The Commonwealth Government recently passed the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Cth), revamping the current whistleblowing scheme in Part 9.4AAA of the Corporations Act 2001 (Cth).

The amendments significantly alter and expand protection for ‘eligible whistleblowers’ who report wrongdoing in the corporate sphere and are likely to affect approximately 33,000 companies.

Key changes

The key changes include:

  • the expansion of the definition of ‘whistleblower’ to cover officers, employees (paid and unpaid), individuals supplying goods and services (both paid and unpaid) and their employees, associates, and the relatives and dependents of any of the above listed
  • allowing and protecting anonymous disclosures
  • allowing the identity of whistleblowers to be protected
  • providing immunity to whistleblowers from civil, criminal, or administrative liability for protected disclosures
  • providing protection for disclosure to journalists or parliamentarians in certain circumstances
  • introducing civil penalties for victimising or breaching the confidentiality of a whistleblower
  • providing for a reverse onus of proof where an individual seeks compensation, once they have established they suffered detriment
  • specifically excluding ‘personal work-related grievances’ from protection.

Will companies require a whistleblower policy?

The amendments make it mandatory for all public companies, large proprietary companies or corporate trustees of registrable superannuation entities to have a whistleblower policy and to make that policy available to officers and employees of the company.

Under the Corporations Act, a business will be a ‘large proprietary company’ if it and its related entities have at least two of the following:

  • an annual consolidated revenue of in excess of $25 million
  • the value of consolidated gross assets controlled are in excess of $12.5 million
  • 50 or more employees.

What must a whistleblower policy contain?

Under the amendments, a whistleblower policy is required to outline:

  • information about how the policy is to be made available
  • how and to whom disclosure should be made
  • the protections granted to whistleblowers, including under the Corporations Act
  • information about the support and protection that will be provided to whistleblowers by the company
  • how the fair treatment of employees who are mentioned in protected disclosures will be ensured
  • the investigative actions the company will take in circumstances where a disclosure is made.

Companies who fail to ensure that a whistleblower’s identity remains anonymous will face significant penalties and possible criminal charges. Exemptions remain for disclosures made to legal practitioners, ASIC, APRA and the AFP.

How long does my company have?

The amendments will come into effect from 1 July 2019. It will apply to disclosures made on, or after, commencement.

There is still time for companies to review and implement compliant whistleblower policies.

A compliant whistleblower policy must be in place by 1 January 2020. Large proprietary companies have a deadline that is dependent on their financial year.

Failure to have a compliant policy in place by the deadline may incur a penalty of up to $126,000, to be enforced by ASIC.