The new private-sector whistleblower scheme introduced into the Corporations Act 2001 came into operation only on 1 July 2019, but has already prompted significant action by the large, small business, and not-for-profit entities it covers.
One of the key measures the scheme mandates is the introduction of a workplace policy for public and large proprietary companies, with seven specific areas the mandatory policy must address. A failure to have a satisfactory policy available at least to employees and officers will be a criminal offence. Mandatory policies must be in place at least from 1 January 2020 (although this might be slightly later for some large proprietary companies, where it operates in reference to a non-standard financial year). The definition of what is a “large proprietary company” has recently changed and entities should check they know if the mandatory policy requirement applies, and from when.
Entities should be careful to recognise that the mandatory content of a workplace policy includes “information about how the company will” do various things – support whistleblowers, investigate disclosures and ensure fair treatment of employees making disclosures or who are affected by them. A key issue for mandatory policy content is that the scheme does not include obligations that require any particular support, investigation or fair treatment (although those are ordinary and sensible management responses to disclosure). A policy, or regulatory guidance from ASIC, that treats the list of mandatory policy content as a direction to do these things to any particular degree is not a reflection of the actual legislative requirement.
Apart from that, the enforcement mechanism of having an entity police itself by issuing its own mandatory policy is a new legislative experiment. Classically, a workplace policy need be nothing more or less than a direction to workers (issued at the discretion of the entity), and so long as the direction is lawful and reasonable it must be complied with by workers in the same was as any other management direction.
The usual and accepted process by which legislation requires action by an entity is to directly say so, and leave it to the affected entity to decide how best to ensure compliance (which can include a workplace policy). However, this new step co-opts the capacity to give a lawful and reasonable management direction by in effect requiring a direction to be given, where the scope for an entity to judge the usefulness of the direction is restricted.
The policy adopted by any entity becomes even more significant because the scheme includes provisions that explicitly provide that the extent to which a whistleblower policy was given effect will factor into any claims by an individual that they suffered detriment as a whistleblower. There may be a temptation to have a mandatory policy that sets a high, even aspirational bar, to ensure that the obligation to have a sufficient mandatory policy has been met. However, doing so may create a rod for the entity’s own back when the question whether the aspirational aspects of the policy were met comes up in later claims.
A good illustration of how an entity can come to grief as a result of a proscriptive and unachievable workplace policy is the long-running series of litigation brought by a seafarer, Lisa Romero, against her employer Farstad Shipping Pty Ltd. Ms Romero established that an extensive workplace grievance policy had been incorporated as a term of her contract of employment, and was breached when Farstad undertook an investigation of her discrimination complaint without strict compliance with each step in that policy, but in a more practical and streamlined way (the complaint was dismissed). Ultimately, the mechanism used to investigate the complaint was irrelevant as there was no suggestion that the same outcome would not have been reached even had the ‘bells and whistles’ approach required under the policy been strictly applied. Ms Romero was awarded nominal damages of $100, but not until extensive and expensive litigation based on non-compliance with the workplace policy had occurred.
ASIC (which has regulatory responsibility to enforce the requirement to have a mandatory policy) has now issued draft regulatory guidance on mandatory policy content for consultation. The consultation period ends on 18 September 2019 (with a finalised regulatory guide expected to be released in October 2019).
Entities anticipating a need to have a mandatory policy in place should pay careful attention to the draft regulatory guidance, and consider seeking assistance in submitting a response.
If the concept of a workplace policy is to retain any of the ordinary discretion those documents should have, the final terms of regulatory guidance issued by ASIC would reflect a ‘light-touch’ which is confined closely to the seven mandatory subject areas, and makes clear when it identifies a step that may be ‘best practice’ but is not part of any requirement.
If the draft regulatory guidance were to be implemented as it stands, an entity will be faced with a ‘catch-22 situation’ in which it could choose to adopt a prescriptive and extensive policy closely reflecting the guidance (which may unnecessarily increase exposure in future claims), or choose to implement a much more limited ‘fit for purpose’ policy crafted around the actual legislative requirements, but be the subject of scrutiny for failing to meet the unnecessarily high bar established in the draft guidance. There is a balance to be struck, and consultation responses that press for regulatory guidance that supports an appropriate level of choice in what is to be included in a mandatory policy will need to be part of the current consultation exercise.
There is a serious and significant role for regulatory guidance in this area, beyond the limited area the ASIC draft guidance currently covers. This includes detailed guidance as to how ASIC will treat:
- mandatory safety disclosures under state and territory WHS laws or other protective disclosure regimes;
- compliance and governance reporting to company officers – including whether ASIC will consider those also involve whistleblower disclosures;
- when and how the whistleblower requirement to demonstrate ‘reasonable grounds for suspicion’ can be incorporated in the mandatory policy; and
- identifying in a mandatory policy the impact on procedural fairness for an affected person that flows from the requirement not to identify the whistleblower (who may be a key witness in allegations against an affected person)..
These are not currently proposed to be extensively addressed by the ASIC draft regulatory guidance, yet these are key practical issues and are presently proposed to have no real regulator engagement.
Don’t let the opportunity to put these issues to ASIC in the current consultation round slip away.