Who needs a whistleblower policy

The Private Sector

Concerning the private sector, legislative protection has been considerably weaker. The primary provisions were contained in the federal Corporations Act 2004.

In a landmark development the Austrlain Government has passed the Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2018.

The Bill amended  the:

• Corporations Act 2001
• Taxation Administration Act 1953
• Banking Act 1959
• Insurance Act 1973
• Life Insurance Act 1995
• Superannuation Industry (Supervision) Act 1993

We focus on the Corporations Act 2001.

What does the new Whistleblower Legislation do?

Whilst the new law is not without its shortcomings and challenges there are notable amendments.

The new law:

• Enlarges the class of whistleblowers. (A relative, dependant or their spouse are also eligible.)
• Includes former employees and associates as whistleblowers
• Expands the scope of disclosable conduct but specifically excludes personal work-related grievances
• Allows whistleblowers protection whilst remaining anonymous
• Restricts the class of persons in a company who may receive disclosures to an officer, senior manager, auditor, actuary or person authorised by the company
• Creates an offence and imposes heavy penalties for disclosing the identity of a whistleblower without their consent other than in the exceptions provided
• Makes it easier for a whistleblower to seek redress and compensation for victimisation
• Replaces the current ‘good faith’ test with a reasonableness test which requires that the whistleblower have reasonable grounds to suspect misconduct
• Strengthens immunities for whistleblowers
• Provide a means for disclosures to be made to parliamentarians and journalists in matters of public interest or emergency
• Increases penalties up to $200,000 for an individual and $1 million for a body corporate
• Expands the orders that may be made by a court in favour of a person who has suffered loss, damage, or injury as a result of detrimental conduct
• Requires public and large proprietary companies to have a compliant whistleblower policy by the set date and to make it available to their officers and employees (the set date was previously 1 January 2019 but extended to August 2019 (at the earliest) following the third reading of the Bill.)

Amongst other things the policy must contain information about:

• How and to whom disclosures may be made
• What disclosures are protected
• The protections and support available to a whistleblower
• How disclosures will be investigated
• How the company will ensure fair treatment of employees mentioned in the disclosure
• How the policy is to be made available to officers and employees of the company

The new provisions apply varyingly to all companies.

However only public and large proprietary companies are required to have a whistleblower policy. (A large proprietary company is one that has at least two of the following criteria: consolidated revenue of at least $25 million, consolidated gross assets of at least $12.5 million or at least 50 employees within the company and the entities it controls.)

What to do next

• Establish whether and how the new whistleblower legislation provisions apply to you.

Whilst only public and large proprietary companies will be required to have a whistleblower policy, all companies should adopt a whistleblower policy as a matter of good governance.

This will include:

• Reviewing/drawing a compliant whistleblower policy (Companies must check whether the whistleblower policy is at odds with existing internal policies and human resources practices.)

• Determining how best to make the policy available to officers and employees of the company

• Determining how the company will support whistleblowers and protect them from victimisation

• Establishing how and to whom protected disclosures may be made

• Determining and providing practical training to the officers, senior managers and others who will receive disclosures

• Providing those who are to receive disclosures with training so they know how to respond if a protected disclosure is made. (A failure to comply with the legislation can lead to heavy penalties.)

• Determining how the company will support whistleblowers and protect them from detriment

• Establishing how the company will investigate disclosures

• Determining how to ensure fair treatment of employees who are mentioned in disclosures or to whom such disclosures relate

• Ensuring employees are aware of the whistleblower system in place

What does all this mean?

There is now reasonably comprehensive whistleblower legislation covering the public and private sectors which imposes a legal requirement on organisations to have internal policies and procedures not only for facilitating disclosures, but also for protecting and supporting whistleblowers.

Check out Your Call’s Whistleblower Policy Review Checklist for best practice and good governance regarding whistleblowing programs.

In line with the whistleblower legislation an independent external reporting process allows whistleblowers to report misconduct where they may not feel safe or find it impossible reporting misconduct via internal channels. To the extent that a person cannot report misconduct through external means an organisation is exposed to risk and heavy penalties.

Best practice requires that the external and internal reporting options work in collaboration under a Whistleblower Policy.

The Public Sector

Historically, Whistleblower legislation in Australia has focused on the public sector.

The legislation was described by Dr A.J. Brown (Griffith University) as “a tapestry, because it’s got some rich threads, the problem is that there’s no single law which even approaches what would be reasonable best practice. Everybody’s experimented, nobody’s really got a good handle on what best practice would look like.”

Whistleblower protection laws have remained fairly comprehensive for the public sector, with federal and state legislation covering all jurisdictions aimed at ensuring integrity and accountability in the public sector.

Federal and State public interest disclosure Acts :

Whistleblowers Protection Act 1993, South Australia

Whistleblowers Protection Act 1994, Queensland

Public Interest Disclosures Act 1994, New South Wales

Public Interest Disclosure Act 2012, Australian Capital Territory

Public Interest Disclosure Act 2013, Commonwealth

Protected Disclosure Act 2012, Victoria

Public Interest Disclosures Act 2002, Tasmania

Public Interest Disclosure Act 2003, Western Australia

Public Interest Disclosure Act 2008, Northern Territory

The main objectives of these laws are to provide:

• a safe means to report wrongdoing
• appropriate protection whistleblowers
• a framework to properly deal with and fix reported matters

The protection offered to whistleblowers includes protection against victimisation and suffering any detriment.

Whilst the federal and state laws relating to the public sector share these main objectives they are not without shortcomings.

Critics have observed that:

• the reportable wrongdoing is ill-defined and differs between jurisdictions
• anonymous complaints are not always protected
• it is not clear who will be protected and how
• the obligations on agencies themselves differs and is unclear
• the absence of an oversight agency responsible for whistleblower protection

Since 1 January 2020, the Corporations Act 2001 (Cth) (Corporations Act) has required public companies, large proprietary companies,1 and trustees of registrable superannuation entities to have a whistleblower policy. The requirement is set out in section 1317AI of the Corporations Act. A whistleblower policy must cover information concerning:

• the purpose of the policy;
• the protections available to whistleblowers, including protections under the Corporations Act;
• what types of wrongdoing can be reported;
• to whom disclosures that qualify for protection may be made, and how they may be made;
• how the entity will support whistleblowers and protect them from detriment;
• how the entity will investigate disclosures that qualify for protection under the Corporations Act;
• how the entity will ensure fair treatment of its employees who are mentioned in disclosures that qualify for protection, or its employees who are the subject of disclosures;
• how the policy will be made available to officers and employees of the entity;
• any matters prescribed by regulations; and
• the protections provided in the tax whistleblower regime under Part IVD of the Taxation Administration Act 1953 (Cth) (Taxation Administration Act).

An entity that does not have a compliant policy commits an offence: section 1311 of the Corporations Act.

Recent news coverage of a lawsuit concerning allegations of misconduct, bullying and intimidation by a chief executive has highlighted the importance of implementing and following a robust whistleblower policy.

The Australian Financial Review has reported on a confidential letter from a senior executive which raised concerns about alleged misconduct, bullying and intimidatory conduct by the CEO of that company. Within days of receipt of this letter, it was alleged that it had been provided to the subject of the complaint. Irrespective of the truth or substance of the allegations in this particular case, it highlights the important considerations which can arise out of workplace complaints, both in relation to employment policies and whistleblower obligations.

This report serves as a timely reminder to employers of the importance of having a robust and compliant whistleblower policy in place in the workplace, and the need to be mindful of whether it applies in respect of allegations raised in connection with a workplace bullying complaint.

Strict confidentiality is a key component of any effective whistleblower policy. Where a policy has been implemented, employers can best ensure their compliance with any statutory obligations arising under the Corporations Act, and protect themselves from the risk of enforcement action by the regulator, by reviewing their policy and making sure that staff are trained on its contents and practical implications.

ASIC recently wrote to CEOs of public companies, large proprietary companies and trustees of registrable superannuation entities to urge them to renew their whistleblower policies for compliance with the whistleblower protection regime outlined in the Corporations Act.

ASIC expressed concern about a sample of policies which it had reviewed, in particular where they contained ‘unclear, incomplete or inaccurate information’. ASIC reviewed non-compliant policies that:

• merely listed information for the entity’s preferred reporting channels rather than all categories of persons to whom a whistleblower can report misconduct, in order to engage the Corporations Act whistleblower protections;
• inaccurately purported to require whistleblowers to identify themselves or make good faith disclosures in order to qualify for protection; and
• did not describe the available protections fully or accurately.

Whistleblower protections clearly remain a priority area for ASIC. The regulator has indicated that it will be taking an active interest in compliance with the statutory obligations moving forward and relevant entities are on notice.

This article was written by Brad Swebeck, Partner and Amelia Simpson, Law Graduate.

1 A proprietary company is considered a large proprietary company if it has two or more of the following characteristics in a financial year: (a) the consolidated revenue for the financial year of the company and any entities it controls is $50 million or more; (b) the value of the consolidated gross assets at the end of the financial year of the company and any entities it controls is $25 million or more; and (c) the company, and any entities it controls, has 100 or more employees at the end of the financial year: s 45A(3) of the Corporations Act.