Introduction

After a long period of consultation, the Australian Government has tabled a Bill aimed at improving protection for whistleblowers in the corporate, financial, credit and tax sectors. If passed, the new legislation will usher in a range of changes, including a requirement that public companies and large private companies implement internal whistleblower policies.

The Treasury Laws Amendment (Whistleblowers) Bill 2017, introduced today in Parliament, aims to create a single whistleblower protection regime in the Corporations Act, extending to the corporate, financial and credit sectors. The Bill also introduces a specific whistleblower protection regime for those who expose misconduct in tax affairs.

If passed, the new legislation will apply to protected disclosures made on or after 1 July 2018, including disclosures about events occurring before that date. Whistleblowers will also have access to compensation and enhanced protection against victimisation after 1 July 2018, regardless of when the disclosure was made.

Public companies and large private companies that fail to set up internal whistleblower policies before 1 January 2019 risk facing penalties of up to 60 penalty units ($12,600). ASIC will have the power to exempt a class of entities from complying with this requirement.

A major change is extending protection to a whistleblower who makes a report to a journalist or politician in circumstances where the whistleblower reasonably believes there is an imminent risk of serious harm or danger to public health or safety, or to the "financial system" if the information is not acted on immediately, and if a "reasonable period" has passed since the whistleblower first made a protected disclosure – more on this below.

What are the proposed changes?

When first introduced in 2004, Australia's whistleblowing regime was praised. However, it has failed to keep pace with globalisation, increasingly complicated corporate structures and societal and government expectations.

In addition to harmonising the existing whistleblower protections, the legislation is aimed at the following:

  • Broadening the classes of informants who fall within the whistleblower protection regime, including to former officers, employees and suppliers, as well as associates of the entity and family members of employees.
  • Introducing new statutory protections for whistleblowers in relation to consumer credit laws and taxation, and expanding the current protections to take into account disclosures concerning corporate corruption, bribery, fraud, money laundering, terrorist financing or other serious misconduct.
  • Eliminating the 'good faith' requirement for disclosures, allowing anonymous disclosures and providing immunities to whistleblowers regarding the type of disclosures made.
  • Adding new types of persons or entities to which a whistleblower may make a protected disclosure. This includes including protection to whistleblowers who make a report to a journalist or a politician where the whistleblower has already made the disclosure to a "whistleblower disclosee" and there is a risk of serious harm (financial or otherwise) if the information is not acted on immediately.
  • Strengthening the protections and remedies for whistleblowers who are victimised for making a disclosure, including improving access to compensation for whistleblowers.
  • Requiring public companies and large private companies to have a whistleblower policy.

Effectively, the whistleblower regime will cover disclosures made about organisations that are currently regulated by APRA and ASIC. Once passed, the new legislation will directly amend the Corporations Act and repeal existing whistleblower provisions in other financial system statutes so as to harmonise the overall regime. It will also directly amend the Taxation Administration Act 1953 to include protections for whistleblowers who disclose serious issues in relation to tax misconduct and fraud.

What are the penalties?

In addition to penalties for failing to set up a compliant whistleblower policy, the Bill, when enacted, will make it an offence to reveal a whistleblower's identity in certain circumstances. Individuals and corporates face penalties up to $200,000, and $1 million respectively for breaching a whistleblower's anonymity. Penalties of up to $12,600 will also apply for victimising whistleblowers for making a disclosure, and whistleblowers will have a right to seek compensation for reprisals. In addition, courts will be required to preserve and protect a whistleblower's identity, unless it is in the interests of justice to do otherwise.

Companies should also be prepared for whistleblowers to have consulted their own lawyers before making internal disclosures, as disclosure to a lawyer for the purposes of obtaining legal advice will be protected under the proposed law.

Risk of delayed response to disclosures

As discussed above, under the proposed law, whistleblowers may make protected disclosures to members of Parliament or journalists, which may heighten the risk of reputational damage to an organisation, not only by reason of the information actually disclosed, but also in consequence of the organisation's subsequent dealings with the whistleblower.

The Bill provides that:

  1. Where a whistleblower has previously disclosed information to a "whistleblower disclosee" (being ASIC, APRA, AFP, or a person in the organisation authorised to receive disclosures (including auditor, actuary, director, or senior manager)); and
  2. A reasonable period has passed since that disclosure was made; and
  3. The whistleblower has reasonable grounds to believe that there is an imminent risk of serious harm or danger to public health or safety or to the financial system if the information is not acted on immediately
  4. then

  1. the whistleblower may make a protected disclosure to a member of parliament (Commonwealth or State) or a journalist.

What can companies do now to prepare?

Whether or not there are any amendments to the Bill, all parties are likely to support the proposal to require organisations to set up internal whistleblower policies. Now is therefore a very good time to review your organisation's own policy.

Your organisation's whistleblower policy needs:

  • clear application to employees, past employees, contractors, suppliers, family members of employees;
  • a documented process for dealing with protected disclosures exists that ensures that all disclosures are dealt with within a reasonable time;
  • information about the protections available to whistleblowers; and
  • a clear outline of how the organisation will ensure fair treatment of employees who are mentioned in protected disclosures, or to whom protected disclosures are made.

There must also be a working system in place to ensure that the policy is distributed to anyone who may be an eligible whistleblower in relation to the organisation.

As always with risk management, a simple tick-a-box policy is not likely to satisfy the Government's requirements, or your own organisation's needs. A policy that is not implemented properly will provide little real protection. Businesses should consider testing the effectiveness of their policy to assure themselves that its terms and are being applied in practice and review their policy in light of best practice globally.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.