The long awaited reforms to Australian whistleblower laws commence on 1 July 2019. The new legislation will apply to all "companies" (including any Not-For-Profits set up as a company, i.e. registered as public companies limited by guarantee). In addition, all "public" and "large proprietary" companies must have a complying whistleblower policy in place from 1 January 2020.
The new whistleblower regime
The new whistleblower protection laws bring significant changes to the existing whistleblower protection framework. Under the new regime, implemented via the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Cth) which primarily amends the Corporations Act 2001 (Cth) and the Taxation Administration Act 1953 (Cth), whistleblowers will receive greater protections if they report corruption, fraud, tax evasion/avoidance and misconduct.
Further details of the new regime are contained in our earlier corporate alert “Whistleblower laws finally passed”.
What are the main changes?
The main changes under the new laws (discussed further below) are:
- the scope of matters qualifying for protection has been expanded
- the category of individuals qualifying for protection has been expanded and now included ex-employees and their dependants
- anonymous disclosures are allowed and a whistleblower no longer needs to act in “good faith” in order to gain the benefit of the protections
- the scope of persons who can receive disclosures in the workplace has been narrowed to officers and senior managers, with certain emergency disclosure protected where made externally to parliamentarians or journalists
- penalties in relation to victimisation and breaches of the confidentiality obligation have been significantly increased
- the new requirement for certain companies to have a whistleblower policy has been introduced
What types of disclosures are protected?
To be protected, a disclosure no longer needs to be made in “good faith” but must be based on information that the whistleblower has “reasonable grounds” to suspect:
- concerns of misconduct, or an improper state of affairs or circumstances, relating to the company
- breaches particular legislation in the corporate, financial and credit sectors (including, but not limited to the National Consumer Credit Protection Act 2009 (Cth) and the Australian Securities and Investments Commission Act 2001 (Cth))
- breaches of any Commonwealth legislation punishable by 12 months or more
- concerns behaviour which represents a danger to the public, or to the financial system
- concerns conduct that may not be in contravention of particular laws but may still be of a serious enough nature to warrant disclosure, for example conduct that may indicate a “systemic issue”
In addition, the regime specifically excludes "personal work-related grievances" from protection, so that these can still be dealt with under current employment laws and policies.
Who is an "eligible whistleblower" under the new regime?
The new whistleblower regime provides protections to a wider class of people that now includes:
- an employee of the company
- an officer of the company
- an individual who supplies goods or services to the company (whether paid or unpaid)
- an individual who is an “associate” (as defined in the Corporations Act) of the company
- a spouse, child or dependent of any of the above persons
- a former director, officer, employee or contractor of the company
Who can whistleblowers make a disclosure to?
When making a report, a whistleblower can do so:
- internally: to an officer or "senior manager" of the company
- externally: to ASIC, APRA; or any Commonwealth authority prescribed in relation the company – and, if no action is taken after 90 days, they can make a "public interest disclosure" or an "emergency disclosure" to a Member of Parliament or a journalist
There are presently a number of third party providers of whistleblower “hotlines” that can use to co-ordinate the receipt of whistleblower disclosures (and in some instances, conduct the investigation process).
Protections for whistleblowers
The new whistleblower regime strengthens the protections for whistleblowers in the following ways:
- whistleblowers can make disclosures on an anonymous basis
- whistleblowers are provided with immunity so that the information they disclose will not be admissible in evidence against them
- the protections for whistleblowers against victimisation/retaliation are increased
- it is unlawful to engage in conduct that causes detriment to the whistleblower, with “detriment” including behaviours that whistleblowers are often subject to due to their actions such as:
- dismissal
- harassment
- discrimination
- disadvantages in employment, physical and psychological harm
A whistleblower who has suffered damage as a result of victimisation from his or her employer or another person is entitled to compensation for that damage.
Mandatory whistleblower policy
The new regime requires that the following organisations to have a mandatory whistleblower policy in place:
- public companies
- proprietary companies that are trustee of a registrable superannuation entity
- “large proprietary” companies.
Failure to comply with this requirement is a criminal offence and attracts significant penalty of 60 penalty units (currently $12,600 for an individual and $63,000 for a body corporate).
It is important to note that the criteria under the Corporations Act 2001 (Cth) for determining how a proprietary company is considered “large” will double from 1 July 2019. Under the new criteria if, within a financial year, a company satisfies at least 2 of the following 3 criteria, it will be considered “large”:
- consolidated revenue of at least $50 million
- consolidated gross assets of at least $20 million
- at least 100 FTE employees at the end of the financial year
For further information on the new criteria for determining how a proprietary company is considered “large”, see our previous alert "Large proprietary companies" to double in size".
What must the whistleblower policy include?
The policy must contain:
- the protections available to whistleblowers, including the protections available under the legislation
- how and to whom an individual can make a disclosure
- how the company will support whistleblowers and protect them from detriment
- how the company will investigate disclosures
- how the company will ensure fair treatment of employees who are mentioned in whistleblower disclosures
- how the policy will be made available
What to do next?
The commencement of the new whistleblower regime is an opportune time for businesses to start developing a whistleblower policy or update existing policies to ensure they are compliant with the new whistleblower laws.
As external reporting of wrongdoings involves potentially great (reputational) risks to your company, all companies should be considering the measures they have in place to receive and fairly investigate a whistleblower disclosure, including ensuring confidentiality. This allows you to learn about wrongdoings internally, avoiding sensitive information ending up in the public domain.
How can we help?
Russell Kennedy can assist with educating companies on the new whistleblower laws and with updating existing policies or implementing a compliant policy and whistleblower process.
Please contact Rohan Harris, Libby Pallot, Rory Maguire, or Angela Liu from our Corporate & Commercial Advisory team should you require further information or advice on complying with the obligations under the new whistleblower regime.