With the possibility of changes to the whistleblowing landscape on the horizon and the attention of the media, shareholders and the Australian Securities and Investments Commission (ASIC) on whistleblowing, it is an opportune time for companies to ensure that their whistleblowing frameworks are robust and operating effectively in practice.

Getting this right will pay dividends for companies, as employees are more likely to report wrongdoing internally rather than externally if they trust the company's whistleblowing program. This will mean companies can proactively remedy internal issues, resulting in cost savings over the long term. An effective whistleblowing framework will also enhance the company’s ability to monitor and promote a strong corporate culture.

Pressure from stakeholders is also mounting. The Senate is considering improvements to the whistleblowing framework, shareholders are asking about whistleblowing policies at Annual General Meetings and companies are appearing in newspapers following whistleblower reports. In addition, ASIC has announced that it will focus on reviewing corporate culture, and will consider whistleblowing policies as part of its review.

Australian whistleblowing framework

The whistleblowing framework in Australia is still in its infancy. The Corporations Act 2001 (Cth) (Corporations Act) did not cover whistleblowing until Part 9.4AAA was introduced in 2004. The Corporations Act endeavours to provide protection to whistleblowers by prohibiting victimisation, requiring confidentiality and providing whistleblowers with an entitlement to compensation for damages in certain circumstances.

In short, employees and contractors are protected under the Corporations Act if they:

  • have reasonable grounds to believe that the corporations legislation (being the Corporations Act and Australian Securities and Investments Commission Act 2001 (Cth)) has been breached;
  • disclose that information in good faith to certain senior officers within the company, a person authorised by the company to receive whistleblower disclosures, the company’s auditor or to ASIC; and
  • disclose their name before reporting the suspected breach.

Despite whistleblowing to the media falling outside the protections of the Corporations Act, whistleblowers continue to contact journalists directly. Such behaviour is encouraged by the media; for example, on 3 May 2016 Fairfax Media announced new online channels via which whistleblowers can contact and provide documents directly to journalists.

Notwithstanding the introduction of Part 9.4AAA in the Corporations Act, the guidance available to companies in respect of internal whistleblowing systems is limited to:

  • the ASX Corporate Governance Principles and Recommendations (3rd edition), which recommend that a company’s code of conduct identify measures in place to encourage the reporting of unlawful or unethical behaviour, including how the company protects whistleblowers who report violations in good faith; and
  • Australian Standard “Corporate governance - Whistleblower protection programs for entities” AS 8004-2003, which provides guidance on whistleblower programs (although AS 8004-2003 has been formally withdrawn, therefore limiting its usefulness as a guide to current thinking and best practice).

There is currently no obligation on companies to adopt internal whistleblowing systems, however the Senate is considering changes that would require companies to develop “internal disclosure systems and processes” for whistleblowers.

Senate inquiry into potential areas of reform

On 21 April 2016 the Senate Economics References Committee released the paper “Corporate whistleblowing in Australia: ending corporate Australia’s culture of silence” (Issues Paper). In addition to raising the possibility of introducing mandatory internal disclosure systems, the Issues Paper sets out other areas of potential reform, including:

  • expanding the scope of Part 9.4AAA of the Corporations Act (in particular, the definition of “whistleblower” and the type of information covered by the Corporations Act);
  • introducing reward-based whistleblower incentive arrangements (similar to the “bounty” system in the United States as discussed below);
  • removing the requirement in the Corporations Act that whistleblowers provide their name before reporting information, therefore protecting anonymous disclosures, and strengthening the penalties for victimisation; and
  • extending whistleblower protections under the Corporations Act to cover external disclosures (for example, to the media) in certain circumstances.

Many of these areas of reform are influenced by the United Kingdom and United States, so it is helpful to consider how whistleblowing operates in those jurisdictions in practice.

The international landscape

The United Kingdom has protections in place for private sector whistleblowers. The Public Interest Disclosure Act (1998) extends to disclosure to third parties in some circumstances (including the media) and provides protections and compensation that can extend to claims for compensation for aggravated damages and injury to feelings.

Additionally, the Financial Conduct Authority (FCA) published a package of rules in October 2015 that relate to whistleblowing. The rules are binding on certain entities (such as banks that meet an asset test). The rules require, for example, that entities:

  • appoint a senior manager as their whistleblowers’ champion;
  • put in place internal whistleblowing arrangements able to handle all types of disclosure from all types of person; and
  • present a report on whistleblowing to the board at least annually.

The rules take effect in September 2016 and are part of the FCA’s broader push to encourage whistleblowers to come forward. In FY2015 the FCA received 28 percent more whistleblowing reports that in the prior year (1340 whistleblowing disclosures against 1040 in FY2014). This upward trajectory is likely to continue in the future.

The framework in the United States is slightly different. While there are numerous pieces of legislation that address whistleblowing, the most well-known is the Dodd-Frank Act (2010) due to the bounty system it introduced following the Global Financial Crisis. The Dodd-Frank Act permits the Securities Exchange Commission (SEC) to pay awards to eligible whistleblowers where the information reported leads to an enforcement action yielding monetary sanctions of over US$1 million. The bounty available to whistleblowers in the United States can range from 10 to 30 percent of the money collected by the SEC. As at March 2016, the SEC has paid more than US$57 million to 26 whistleblowers since 2011. Interestingly, this is not limited to individuals in the United States. In Fiscal Year 2015, the SEC received the highest number of tips outside of the United States from individuals in the United Kingdom, Canada, China, India, and Australia (which had 29 individuals report to the SEC).

Next steps for companies

Companies should review their current whistleblowing framework and consider whether it continues to be appropriate in a climate of heightened attention on whistleblowing and significant benefits for companies that offer trusted whistleblowing programs to employees.

Strategies that companies could consider adopting include:

  • reviewing the whistleblowing framework and considering whether “best practice” updates are appropriate, including appointing an advocate to support whistleblowers who is not involved in the investigation, establishing reporting hotlines (via telephone or email) and reviewing reporting channels;
  • providing training to employees to encourage whistleblowing and explain who information should be reported to (which should include but not be limited to the employee’s direct manager) and the process that follows once a report is made;
  • training management (and others who may receive whistleblower reports) about how to appropriately respond to reports, as robust systems can be undermined by management deciding that a report is “false” and deciding not to feed the information through the formal reporting channels for review;
  • considering offering rewards for individuals that report information internally that results in wrong-doing being discovered (for example, a monetary bonus) to emphasise that whistleblowing is supported and encouraged;
  • conducting annual surveys of employees or reviews to ascertain whether policies established at a Board or management level are understood; and
  • conducting audits of the whistleblower framework to ascertain whether all whistleblower reports were appropriately responded to, investigated and closed and whether any changes are required to the framework or company policies.

One of biggest challenges that companies face when encouraging employees to report potential wrongdoing is that employees fear reprisal or do not have faith in the company’s whistleblowing systems. Addressing these concerns by ensuring that the whistleblowing framework is robust and effective will ensure companies are ready when the Australian legal and regulatory framework shifts.