Navigating the New Whistleblower Laws - Part 1
In February 2019, the Australian Parliament passed new laws creating an expanded corporate whistleblowing scheme which applies to the majority of companies in Australia. These new whistleblower laws took effect on 1 July 2019, with public companies and large proprietary companies then having until 1 January 2020 to implement a compliant whistleblower policy.
While the amendments seemingly mirror the shifting social expectation for increased accountability of directors and those in senior management positions, they do pose some significant challenges to companies, which need to be navigated carefully. This newsletter will outline some of the key changes of the expanded corporate whistleblowing scheme and what businesses will need to consider in relation to these changes.
Next week, in part 2 of our newsletter, we will examine in greater detail what is specifically required for a whistleblower policy to be compliant with the new legislation.
Expanded Corporate Whistleblowing Scheme
The Treasury Laws Amendment (Enhanced Whistleblower Protections Bill 2019 (Cth) amended the Corporations Act 2001(Cth) (the Corporations Act) and the Taxation Administration Act 1953 (Cth) to create the expanded corporate whistleblower scheme. The overarching purpose of the legislation is to encourage and protect whistleblowing and discourage corporate fraud and misconduct. The amendments incorporate a wider range of misconduct, protects a larger group of people, allows anonymous disclosures, creates more avenues for redress and increases potential penalties for employers. Although the new legislation significantly expands the corporate whistleblower scheme, it does not extend protections to employees simply questioning the business judgment of a company.
Who does the scheme apply to?
The expanded corporate whistleblowing scheme relates to private sector companies or organisations which fall into one of the following categories:
- companies registered under the Corporations Act;
- insurers including life insurance companies;
- superannuation entities or trustees; and
- incorporated associations or body corporates that are trading or financial corporations.
Who can be a whistleblower?
The scope of ‘eligible whistleblower’ has been broadened significantly to include any person who has ever had any relationship with the company. This includes:
- current and former employees, officers including directors or company secretaries, contractors, volunteers, suppliers and associates of the company or organisation or a related company or organisation;
- current and former trustees, or anyone providing services to the trustee, of a superannuation entity; and
- the spouse, relative or dependant of any of the aforementioned individuals.
Who can the whistleblower tell?
To be protected under the provisions, a whistleblower must make a disclosure to a particular person known as an eligible recipient. Similarly, ‘eligible recipients’ now covers a wider range of individuals, who are either part of the company or organisation or a related company or organisation, and includes those designated to receive disclosures as well as senior staff including directors, company secretaries, company officers, senior managers and auditors. It also includes regulators such as ASIC and Australian Prudential Regulation Authority (APRA), a lawyer, and in limited circumstances, journalists and members of Parliament.
An individual can report wrongdoing to a journalist or member of Parliament if it is a public interest disclosure. To fall under this category there are a number of requirements. In general terms, the disclosure must have been previously made to an eligible recipient and no action was taken and most obviously, the disclosure must be in the public interest. An emergency disclosure also warrants disclosure on a public level, whereby the information disclosed poses a substantial or imminent danger to the health of one or more persons or the natural environment.
What disclosures are protected?
Disclosures which are protected under the Corporations Act go outside the realm of solely illegal conduct. A discloser will also be protected where they make a disclosure about ‘misconduct’ or an ‘improper state of affairs’. Misconduct can include things such as failure to comply with a legal duty, gross mismanagement, fraud or other types of criminal behaviour or waste and dishonest or unethical behaviour by an individual. An improper state of affairs can include systemic issues that do not necessarily amount to unlawful conduct. However, personal work-related grievances, meaning any matter relating to a person’s employment or former employment or having implications for them personally, are generally not covered by the new scheme.
The previous ‘good faith’ requirement, which meant that a whistleblower would not receive protections where they had some other motivation for making the disclosure, has been disposed of. Despite having ulterior motives, a whistleblowers will be protected if they have reasonable grounds to suspect information disclosed relates to misconduct or an improper state of affairs.
Protections for whistleblowers
Provided a disclosure made by an ‘eligible whistleblower’ to an ‘eligible recipient’ was based on ‘reasonable grounds’, then that person is protected from any detrimental conduct against them. Detrimental conduct includes a non-exhaustive list of things such as dismissal or demotion, discrimination, harassment or intimidation in the workplace, harm and injury including of a psychological nature and any reputational or property damage.
Further to this, the eligible whistleblower has the right for their identity to be kept confidential, and has the ability to make a disclosure on an anonymous basis.
An eligible whistleblower is also able to make an application to the court seeking compensation if they have been subject to any detrimental conduct. Where an eligible whistleblower seeks compensation because of detrimental conduct, there is a reserve onus of proof during the court proceedings. This means that if a claim is brought seeking compensation, once the whistleblower has established they have suffered detriment, the company will have to prove that a protected disclosure was not even a slight factor in the reason why the detrimental conduct was taken.
Breaching confidentiality of an eligible whistleblower’s identity or causing or threatening them detriment attracts significant civil penalties of up to $1.05 million for individuals and $10.5 million or 10% of annual turnover (up to $525 million) for companies.
Tips for Employers
In response to the expanded corporate whistleblower scheme, employers should consider the following steps to ensure compliance and reduce risk:
1. Recognising the risks
There are some quite significant risks for companies and other people that do not adhere to the obligations in the expanded corporate whistleblower scheme. Failing to protect whistleblowers will come at a significant cost with increased civil and criminal penalties potentially applying where:
- there has been a failure to protect the whistleblower from victimisation;
- the confidentiality obligations to the whistleblower has been breached; or
- a compliant whistleblower policy is not in place.
In these situations, civil penalties of up to $1.05 million for individuals and $10.5 million or 10% of annual turnover (up to $525 million) for companies.
2. Review and update of current procedures
Given the significant changes made to the corporate whistleblowing scheme, it is unlikely that existing procedures will be sufficient to address the responsibilities on companies. A thorough review should be conducted of the requirements under the expanded corporate whistleblower scheme and the procedures that are currently in place, especially in relation to internal information handling.
A one-size-fits-all process is likely to prove ineffective, so employers should consider implementing flexible internal processing procedures for how information is to be handled as well as clearly defining and distributing roles and responsibilities regarding who will be receiving and investigating disclosures by whistleblowers. Creating both an anonymous reporting system and an independent investigating group within a company will likely facilitate an investigation process which is compliant with the legislation. Exercising due diligence and taking reasonable precautions will also be vital in ensuring that a whistleblower does not suffer any detriment in relation to a disclosure.
3. Implement compliant whistleblower policy
At the conclusion of the review of current procedures, companies should codify the agreed upon updated internal procedures in a whistleblower policy. We will address the specific requirements for this policy in part 2 of this newsletter next month.
4. Training for staff
In light of this all-encompassing regime and the severity of associated penalties for non-compliance, it would be prudent for employers to provide training to all management staff who fall under the category of ‘eligible recipients’ as it is these staff who are likely to receive disclosures from whistleblowers. Such training should cover the company’s updated internal processes as well as the obligations for specific persons under the new whistleblower policy. The training should also focus on the importance of the strict confidentiality requirements for whistleblowers throughout the process.
It is also likely to be useful running an all staff training in relation to the whistleblower policy to ensure that staff are informed of how to make a disclosure, what protections apply, how they will be supported if they make a disclosure and the investigation process that will take place.
It cannot be understated the increased compliance burden faced by companies due to the expanded corporate whistleblower scheme. Given the significant penalties involved with contravention of the expanded corporate whistleblower scheme, it is essential that companies take the time to ensure that the proper processes and policy (if relevant) are in place.
PCC Employment Lawyers is able to assist companies with understanding their obligations under the expanded corporate whistleblower scheme including preparation of a compliant whistleblower policy.
In part 2 of this newsletter, we will look at the requirements for a whistleblower policy under the new legislation. Public companies and large proprietary companies are required to have a compliant whistleblower policy in place by 1 January 2020.