Time for a whistleblower policy?
Changes to the Corporations Act means that many companies will need to have a policy which outlines the protections that are available for whistleblowers by 1 January 2020.
Who must have a policy?
You must have a whistleblower policy if you are
- A public company
- A large proprietary company (characterised by having any two of the following: $50+ million in consolidated revenue; $25+ million or more in consolidated gross assets; or 100+ employees); or
- A large proprietary company which is a registrable superannuation entity
Who can be a whistleblower?
An eligible whistleblower can be one of the following:
- an officer of the company;
- an employee of the company;
- someone who supplies services or goods to the company or is employed by someone who supplies services or goods to the company
- a relative of any of the above
- a dependant of an any of the above or of that person’s spouse.
To Whom can a whistleblower make a disclosure?
A whistleblower may make a disclosure to
- a person authorised by the company to receive disclosures;
- a director, secretary or senior manager of the company;
- any company external auditor (or a member of that audit team);
- a registered tax agent or BAS agent who provides tax or BAS services to the company;
- any other employee or officer of the company who has functions or duties relating to tax affairs of the company (e.g. an internal accountant);
- the Commissioner of Taxation;
- a legal practitioner – for the purpose of obtaining legal advice or legal representation in relation to the operation of the whistleblower provisions in the Corporations Act or the Taxation Administration Act; or
- In certain circumstances, a journalist or member of parliament.
What is a protected disclosure?
Information is considered to be a protected disclosure if a whistleblower has reasonable grounds to suspect misconduct, or an improper state of affairs or circumstances, in relation to the company by the company, or an officer or employee of the company, which is:
- a contravention or offence against a provision of
- the Corporations Act
- the ASIC Act;
- the Banking Act 1959;
- the Financial Sector (Collection of Data) Act 2001;
- the Insurance Act 1973;
- the Life Insurance Act 1995;
- the National Consumer Credit Protection Act 2009;
- the Superannuation Industry (Supervision) Act 1993;
- conduct which is an offence against any other law of the Commonwealth that is punishable by imprisonment for a period of 12 months or more; or
- conduct which represents a danger to the public or the financial system.
A protected disclosure does not include information about personal work related grievances such as
- an interpersonal conflict between the discloser and another employee;
- a decision relating to the engagement, transfer or promotion of the discloser;
- a decision relating to the terms and conditions of engagement of the discloser;
- a decision to suspend or terminate the engagement of the discloser, or otherwise to discipline the discloser.
What protections does a whistleblower receive?
A whistleblower has the following protections:
- confidentiality about their identity;
- indemnity to any civil, criminal or administrative liability (including disciplinary action) for making the disclosure; and
- no remedy nor right, even if contractual, may be exercised against the person on the basis of the disclosure;
- the information in the disclosure is not admissible in evidence against the whistleblower in criminal proceedings or in proceedings for the imposition of a penalty, other than proceedings in respect of the falsity of the information.
- protection from detrimental action on the basis that they have made a protected disclosure.
What happens if the protections for whistleblowers are breached?
Severe civil and criminal penalties apply to employers who breach the protections, and courts are empowered to make orders for relief against a company if they fail to fulfil a duty of care to protect a whistleblowing employee from detriment.
The maximum civil penalties under the new Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Act 2019 (Cth) for breaching confidentiality of an eligible whistleblower’s identity or causing or threatening detriment include:
- for individuals, up to $1.05 million (5,000 penalty units); and
- for companies, $10.5 million (50,000 penalty units), or 10% of the annual turnover (up to $525 million or 5 million penalty units).
What needs to be in the policy?
A whistleblower Policy must contain:
- the protections available to whistleblowers;
- how and to whom an individual can make a disclosure;
- how the company will support and protect whistleblowers;
- how investigations into a disclosure will proceed;
- how the company will ensure fair treatment of employees who are mentioned in whistleblower disclosures; and
- how the policy will be made available.
What is the penalty for not having a whistleblower policy?
It is an offence, with a fine up to $12,600 (60 penalty units), to not have a whistleblower policy which complies with the Corporations Act.
We can provide bespoke solutions – including policies and training – that will help you confidently comply with your obligations under the Act. Contact us to discuss your needs.
Maeve Doyle is a senior employment lawyer with Nexus Law Group. If you need further advice or support, he/she can be contacted on firstname.lastname@example.org or by telephone +612 9016 0141.
This publication is © Nexus Law Group and is for general guidance only. Legal advice should be sought before taking action in relation to any specific issues.