Blowing the whistle – is your policy up to date?
Effective 1 July 2019, new whistleblower laws introduced by the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Act) will create an extended set of protections for whistleblowers who make disclosures after that date.1
The Act goes further to mandate that, by 1 January 2020, all public companies, ‘large proprietary companies’ and corporate trustees of registrable superannuation entities must have a whistleblower policy which complies with the new requirements.
These changes are a prompt for companies to review their policies and ensure they meet the enhanced requirements of the Act. Those who don’t yet have a whistleblower policy should consider adopting one to ensure they are compliant when a disclosure comes in.
Lander & Rogers has developed a policy which is compliant with the Act or can review your existing policy to augment it with the additional requirements that have been introduced.
Which companies need a whistleblower policy?
While a clear policy to encourage the reporting of misconduct for the protection of a company’s business and reputation is a sound governance tool for any company, from 1 January 2020 it will be a requirement for public companies, large proprietary companies and corporate trustees of registrable superannuation entities to have a whistleblower policy available to all employees and officers.
- A public company is one incorporated as or converted to a public company (denoted as a “Limited” company)
- A large proprietary company is a concept defined by the Corporations Act 2001 (Cth) by reference to various financial metrics. These metrics were recently increased for application to financial years commencing on or after 1 July 2019 (that is, to be assessed for the year 1 July 2019 to 30 June 2020). Accordingly, you will be a large proprietary company if you and the entities you control (if any) meet at least two of new thresholds, namely:
- For the 1 July 2018 to 30 June 2019 financial year:
- $25 million or more in consolidated revenue
- $12.5 million or more in consolidated gross assets
- 50 or more employees
- For the 1 July 2019 to 30 June 2020 financial year and thereafter:
- $50 million or more in consolidated revenue
- $25 million or more in consolidated gross assets
- 100 or more employees
- A corporate trustee of a registrable superannuation entity means a corporate trustee of a:
- regulated superannuation fund;
- approved deposit fund; or
- pooled superannuation trust (but not self-managed superannuation funds).
What is the new law?
- amends the Corporations Act 2001 to expand and consolidate the whistleblower protection regime;
- amends the Taxation Administration Act 1953 to introduce a whistleblower protection regime for disclosures of information about misconduct in relation to the tax affairs of a company; and
- repeals existing financial sector whistleblower regimes so that banks, general and life insurers and superannuation entities and trusts now fall within the whistleblower regime of the Corporations Act.
Key changes include:
- an expanded scope of disclosures that will qualify for protection;
- protection of ‘public interest disclosures’ made to parliamentarians and journalists where the whistleblower has made a previous disclosure to ASIC or APRA and after 90 days has reasonable grounds to believe that inadequate action is being taken;
- protection of ’emergency disclosures’ made to parliamentarians and journalists where the whistleblower has made a previous disclosure to ASIC or APRA and has reasonable grounds to believe that the information concerns a substantial and imminent danger to health and safety or the environment;
- a broader range of protections for whistleblowers;
- making it easier for whistleblowers to claim compensation where detriment is suffered; and
- more significant penalties for individuals and companies.
Corporations Act regime
The Corporations Act regime aims to protect whistleblowers and facilitate the early detection of misconduct by extending protections to a broader class of people and range of disclosures.
How does the regime operate?
The Act establishes a protection regime for disclosures of disclosable matters made by eligible whistleblowers to eligible recipients.
- A disclosable matter is any information concerning misconduct or an improper state of affairs in relation to the entity or one of its related bodies corporate. This compares with the previously narrow position, where a protected disclosure could only be made in respect of a contravention of the Corporations Act or of certain industry-specific legislation.2
- An eligible whistleblower now includes current and past employees and officers of the entity as well as service providers, their employees and relatives of any of these. For superannuation entities, the net widens to include a natural person who is a trustee, custodian or investment manager of the superannuation entity or any officer, employee of a trustee, custodian or investment manager, and relatives of any of these.
- An eligible recipient of disclosures includes officers, senior managers and auditors of a regulated entity, as well as third party providers who have been authorised by the entity to receive disclosures.
What protections are available to whistleblowers?
When the eligibility requirements above are satisfied, a whistleblower will be entitled to a range of protections, including:
- Confidentiality: The Act makes it a criminal offence (and may lead to civil penalties) to disclose the identity of a whistleblower without their consent, or to disclose information that is likely to lead to the identification of the whistleblower, except in limited circumstances.
- Detriment and victimisation: The Act makes it an offence to threaten to, or engage in conduct that, causes detriment to a person due to a belief or suspicion that any person made, or proposes to make, a qualifying disclosure.
The definition of ‘detriment’ is broad and includes:
- injury of an employee in their employment;
- alteration of an employee’s position or duties to their disadvantage;
- harassment or intimidation;
- harm or injury, including psychological harm; and
- damage to the whistleblower, their property, reputation, business or financial position.
A person who engages in detrimental conduct in breach of the Act may be subject to court orders, including orders for compensation, reinstatement, injunctions, apologies and exemplary damages. In proceedings for such court orders, there is a reverse onus of proof so that, in effect, the person accused of causing the detriment must prove the claim is not made out.
- Immunities: A whistleblower will not be subject to civil, criminal or administrative liability and no contractual right or remedy may be enforced on the basis of the disclosure (eg. secrecy provisions in an employment contract cannot be enforced). Information included in the disclosure will generally not be admissible in evidence against the whistleblower in criminal or civil proceedings, although the discloser can be pursued for fraud committed in connection with making of a disclosure and for their own conduct in the reported matter provided there is other evidence of it.
Why does this matter?
Significant penalties apply for breaches of the new law. For example, the maximum penalties for unlawfully disclosing a whistleblower’s identity or victimising a whistleblower are:
- $200,000 for an individual; and
- $1,000,000 for a body corporate.
If civil penalties apply, these may include:
- For unlawful disclosure of whistleblower’s identity – $6,300 or 6 months in prison or both;
- For victimising a whistleblower – $25,200 or 2 years in prison or both; and
- For failure to have a whistleblower policy in place – $12,600.
What does the regime mean for employers?
Where a disclosure satisfying the eligibility requirements is made, the regime extends protections to the individual and can make employers liable for any detriment suffered by the discloser, even at the hands of its other employees.
These significant reforms will require organisations to:
- reassess their corporate governance frameworks and take steps to implement compliant whistleblower policies (where required by the Act or as a good governance measure) and internal procedures; and
- consider the development of appropriate internal procedures and education for management and staff, to ensure that whistleblowing disclosures are managed appropriately.