As we recently reported, on 19 February 2019 the House of Representatives passed the Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2018 (Bill). We expect the Bill to come into effect on 1 July 2019.
This update looks at some of the practical steps that companies should take in the lead up to the Bill coming into effect.
Practical steps to comply with the Bill when it comes into effect
1. Refresh your existing whistleblower policy, or establish one if there is none in place
The Bill introduces a requirement for public companies and proprietary companies that are trustees of a superannuation entity to have a whistleblower policy from 1 January 2020. A large proprietary company must have a whistleblower policy from 1 January 2021 if its financial year ends 30 June 2020; the compliance date will be 6 months after the last day of its financial year in 2020, if a different financial year. Failure to do so is an offence.
The policy must include information about:
- the protections available to whistleblowers;
- to whom disclosures can be made, and how;
- how the company will support whistleblowers and protect them from detriment;
- how the company will investigate disclosures that qualify for protection;
- how the company will ensure fair treatment of employees of the company who are mentioned in disclosures that qualify for protection, or to whom such disclosures relate; and
- how the policy is to be made available to all officers and employees of the company.
If you already have a whistleblower policy, you need to check that it meets those requirements, and update it if it does not. If you don’t, you need to put a compliant policy in place. In either case, you also need to implement a way to make that policy available to every officer and employee of the company as soon as possible.
2. Establish who will be designated to receive whistleblower disclosures, and arrange training
Company officers and senior managers will be 'eligible recipients' of protected disclosures, as will auditors and actuaries of the company or its related bodies, and anyone specifically nominated by the company to play such a role. Those people should receive training to ensure they know what to do when receiving a whistleblower disclosure, and how the whistleblower, the information provided by the whistleblower, and anyone identified in the whistleblower's allegations, should be dealt with.
3. Review other policies and procedures that may be impacted by the Bill, and modify them as needed
The obligations in the Bill are likely to impact various other company policies and procedures. For example, companies should consider how whistleblower disclosures will be investigated, while maintaining appropriate confidentiality, protecting the whistleblower from reprisals, and also ensuring fair treatment of people 'named' or implicated in the disclosure as alleged participants in wrongdoing.
Ensuring that a company has appropriate processes in place to deal with these issues is particularly important as a potential mitigant against claims arising from victimisation of whistleblowers. A company can be liable to compensate a whistleblower who suffers detriment caused by one of its officers or managers, where the company had a duty to prevent that officer or a manager from doing so. While the taking of reasonable precautions or exercising due diligence to avoid the detrimental conduct is not of itself a complete corporate defence to any claim for compensation, those matters will inform the Court's discretion as to whether to require the company (as well as the officer or manager who engaged in the conduct) pay compensation to the victimised whistleblower.
Matters to consider incorporating in relevant policies and procedures might include:
- provision of training to staff about treating a whistleblowers appropriately, and keeping their identity confidential;
- having in place counselling services that can be offered to the whistleblower when appropriate;
- protocols for offering paid leave to the whistleblower;
- installing information barriers and other relevant methods for protecting confidentiality when a whistleblower makes a disclosure;
- identifying how performance management and like issues will be addressed for persons known to be protected whistleblowers; and
- sanctioning any employees who mistreat a whistleblower.
4. Interacting with regulators
Whistleblowers can make protected disclosures directly to ASIC or APRA. That may give rise to some practical difficulties for the company the subject of the whistleblower's allegations, if the fact that one of its employees, officers or contractors is a protected whistleblower is not known to the company. Similar issues can arise when a whistleblower makes disclosures anonymously, as is permitted under the Bill.
One issue to consider in this context is whether to have provisions in the company's whistleblower policy encouraging initial reporting to the company on a non-anonymous basis (while making clear the whistleblower's entitlement to approach ASIC or APRA, and/or to report anonymously), as such a report can assist the company to more readily investigate the allegations itself.
On the other hand, a company reporting a whistleblower disclosure it has received to ASIC or APRA is a carve out to the usual restrictions on further dissemination of information received from a whistleblower. Companies will need to consider when and how to do this, having regard to the nature of the disclosure and any internal investigation commenced in respect of it.
In any case, companies can expect that disclosures made to ASIC or APRA, whether directly by the whistleblower or by the company having received a whistleblower disclosure may well trigger investigatory steps by the regulator who receives that information.
Depending the outcome of these initial enquiries by regulators, further enforcement action may ensue. Relevantly, ASIC has recently publicly adopted a 'why not litigate' stance in relation to enforcement, and both ASIC and APRA have taken steps towards further cooperation between them.
Putting aside the consequences of disclosures being made to regulators, companies should at the very least expect ASIC request them to provide their whistleblower policy when the whistleblower policy provisions take effect. ASIC has also foreshadowed that it will issue guidance to companies about its expectations around whistleblower policies and other ramifications of the Bill.
How might a change in government impact the reforms
At the time of writing, the Labor party are 'Winx odds' to win the Federal election. Although the bookmakers failed to predict both Brexit and the election of Donald Trump, any update in this area would be remiss without noting the significant further changes to whistleblower laws that the Labor party propose to introduce if elected.
While the Bill was being debated in the House of Representatives, the Labor party provided some key details about these proposed further changes. These include the following:
1. Introduction of a whistleblowing rewards scheme, to provide whistleblowers with a percentage of the penalties arising out of the misconduct that they report.
A governmental agency will be given the discretion to determine that reward, within a legislated range. Factors relevant to exercising the discretion will include the degree to which the whistleblower's information led to the imposition of the penalty, the timeliness of their disclosure and its context, and any involvement by the whistleblower in the conduct (a whistleblower who had benefited from the conduct would not qualify for a reward).
2. Establishment of a central whistleblower protection authority to assist whistleblowers navigate the whistleblowing process from start to finish
The services offered by the whistleblower protection authority will include:
- establishing a phone number for whistleblowers to call up and access advice;
- providing advice as to who to make the disclosure to and how to make the disclosure;
- providing advice as to the details of the reward scheme; and
- advising whistleblowers how to deal with any potential reprisals, including any rights that might be available to whistleblowers.
3. Consolidation of all whistleblowing laws together in one Federal Act
4. Establishment of a special prosecutor to address corporate crimes, including those related to whistleblowing.
Failure to take steps to shore up your company's whistleblower policies or to take heed of any changes that a new government may implement in this area may expose your company to regulatory action, reputational damage and significant penalties.
Although that point may be well understood in a post-Hayne report era, the new whistleblowing laws deserve to form part of the discussion around the expectations of corporate Australia.