By Alison Baker, partner and David Burnton, senior associate at Hall & Wilcox
Australian companies must give consideration as to how they deal with “eligible whistleblowers” following changes to the law, which increase the number of potential whistleblowers and reportable business behaviours which may be disclosed.
The new whistleblower legislation commenced on 1 July 2019 and involves severe civil and criminal penalties for employers who breach the protections provided to eligible whistleblowers.
Maximum civil penalties for breaching the confidentiality of an eligible whistleblower’s identity or causing or threatening detriment to an eligible whistleblower include:
Get business news first
Sign up to SmartCompany’s daily newsletter
- up to $1.05 million for individuals (5,000 penalty units); and
- up to $10.5 million for companies (50,000 penalty units), or 10% of the annual turnover (up to $525 million or 5 million penalty units).
The whistleblower legislation expands the number of people who can be “eligible whistleblowers” to cover individuals currently or previously in a relationship with a company – e.g. employees, former employees, contractors, employees of contractors, associates, and relatives of such individuals.
More people can now be “eligible recipients” of whistleblower disclosures, including senior managers, directors and auditors; and in certain circumstances, journalists and politicians.
Stronger protections for whistleblowers include anonymity, increased immunities against prosecution, and protection against detriment through victimisation. Whistleblowers are no longer required to act in good faith to be protected (although they need to have reasonable grounds to suspect misconduct).
Whistleblowers will be protected disclosing information about matters beyond criminal breaches, including breaches of tax laws, and laws administered by ASIC and APRA. The new laws further widen the net by allowing for reporting of conduct which indicates systemic issues even if it’s not illegal.
But protections do not extend to disclosures about personal employment or workplace grievances such as interpersonal conflicts, or transfer, promotion, or disciplinary decisions.
Here are three actions companies should take now to ensure compliance:
Implement a whistleblower policy
From 1 January 2020, certain companies will be required to have a whistleblower policy that complies with the new section 1317AI of the Corporations Act 2001 (Cth).
All companies regulated under the new regime can be prepared by creating or updating their whistleblower policy. But even companies not required to have a policy may find it extremely useful should a whistleblower event arise, considering the new whistleblower legislation’s complexity and severe penalties.
The requirement to have a whistleblower policy carries a $12,600 penalty for non-compliance, and applies to: public companies; large proprietary companies (characterised by having any two of the following: $50+ million in consolidated revenue; $25+ million or more in consolidated gross assets; or 100+ employees); and registerable superannuation entities.
To comply with section 1317AI, the policy must contain:
- the protections available to whistleblowers;
- how and to whom an individual can make a disclosure;
- how the company will support and protect whistleblowers;
- how investigations into a disclosure will proceed;
- how the company will ensure fair treatment of employees mentioned in whistleblower disclosures; and
- how the policy will be made available.
Good policies will also include scope to conduct investigations internally and externally, and address client legal privilege. It’s also worth outlining a process to work through situations where a person subject to a disclosure is also authorised to receive the disclosure.
Confidentiality is paramount, and policies should also include a process to determine whether an eligible whistleblower consents to be identified during an investigation.
ASX-listed companies should also consider the ASX Corporate Governance Principles and Recommendations, which requires the disclosure of a whistleblower policy and requires that the company’s Board or a committee of the Board is informed of any material incidents reported under the policy. The Principles further recommend that policies:
- link to the company’s values;
- identify the types of concerns that may be reported under the policy;
- provide for training employees about the policy and their rights and obligations under it;
- provide for training managers and others who may receive whistleblower reports about how to respond to them; and
- state that the policy will be periodically reviewed to check that it is operating effectively and whether any changes are required to the policy.
Train all staff
Two types of training will be useful: The first training program is for “eligible recipients”, which includes senior managers, officers, and anyone else authorised by the company to receive disclosures from whistleblowers, such as Compliance Officers; the second training program is for staff.
Training for eligible recipients should cover processes set out in the company’s whistleblower policy to respond to disclosures. Protecting the whistleblower’s right to anonymity during the investigation must be prioritised unless they consent to their identity being disclosed. Some eligible recipients operate outside of the company, such as your auditors, actuaries, tax agents and BAS agents – employers cannot be expected to train those persons, but may inform them of their new obligations under the new laws.
Training for all staff needs to outline how the new whistleblower regime works, and how the whistleblower policy provides a process for disclosing and investigating certain matters. Staff training must also detail the protections provided to eligible whistleblowers.
Assess current procedures
The new regime requires a thorough analysis of any existing whistleblower procedures, which will likely need to be reworked or replaced.
To protect whistleblowers from harm companies must ensure whistleblowers’ information is stored securely and complies with privacy laws.
Alison Baker is a partner and David Burnton a senior associate in the employment practice at Hall & Wilcox Lawyers. They advise private sector and public sector clients on all aspects of employment, industrial relations and human resources law and privacy legislation.