refers to the ability of the applicant or their lawyers to 'approach' ASIC and request the issue of a marker, essentially preserving the applicant's status in line. This request can be on a 'hypothetical' and 'anonymous' basis but must include information sufficient to allow ASIC to determine whether a marker has already been issued for the same conduct;

  • ASIC can't already have commenced an investigation into the same conduct – this may in practice be similar to the ACCC's cartel immunity policy which provides that the ACCC will generally not grant civil immunity if the ACCC is already in possession of evidence that is likely to establish at least one contravention of the Competition and Consumer Act.

    In the case of criminal action, the Commonwealth Director of Public Prosecutions (CDPP) is responsible for granting immunity, much like the ACCC cartel immunity process. ASIC will make a recommendation to the CDPP as to whether immunity from prosecution should be granted. This is the same as the process for immunity from prosecution for criminal cartel offences, which is dealt with in the Prosecution Policy of the Commonwealth.

Immunity process

The process for attracting immunity may be depicted as follows:




Scope of the immunity

The immunity provided under the ASIC policy extends to civil penalty proceedings and criminal prosecution1 of the provisions of Part 7.10 of the Corporations Act. The policy also refers to the possibility of criminal immunity provided by the CDPP extending to 'other Commonwealth offences connected with the Pt 7.10 offence of offences'. Examples of these offences are stated to include ancillary liability offences (eg aiding and abetting), breach of director's duties, false accounting and money laundering.

The immunity does not extend to administrative and compensation actions. ASIC preserves its ability to disqualify an individual from managing a company and revoke, or vary the conditions of, a licence. And ASIC, or a private litigant, may still take action against the individual for compensation of loss resulting from the misconduct.


The policy seeks to assist the individual applicant by providing for confidentiality. It states ASIC will use 'best endeavours to protect any confidential information provided', including the applicant's identity except as required by law, and will even notify the applicant before the disclosure of confidential information if disclosure is required.

Similar to the ACCC's cartel immunity policy, the ASIC policy requires the applicant and their lawyers to keep confidential the fact the applicant has applied for immunity.

Comment: a distinct shift in ASIC's enforcement strategy

ASIC's immunity policy marks a distinct shift in ASIC's enforcement strategy. Through the immunity policy, ASIC signals a preference for the detection of misconduct over and above every person responsible for that misconduct being held to account.

Experience suggests that a great proportion of ASIC investigations of financial services providers involve, in some way, an alleged contravention of some part of Part 7.10 of the Corporations Act, particularly suspected false or misleading conduct in relation to a financial product or services or dishonest conduct in relation to a financial product or service. As the policy encompasses immunity from penalties under Part 7.10 and also other contraventions of federal legislation administered by ASIC that are connected with Part 7.10 contraventions, the policy has the potential to cover a very broad range of misconduct across the financial services industry.

A marked point of distinction between this immunity policy and the ACCC's cartel immunity policy is that ASIC's policy only applies to individuals. The ACCC's policy encourages companies, when cartel conduct is identified (eg in compliance activities and audits), to apply for immunity, and the ACCC can grant 'derivative' immunity to related bodies corporate or employees of the applicant. ASIC's policy will not have the same effect.

This can also be contrasted with concrete incentives provided to companies (not individuals) that self-report foreign bribery concerns under Part 9.47 of the US Attorneys Manual. That policy provides a 'presumption of declination' (absent aggravating circumstances) for companies that self-report foreign bribery, cooperate with investigations and remedy compliance systems, and otherwise provides for very significant discounts on penalties. It is informed by a philosophy that one of the most powerful ways of combatting corporate misconduct is by holding accountable all individuals who engage in wrongdoing.2 It relies on corporate self-reporting to facilitate prosecution of individuals.

The practical effect of this new policy is that individuals will be incentivised to make a disclosure to ASIC in the first instance, rather than make a report to the company under the company whistleblower policy.

The policy also extends beyond the statutory whistleblower protections that are afforded to individuals who make qualifying disclosures (to ASIC or other specified eligible recipients) under Part 9.4AAA of the Corporations Act. Under that Part, individuals are shielded from civil and criminal liability in relation to having made a qualified disclosure, but are not immune from liability arising from any contravening conduct they have been involved in. The practical effect of this new policy is that individuals will be incentivised to make a disclosure to ASIC in the first instance, rather than make a report to the company under the company whistleblower policy.

It is also noteworthy to consider the operation of ASIC's immunity policy in the context of the new breach reporting obligations, commencing 1 October 2021. The new obligations require more breaches (and potential breaches) to be reported to ASIC, and often earlier, than the current s912D obligation requires. The heightened reporting context may serve as a further incentive for individuals to come forward early. Companies may experience internal investigations to come under additional pressure from individuals applying for immunity.

ASIC has drafted its policy to offer concrete benefits to would-be immunity applicants. While the immunity policy doesn't go as far as to protect applicants from all detriment flowing from their disclosure (eg detriment flowing from compensation orders – as do immunity policies in some foreign jurisdictions), the benefits of immunity from civil penalty and criminal prosecution are likely to weigh heavy. How effective the policy will be will likely depend on the perceived value of the 'carrot' on offer, particularly in practice.


  1. Subject to the discretion of the Commonwealth Director of Public Prosecutions under section 6 of the Prosecution Policy of the Commonwealth.

  2. US Attorneys Manual 9.287.