Whistleblower protection has received a lot of media attention recently, following the Senate Inquiry into the performance of the Australian Securities and Investments Commission (ASIC) and its alleged failure to act promptly on information provided by whistleblowers in relation to serious misconduct in Commonwealth Bank’s financial planning arm.

Consistent with ASIC’s commitment to improve communication and handling of information brought to its attention by whistleblowers, it has released a new Information Sheet (Info Sheet 52) which provides guidance on the statutory protections available to those who report misconduct or provide evidence of a breach of the Corporations Act 2001(Cth) (Corporations Act) to ASIC.

The whistleblower provisions of the Corporations Act are designed to encourage people associated with a company to alert the company (through its officers) or ASIC, to illegal behaviour.  Information provided by whistleblowers is considered a protected disclosure (provided certain criteria are satisfied), and must be kept confidential.  Both the information provided and the identity of the whistleblower may not be disclosed, unless that disclosure is specifically authorised by law.

Generally speaking, for the purposes of the Corporations Act, a whistleblower is a person who is an employee, contractor or member of an organisation, who reports or ‘discloses’ misconduct or dishonest or illegal activity that has occurred within that same organisation.  The report must be made to either ASIC, the company’s auditor or member of the internal audit team, a director, secretary or senior manager, or a person authorised to receive whistleblower disclosures (such as a Whistleblower Protection Officer).

It is imperative that companies have a whistleblower policy in place to ensure employees know how to report issues, who to report them to, and how they will be dealt with when the company is alerted.

The policy should also detail the rights of employees to disclose improper conduct on a confidential basis without fear of retaliation.

A whistleblower reporting tool (e.g. a hotline or online portal with analytical capabilities) is also a useful way to detect fraud within an organisation.

Info Sheet 52 is a useful reference tool, to ensure your policy adequately details the protections available to whistleblowers.  It should, however, be noted that the protections under the Corporations Act only apply to whistleblowers who report breaches of the Act, as opposed to breaches of other laws, or the company’s internal policies.

To afford the protections under the Corporations Act, the whistleblower must identify their name when making a disclosure, have reasonable grounds to suspect that the information being disclosed indicates that the company, company officer or employee may have breached the Corporations Act and must make the disclosure in good faith.

Identifying the whistleblower is not typically required under other laws, nor is it under many internal policies.  Therefore, if a matter that would result in a breach of the Corporations Act is reported anonymously through internal channels, the whistleblower would need to be identified before the matter was referred to ASIC to benefit from the protections in the Corporations Act against civil and criminal litigation.

Further, the provisions of the Corporations Act may be relied on by the whistleblower in their defence if they are the subject of an action for disclosing protected information.  It is important to note that no contractual or other remedy can be enforced against the person on the basis of the disclosure. 

Where a whistleblower’s employment is terminated because of a disclosure made under the Corporations Act, the whistleblower can apply to Court for an order to be reinstated in that position, or in another position at a comparable level.

The publication of Info Sheet 52 is an important reminder that whistleblowers play a role in detecting serious misconduct within organisations and should be afforded adequate protections. Companies must ensure that procedures are in place so that matters of concern that are raised can be dealt with on a timely basis, either internally or, in the case of a serious breach, by escalating the matter to ASIC or the Australian Federal Police.