Recent laws have strengthened protections for corporate whistleblowers (with severe penalties for any mishandling of whistleblowers). These new laws also require certain companies to prepare and adopt a policy for the protection of whistleblowers. Failure to have an appropriate policy in place by 1 January 2020 may attract a penalty of up to $12,600.

Earlier this year, the Federal Government made changes to the Corporations Act 2001 and the Taxation Administration Act 1953 aimed at fostering a whistleblowing culture in Australia. The laws significantly extend the protections available to prevent victimisation of eligible whistleblowers. They are backed up by potential imprisonment for individuals and increased penalties of up to $1.05m for individuals and $10.5m for most companies.

Legal requirement to adopt a Whistleblower Policy

By 1 January 2020, public companies, large proprietary companies and regulated superannuation trustees must adopt a Whistleblower Policy that complies with the requirements of the legislation. At present, a company will be a large proprietary company if (when combined with its subsidiaries) it meets at least two of the following criteria:

(a) annual consolidated revenue of over $25m;

(b) gross assets valued at over $12.5m;

(c) 50 or more employees.

The Corporations Act provides that the policy must contain a summary of various matters including:

(a) the protections available to whistleblowers under the Act; (b) who whistleblowers can contact to make a protected disclosure; (c) how the company will support whistleblowers and protect them from detriment; (d) what the company will do to investigate allegations made by whistleblowers; and (e) how the company will ensure that people under investigation as a result of a protected disclosure will be treated fairly.

Last week, ASIC released the final version of its Regulatory Guide concerning Whistleblower Policies, which expands on what a company’s policy should say in order to adequately address the requirements of the Act, along with setting out some guidance concerning what ASIC considers to be best practice in relation to the handling of whistleblowers.

What you should do

Even if you are not obliged to have a formal Whistleblower Policy, companies should still ensure that they review current internal processes and policies to ensure compliance with the new legislative requirements and the Regulatory Guide.

Given the severe consequences that may flow from mishandling a whistleblower, companies should also ensure that staff who may be categorized as ‘eligible recipients’ under the legislation receive additional training to ensure there is adequate knowledge of the process to follow in the case of a disclosure by a whistleblower.

Companies that are proactive in ensuring they have adequate internal procedures for instances of disclosures from whistleblowers will help mitigate the risks of breaches of whistleblower protections.