Jacquie Seemann and Sonya Parsons

The impact of new whistleblower protections on employers

Jacquie Seemann and Sonya Parsons

18 March 2019

Employment Policies

The Federal Parliament has passed legislation which will primarily amend the Corporations Act 2001 (Cth) and the Taxation Administration Act 1953 (Cth) to consolidate and broaden the existing protections and remedies available to whistleblowers.

What is a whistleblower?

Put broadly, a whistleblower is a person who ‘blows the whistle’ – essentially, takes it on themselves to assume a role like that of police officer – on corruption and other forms of wrongdoing in a company, even though doing so is not part of their role in the company.

Some history

Existing protections for whistleblowers, enacted in 2004, have been sparingly used, and are widely perceived as inadequate. Evidence of detrimental conduct suffered by whistleblowers in the financial services sector submitted to the Financial Services Royal Commission provided further impetus for stronger and wider-reaching protections for whistleblowers.

In response to this situation, the Federal Government introduced the Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2017.  The reforms commence from 1 July 2019.

Senior management and HR personnel now need to know about their obligations under the amended laws, as set out below.

Who is a protected whistleblower under the (strengthened) legislation?

A broad range of people can become whistleblowers protected by the amended legislation, including current company officers, employees, contractors, and even relatives or spouses of these people.  The definition also encompasses people who previously held these roles.

The disclosure can now be protected even if made anonymously – whereas previously a person had to provide their name before making the disclosure in order to obtain the protections.

Who can a whistleblower disclose to in order to obtain the protections?

There is also a broad range of people to whom a disclosure can be made by a whistleblower.  This includes anyone who is an officer or senior manager (including of a related body corporate), an auditor, or anyone nominated by the company to receive such disclosures.

What type of disclosure is protected?

The type of disclosure of information that provides the whistleblower with protection has been greatly widened.  Broadly, it is information disclosed because the whistleblower knows or has ‘reasonable grounds’ to suspect that there is misconduct, or an improper state of affairs or circumstances, at the company or a related body. Obviously, this is a very wide and inclusive definition.

What must the organisation do to protect the whistleblower?

The primary requirement is that the person to whom the disclosure is made must not disclose – to almost anyone – either the identity of the whistleblower or any information that would lead to their identification.

The exceptions to that are where the information is disclosed:

  • with the whistleblower’s consent;
  • to ASIC, APRA or the Australian Federal Police; or
  • to a legal practitioner to obtain advice.

There is even protection from being compelled to disclose the identity of the whistleblower, or any information that would lead to their identification, to a court or tribunal (such as through subpoena), unless the court or tribunal considers that it is necessary to give effect to the new whistleblower regime or is in the interests of justice to do so.

The whistleblower must also be protected from suffering any detriment – including being protected from being dismissed, having their duties altered, being discriminated against, harassed or suffering any psychological harm.

How do I investigate the allegations that the whistleblower disclosed if they won’t consent to disclosure of their identity?

There is now a carve out to allow an investigation of allegations of wrongdoing to occur as long as the identity of the whistleblower is not disclosed, and all reasonable steps are taken to reduce the risk that the whistleblower’s identity will be disclosed.  Whether this is practically possible will depend on the circumstances, and it would always be preferable to obtain consent from the whistleblower to disclose their identity.

What happens if the company acts in breach of these provisions?

It is an offence to fail to comply with the provisions, and civil penalties apply.

Further, a company can be required to compensate a whistleblower for any detriment that is suffered, up to $1 million.

What about if the whistleblower has a grievance?  Is that the same thing as a disclosure?

Whistleblowers will not be afforded protection simply for disclosing personal work-related grievances, unless that grievance includes victimisation because of the making of a protected disclosure, or if it also includes conduct in breach of various legislation, including the Corporations Act.

The grievances that might not be the subject of protected disclosures could include an interpersonal conflict involving the whistleblower or decisions relating to employment of the whistleblower.

Despite this, companies will need to continue to be very careful around potential disclosures even if the disclosure is mixed with a personal grievance.  

What else do organisations need to do?

Public companies and other large private companies (i.e. having two or more of revenue over $25 million, gross assets of $12.5 million or more and/or 50 or more employees) will need to have in place a ‘Whistleblower Policy’.

A ‘Whistleblower Policy’ must include information about:

  • protections available to whistleblowers;
  • how disclosures might qualify for whistleblower protection;
  • how whistleblowers will be supported and protected from detriment;
  • how disclosures, qualifying for protection, will be investigated;
  • how employees mentioned in, or the subject of, disclosures will be ensured fair treatment;
  • how the policy will be made available to all officers and employees; and
  • any other matters prescribed by future regulations for whistleblower policies.

Given what we say above about personal grievances, it might also be appropriate to update your grievance handling policy or procedure to include information to cover situations in which whistleblower protections need to be given to parties who are also reporting a grievance.

If I remember one thing from this article, what should it be?

If someone makes a disclosure that you think MIGHT be a protected disclosure by a whistleblower, including if it also involves a personal grievance, you must not identify the person to anyone else, even senior management or directors.  Instead, tell senior management that you think you have received a protected disclosure from a whistleblower, and seek legal advice about what to do next.

What next?

As noted above, public companies and large proprietary companies will be required to have a complying ‘Whistleblower Policy’.  Not having a whistleblower policy when required will be considered a strict liability offence.

Even if your company falls outside this requirement, it is strongly recommended that you have a whistleblower policy in place to guide you and the whistleblower through the process, and that you consider carefully how this policy interacts with your general grievance handling policy or procedure.

If you would like us to prepare or review your organisation’s ‘Whistleblower Policy’ and whistleblower disclosure procedures, please contact a member of our Employment and Workplace Relations team.