Published 22 November 2019

In our recent newsletter, we examined some of the key changes of the expanded corporate whistleblowing scheme that has been in force since 1 July 2019.

This week, in part 2 of our newsletter, we will take a look at who is required to have a whistleblower policy under the expanded corporate whistleblower scheme and what is required for the whistleblower policy to be compliant with the legislation.

Who needs a whistleblower policy?

Public companies and large proprietary companies are required to have a compliant whistleblower policy in place by 1 January 2020. A large proprietary company is one which has any two of the following apply:

• The company (including any entities it controls) has 100 or more employees;
• The consolidated revenue of the company (including any entities it controls) for the financial year is $50 million or more; or
• The value of the consolidated gross assets of the company (including any entities it controls) at the end of the financial year is $25 million or more.

Although not all companies are required by the legislation to have a policy, given the substantial changes to the legislation and the significant consequences for non-compliance, we recommend that all companies covered by the expanded corporate whistleblower scheme implement or update their whistleblower policy.

Requirements for a whistleblower policy

To be compliant with the new whistleblower legislation, a whistleblower policy is required to set out the following information:

Protections available to whistleblowers

As outlined in part 1 of our newsletter, whistleblowers are protected under the legislation from any detrimental conduct against them. Whistleblowers are also entitled to make an anonymous report, and have their identity kept individual. A whistleblower policy will need to address these protections.

Who disclosures can be made to and how they can be made

Under the legislation, disclosures can be made to ‘eligible recipients’ which include officers of the company and senior managers. However, companies can also choose to designate who disclosures should be made to. This could include nominating a specific ‘Whistleblower Officer’ to receive disclosures, or could also include reference to an external whistleblowing service. Whoever the company chooses to receive a disclosure  should be outlined in the policy.

How the company will support whistleblowers and the protections that whistleblowers have

Under the legislation, companies are required to ensure that the whistleblower’s identity remains confidential (unless they consent otherwise), and to take reasonable steps to ensure the whistleblower does not suffer any detrimental conduct.

Companies should also consider how else the whistleblower can be supported. This may involve designating a staff member as the ‘Whistleblower Protection Officer’ whose role it will be to protect the interests of the whistleblower. It may also involve making available to whistleblowers an external counselling service or employee assistance program. Whatever support is decided upon should be referenced in the policy.

How protected disclosures will be investigated by the company

It is essential that any whistleblower policy sets out the investigation process that will take place. Key steps in the investigation process that will need to be set out in the policy include who will be conducting the investigation, who will be kept informed of the progress of the investigation, how confidentiality of the whistleblower will be handled throughout the process and what will happen after the investigation has occurred. We recommend that the policy allows for both internal and external investigations.

How the company will ensure the fair treatment of people against whom an allegation is made in relation to a protected disclosure

It is important that if an allegation has been made against any person as part of a whistleblower disclosure, that such a person have an opportunity to respond to the allegation. Further to this, to ensure the person against whom an allegation has been made receives fair treatment, any investigator appointed should be independent of both the accused and accuser. The whistleblower policy will need to outline how your company will ensure the fair treatment of any person accused of misconduct as part of a whistleblower disclosure.

How the policy will be made available to employees and officers of the company

This will vary from company to company, but commonly whistleblower policies are made available on a company intranet, emailed out to staff, or made available on the company’s website.

Consequences of not having a compliant policy

It is a strict liability offence for public companies or large proprietary companies to fail to implement a compliant whistleblower policy by 1 January 2020. In the event of non-compliance, companies may face fines of up to $126,000.

Howe we can help

Having a compliant whistleblower policy is vital for all companies to ensure that the obligations of the expanded corporate whistleblower scheme are met. Working Knowledge is able to assist with preparing a compliant whistleblower policy, as well as being able to assist with staff training in relation to their obligations.

Contact us today on 02 8436 2500 or via email to info@olexo.com.au to get started.

---

This content is general in nature and provides a summary of the issues covered. It is not intended to be, nor should it be relied upon, as legal or professional advice for specific employment situations.

Working Knowledge recommends that specialist legal advice should be sought about specific legal issues.

Published 15 November 2019

In February 2019, the Australian Parliament passed new laws creating an expanded corporate whistleblowing scheme which applies to the majority of companies in Australia. These new whistleblower laws took effect on 1 July 2019, with public companies and large proprietary companies then having until 1 January 2020 to implement a compliant whistleblower policy.

While the amendments seemingly mirror the shifting social expectation for increased accountability of directors and those in senior management positions, they do pose some significant challenges to companies, which need to be navigated carefully. This newsletter will outline some of the key changes of the expanded corporate whistleblowing scheme and what businesses will need to consider in relation to these changes.

Next week, in part 2 of our newsletter, we will examine in greater detail what is specifically required for a whistleblower policy to be compliant with the new legislation.

Expanded Corporate Whistleblowing Scheme

The Treasury Laws Amendment (Enhanced Whistleblower Protections Bill 2019 (Cth) amended the Corporations Act 2001(Cth) (the Corporations Act) and the Taxation Administration Act 1953 (Cth) to create the expanded corporate whistleblower scheme. The overarching purpose of the legislation is to encourage and protect whistleblowing and discourage corporate fraud and misconduct. The amendments incorporate a wider range of misconduct, protects a larger group of people, allows anonymous disclosures, creates more avenues for redress and increases potential penalties for employers. Although the new legislation significantly expands the corporate whistleblower scheme, it does not extend protections to employees simply questioning the business judgment of a company.

Who does the scheme apply to?

The expanded corporate whistleblowing scheme relates to private sector companies or organisations which fall into one of the following categories:

• companies registered under the Corporations Act; 
• banks;
• insurers including life insurance companies;
• superannuation entities or trustees; and
• incorporated associations or body corporates that are trading or financial corporations.

Who can be a whistleblower?

The scope of ‘eligible whistleblower’ has been broadened significantly to include any person who has ever had any relationship with the company. This includes:

• current and former employees, officers including directors or company secretaries, contractors, volunteers, suppliers and associates of the company or organisation or a related company or organisation;
• current and former trustees, or anyone providing services to the trustee, of a superannuation entity; and
• the spouse, relative or dependant of any of the aforementioned individuals.

Who can the whistleblower tell?

To be protected under the provisions, a whistleblower must make a disclosure to a particular person known as an eligible recipient. Similarly, ‘eligible recipients’ now covers a wider range of individuals, who are either part of the company or organisation or a related company or organisation, and includes those designated to receive disclosures as well as senior staff including directors, company secretaries, company officers, senior managers and auditors. It also includes regulators such as ASIC and Australian Prudential Regulation Authority (APRA), a lawyer, and in limited circumstances, journalists and members of Parliament.

An individual can report wrongdoing to a journalist or member of Parliament if it is a public interest disclosure. To fall under this category there are a number of requirements. In general terms, the disclosure must have been previously made to an eligible recipient and no action was taken and most obviously, the disclosure must be in the public interest. An emergency disclosure also warrants disclosure on a public level, whereby the information disclosed poses a substantial or imminent danger to the health of one or more persons or the natural environment.

What disclosures are protected?

Disclosures which are protected under the Corporations Act go outside the realm of solely illegal conduct. A discloser will also be protected where they make a disclosure about ‘misconduct’ or an ‘improper state of affairs’. Misconduct can include things such as failure to comply with a legal duty, gross mismanagement, fraud or other types of criminal behaviour or waste and dishonest or unethical behaviour by an individual. An improper state of affairs can include systemic issues that do not necessarily amount to unlawful conduct. However, personal work-related grievances, meaning any matter relating to a person’s employment or former employment or having implications for them personally, are generally not covered by the new scheme.

The previous ‘good faith’ requirement, which meant that a whistleblower would not receive protections where they had some other motivation for making the disclosure, has been disposed of. Despite having ulterior motives, a whistleblowers will be protected if they have reasonable grounds to suspect information disclosed relates to misconduct or an improper state of affairs.

Protections for whistleblowers

Provided a disclosure made by an ‘eligible whistleblower’ to an ‘eligible recipient’ was based on ‘reasonable grounds’, then that person is protected from any detrimental conduct against them. Detrimental conduct includes a non-exhaustive list of things such as dismissal or demotion, discrimination, harassment or intimidation in the workplace, harm and injury including of a psychological nature and any reputational or property damage.

Further to this, the eligible whistleblower has the right for their identity to be kept confidential, and has the ability to make a disclosure on an anonymous basis.

An eligible whistleblower is also able to make an application to the court seeking compensation if they have been subject to any detrimental conduct. Where an eligible whistleblower seeks compensation because of detrimental conduct, there is a reserve onus of proof during the court proceedings. This means that if a claim is brought seeking compensation, once the whistleblower has established they have suffered detriment, the company will have to prove that a protected disclosure was not even a slight factor in the reason why the detrimental conduct was taken.

Breaching confidentiality of an eligible whistleblower’s identity or causing or threatening them detriment attracts significant civil penalties of up to $1.05 million for individuals and $10.5 million or 10% of annual turnover (up to $525 million) for companies.

Tips for Employers

In response to the expanded corporate whistleblower scheme, employers should consider the following steps to ensure compliance and reduce risk:

1. Recognising the risks

There are some quite significant risks for companies and other people that do not adhere to the obligations in the expanded corporate whistleblower scheme. Failing to protect whistleblowers will come at a significant cost with increased civil and criminal penalties potentially applying where:

• there has been a failure to protect the whistleblower from victimisation;
• the confidentiality obligations to the whistleblower has been breached; or
• a compliant whistleblower policy is not in place.

In these situations, civil penalties of up to $1.05 million for individuals and $10.5 million or 10% of annual turnover (up to $525 million) for companies.

2. Review and update of current procedures

Given the significant changes made to the corporate whistleblowing scheme, it is unlikely that existing procedures will be sufficient to address the responsibilities on companies. A thorough review should be conducted of the requirements under the expanded corporate whistleblower scheme and the procedures that are currently in place, especially in relation to internal information handling.

A one-size-fits-all process is likely to prove ineffective, so employers should consider implementing flexible internal processing procedures for how information is to be handled as well as clearly defining and distributing roles and responsibilities regarding who will be receiving and investigating disclosures by whistleblowers. Creating both an anonymous reporting system and an independent investigating group within a company will likely facilitate an investigation process which is compliant with the legislation. Exercising due diligence and taking reasonable precautions will also be vital in ensuring that a whistleblower does not suffer any detriment in relation to a disclosure.

3. Implement compliant whistleblower policy

At the conclusion of the review of current procedures, companies should codify the agreed upon updated internal procedures in a whistleblower policy. We will address the specific requirements for this policy in part 2 of this newsletter next month.

4. Training for staff

In light of this all-encompassing regime and the severity of associated penalties for non-compliance, it would be prudent for employers to provide training to all management staff who fall under the category of ‘eligible recipients’ as it is these staff who are likely to receive disclosures from whistleblowers. Such training should cover the company’s updated internal processes as well as the obligations for specific persons under the new whistleblower policy. The training should also focus on the importance of the strict confidentiality requirements for whistleblowers throughout the process.

It is also likely to be useful running an all staff training in relation to the whistleblower policy to ensure that staff are informed of how to make a disclosure, what protections apply, how they will be supported if they make a disclosure and the investigation process that will take place.

Closing Thoughts

It cannot be understated the increased compliance burden faced by companies due to the expanded corporate whistleblower scheme. Given the significant penalties involved with contravention of the expanded corporate whistleblower scheme, it is essential that companies take the time to ensure that the proper processes and policy (if relevant) are in place.

Working Knowledge is able to assist companies with understanding their obligations under the expanded corporate whistleblower scheme including preparation of a compliant whistleblower policy.

Next Week

In part 2 of this newsletter, we will look at the requirements for a whistleblower policy under the new legislation. Public companies and large proprietary companies are required to have a compliant whistleblower policy in place by 1 January 2020.

---

This content is general in nature and provides a summary of the issues covered. It is not intended to be, nor should it be relied upon, as legal or professional advice for specific employment situations.

Working Knowledge recommends that specialist legal advice should be sought about specific legal issues.