On 1 July 2019, the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 came into force, significantly enhancing statutory protections available to eligible whistleblowers in Australia (the New WB Laws).
In addition to complying with the New WB Laws, from 1 January 2020 certain companies are required to have and make available to their employees and officers a whistleblowing policy that complies with the requirements set out in recently enacted section 1317AI of the Corporations Act 2001 (the Corporations Act).
The Australian Securities and Investments Commission (ASIC) will be responsible for administering the New WB Laws, including the whistleblowing policy requirement in section 1317AI.
We anticipate that ASIC will be taking non-compliance seriously and failure to have and make available a compliant whistleblowing policy is a strict liability offence with a penalty of 60 penalty units for individuals and companies (currently $12,600).
What companies must have a whistleblowing policy?
The types of companies required to have and make available a compliant whistleblowing policy are:
- Public companies;
- Large proprietary companies (see below for definition); and
- Proprietary companies that are trustees of registrable superannuation entities.
A proprietary company is a large proprietary company for a financial year if it has at least two of the following characteristics:
- the consolidated revenue for the financial year of the company and any entities it controls is $50 million or more;
- the value of the consolidated gross assets at the end of the financial year of the company and any entities it controls is $25 million or more; and
- the company, and any entities it controls, has 100 or more employees at the end of the financial year.
Once a proprietary company qualifies as a large proprietary company during a financial year, it must have a whistleblowing policy and make it available to its officers and employees within six months after the end of that financial year. The company must continue to maintain and make available its whistleblowing policy in all subsequent financial years in which it qualifies as a large proprietary company.
Note that the enhanced whistleblower protections in Part 9.4AAA of the Corporations Act are available to any discloser who makes a disclosure that qualifies for protection, regardless of whether the entity that is the subject of the disclosure must have a whistleblower policy.
What does a compliant whistleblowing policy look like?
For a whistleblowing policy to be compliant, the following must be included:
- information about the protections available to whistleblowers, including protections under Part 9.4AAA of the Corporations Act;
- information about to whom disclosures that qualify for protection under Part 9.4AAA of the Corporations Act may be made, and how they may be made;
- information about how the company will support whistleblowers and protect them from detriment;
- information about how the company will investigate disclosures that qualify for protection under Part 9.4AAA of the Corporations Act;
- information about how the company will ensure fair treatment of employees of the company who are mentioned in disclosures that qualify for protection under Part 9.4AAA of the Corporations Act, or to whom such disclosures relate;
- information about how the policy is to be made available to officers and employees of the company; and
- any matters prescribed by the regulations (although there are currently no regulations addressing whistleblowing policy requirements per se).
A company's whistleblowing policy should also include information about the protections in the tax whistleblower regime under Part IVD of the Taxation Administration Act 1953 (Cth).
In November 2019, ASIC also released Regulatory Guide 270, which provides additional guidance for companies on what should be included in a compliant whistleblowing policy.