Whistleblower protections have been top of mind for many Australian organisations recently, following a number of changes to the law.
The Treasury Laws Amendment (Enhancing Whistle-Blower Protections) Bill 2017 is due to come into effect from July 2019.
This will result in significant changes to the way whistleblowers are to be treated under a raft of existing legislation, including the Corporations Act 2001 (Cth), the Banking Act 1959 (Cth) and the Superannuation Industry (Supervision) Act 1993 (Cth).
One of the key changes is the need for organisations to have policies in place around whistleblower procedures and protections.
So what are some of the key changes to the law, and what should your whistleblower policy include?
the key changes to the law
A number of changes will take effect under the new legislation, including:
- The expansion of the definition of ‘whistleblowers’ to include relatives, dependants, their spouses, former employees and former associates.
- Excluding personal work-related grievances from conduct that is otherwise deemed to be reportable.
- Enhancing protections for whistleblowers. This includes increased anonymity, more significant penalties for revealing identities of whistleblowers and facilitating the ability for whistleblowers to seek compensation or redress in situations where they have been victimised.
- Limiting the persons in a business who are entitled to receive disclosures, but permitting externalisation of whistleblowing to the media and/or parliamentarians in circumstances where the disclosure may be a matter of public interest or emergency.
- Requiring public and large proprietary companies (defined as companies with consolidated revenue of at least $25 million, consolidated gross assets of at least $12.5 million or at least 50 employees) to have a detailed and compliant whistleblower policy in place.
defining conduct to be reported
The intention of the legislation is to protect people who:
- Report misconduct or ‘an improper state of affairs or circumstances’ in situations where the whistleblower has reasonable grounds to suspect that the misconduct has occurred. This is generally expected to cover ‘unethical’ conduct.
- Believe an offence has been committed under legislation whose supervision comes under the purview of the watchdogs APRA or ASIC.
- Report behaviours which ‘represent a danger to the public or financial system’ or otherwise relate to a civil or criminal offence which could result in imprisonment for a period of at least one year.
explaining the process
In the event that a staff member wishes to make a disclosure, it is essential that it is only made to the appropriate category of person. Internally, this includes officers of the company, a person authorised by the company to receive ‘protected disclosures’ (such as an HR representative) or a senior manager of the whistleblower, who is an employee of the company. Companies can facilitate disclosure by implementing a mechanism for staff members to report online or over the phone.
External disclosures can be made to ASIC/APRA, auditors or actuaries reviewing the company, lawyers or journalists or parliamentarians where public interest would be met by making the disclosure.
Whistleblowers are entitled to retain anonymity. However, the information does not need to remain confidential, as long as it can be demonstrated that:
- The information requires investigation.
- Reasonable steps have been taken to maintain the anonymity of the whistleblower in conducting such an investigation.
protections for whistleblowers
The new legislation sets out a number of strengthened protections for whistleblowers.
- Immunity against civil, criminal, administrative or disciplinary action.
- An inability to enforce contractual remedies against a party making the disclosure.
- An inability to admit information provided by a whistleblower into evidence in proceedings against them (unless those proceedings are pursued because of the falsity of the information).
- Protection against victimising conduct (such as dismissal, demotion, discrimination or similar).
- Increased anonymity protection through strict liability criminal offences for revealing identities of whistleblowers
- Significant monetary penalties applicable to person(s) who reveal the identities.
What to include in a whistleblower policy?
Organisations who are required to have a whistleblower policy must ensure that it covers off key points, including:
- What protections the employee can expect to receive.
- Details on how those protections will work in practice.
- Specific information on how a disclosure can be made.
- Details on how disclosures will be investigated.
- How the policy will be transparently implemented.
The policy should be communicated to all staff, from the CEO down. It should be made available where all staff members can easily access it, for example posted on an intranet.
It is clear that the content and nature of a whistleblower policy are key to appropriately implementing the legislation. To assist our clients in understanding the looming changes and preparing, we have published a white paper, which is available on our website for free download.
We also provide our industry-leading Grapevine Confidential Whistleblower Hotline, which is staffed 24 hours a day, 7 days a week. Grapevine provides employees with the opportunity to make anonymous complaints to trusted and experienced operators.