Legislation update

Whistleblower reforms now passed: what you need to know

By Andrew Tobin and Nicole Radice / 22 February 2019

The long-awaited Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2018 (Bill) was passed by Parliament earlier this week. Subject to when the Bill receives royal assent, the changes will likely commence on 1 July 2019. We discuss the Bill and what it means for your business below. 

Key points

  • The Bill expands the protections afforded to whistleblowers under the Corporations Act 2001 (Cth) (Corporations Act).  
  • Public companies and large proprietary companies1 will now have to implement and publish a whistleblower policy 
  • Those companies should prepare now to mitigate risk. 

Where things stand

As anticipated in our December update, the Bill amends the existing whistleblower regime under the Corporations Act in the following key ways: 

Who can be an ‘eligible whistleblower’?

The definition of eligible whistleblower has been expanded to extend to current and former employees, officers or directors, contractors, suppliers (including their employees) or associates as well as relatives and dependants of those persons.  

What sort of things can someone “blow the whistle” about?

Previously, a whistleblower was protected for disclosures where the whistleblower had reasonable grounds to suspect the information indicated a contravention of the Corporations Act. Under the Bill, the protections have been broadened to apply to disclosures of information concerning “misconduct” or an “improper state of affairs or circumstances”.  This means disclosure does not necessarily have to concern illegal activity or indicate a contravention of the Corporations Act. 

The requirement that a whistleblower be acting in good faith has been removed. To be protected, a whistleblower now need only satisfy the objective test that they had “reasonable grounds to suspect” wrongdoing. 
Most personal work related grievances are excluded from protection.

The Bill also abolishes the requirement that a whistleblower identify themselves when disclosing their concerns, meaning whistleblowers can elect to remain anonymous. 

Who can receive a disclosure?

A whistleblower can disclose their concerns to certain “eligible recipients”, which include a company officer or director, senior manager, auditor, actuary, regulators (such as ASIC or APRA) and/or anyone authorised by the company to receive disclosures (e.g. Human Resources Manager).  

A senior manager is a person other than a director or secretary who makes or participates in decisions that substantially affect the business of the corporation. 

Emergency disclosures 

The Bill amends the concept of “emergency disclosures” to specify circumstances where whistleblowers can make protected disclosures to a member of parliament or the media. 

A whistleblower can make an “emergency disclosure” to one of those recipients where they believe there is a substantial and imminent danger to the health and safety of one or more persons or to the natural environment.  
A whistleblower can make a “public interest disclosure” where 90 days have passed after making a disclosure and the whistleblower still reasonably believes that:

  • action has not been taken; and
  • further disclosure is in the public interest. 

The whistleblower must give written notice to the organisation first. 

   

What happens  after a disclosure is made?

                 

Understandably, this will often depend on the particular circumstances and processes in place to manage disclosures. However, as a baseline the whistleblower has the right:

  • not to have their identity revealed;
  • not to suffer any detriment (real or threatened) as a result of the disclosure; and
  • to receive compensation for any detriment suffered.

An employer may also be liable for detrimental conduct engaged in by an employee against a whistleblower, having regard to a number of factors including whether the employer exercised due diligence (previously due diligence had been a complete defence). 

Penalties

    The Bill introduces significant penalties for non-compliance and also coincides with the passing of the Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Bill 2018, which enhances the penalties framework under the Corporations Act. 

As a result of these combined changes, the maximum penalty for contravening a civil penalty provision of the Corporations Act - such as a breach of confidentiality of a whistleblower’s identify or victimisation of a whistleblower - is as follows:  

  • for an individual, $1.05 million or three times the benefit derived or detriment avoided; and
  • for a company, $10.5 million, three times the benefit derived or detriment avoided, or 10% of annual turnover (up to a maximum of 1 million penalty units).

 

Policing by (whistleblower) policies

Public companies and large proprietary companies are required to implement and publish a whistleblower policy dealing with the matters addressed above. In particular, a policy must include information about:

  • the protections afforded to whistleblowers;
  • who they can make disclosures to; 
  • how the company will support them and protect them from detriment;
  • how the company will investigate disclosures (including fair treatment of those mentioned in disclosures); and
  • how the policy will be made available to officers and employees. 

Additional changes on the horizon for listed companies 

In May 2018, the ASX Corporate Governance Council (Council) issued consultation material on the 4th edition of the Corporate Governance Principles and Recommendations, which recommended that listed entities: 

  • have and disclose a whistleblower policy that encourages employees to come forward with concerns that the entity is not acting lawfully, ethically or in a socially responsible manner; and 
  • ensure the board is informed of any material concerns raised under that policy that call into question the culture of the organisation.

Key takeaways 

The changes are significant for both individuals and corporations and reflective of a shift towards encouraging a culture of accountability. Given the focus on ASIC following the banking Royal Commission, we expect a renewed focus on non-compliance.  

In advance of the likely commencement date of 1 July 2019, companies should give real consideration to adopting suitable policies and processes to receive, investigate and respond to whistleblower disclosures. It will also be necessary to carefully identify and train ‘senior managers’ and other eligible recipients to deal with disclosures. If a whistleblower can establish they have suffered detriment as a result of a disclosure, then the onus of proof is reversed, meaning it will fall to the company in question to prove they did not cause detriment. Accordingly, the risks of failing to properly prepare should not be understated.  

If you require advice in relation to your obligations under the whistleblower protection regime or assistance with preparing a whistleblower policy, please contact HopgoodGanim Lawyers’ Corporate Advisory and Governance and Workplace and Employment teams. 

Authors
Andrew Tobin
Partner
Andrew is a Partner and the head of HopgoodGanim Lawyers’ Workplace and Employment practice.
Nicole Radice
Partner
Nicole is a Partner in our Corporate practice with a focus on corporate structuring, due diligence and corporate governance, capital raisings, mergers and acquisitions and takeover defences.
Subscribe
Receive email updates of our new publications.