New whistleblower laws apply from 1 July 2019: three things employers should do

From 1 July 2019, Australia will have a new whistleblower protection regime covering the corporate, financial and tax sectors.

The Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Act) aims to encourage ethical whistleblowing and discourage white collar crime, while holding employers accountable for protecting eligible whistleblowers.

The Act makes important changes to the Corporations Act 2001 (Cth) and the Taxation Administration Act 1953 (Cth) affecting almost all companies, including foreign corporations, trading or financial corporations formed within the limits of the Commonwealth, ADIs, NOHCs, super funds, and insurers. This means thousands of Australian employers will need to rapidly change their approach to whistleblowing.

Key reforms include:

  • Protected disclosures may relate to matters beyond criminal breaches, including breaches of tax laws, ASIC laws and APRA laws. Conduct that is not illegal but indicates systemic issues will also be disclosable. However, the protections will not extend to disclosures about personal employment or workplace grievances such as interpersonal conflicts, transfer, promotion, or disciplinary decisions.
  • More people can be ‘eligible whistleblowers’, including anyone who has ever been in a relationship with a company (such as former employees, contractors, employees of contractors, associates, and relatives of such individuals).
  • More people can be ‘eligible recipients’ of disclosures, including senior managers, directors and auditors; and in certain circumstances, even journalists and politicians.
  • Stronger protections for whistleblowers including anonymity, increased immunities against prosecution, and protection against detriment through victimisation. Whistleblowers are no longer required to act in good faith to be protected (although they need to have reasonable grounds to suspect misconduct).

Severe civil and criminal penalties will apply to employers who breach those protections, and courts are empowered to make orders for relief against a company if they fail to fulfil a duty of care to protect a whistleblowing employee from detriment.

The maximum civil penalties under the new Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Act 2019 (Cth) for breaching confidentiality of an eligible whistleblower’s identity or causing or threatening detriment include:

  • for individuals, up to $1.05 million (5,000 penalty units); and
  • for companies, $10.5 million (50,000 penalty units), or 10% of the annual turnover (up to $525 million or 5 million penalty units).

Here are three actions companies should take now to ensure compliance:

1 – Implement a whistleblower policy

From 1 January 2020, certain companies will be required to have a whistleblower policy that complies with the new section 1317AI of the Corporations Act 2001 (Cth).

Although only certain companies are required to have a whistleblower policy, we strongly recommend that all companies regulated under the new regime create or update their whistleblower policy. Given the complexity of the new whistleblower legislation and the severe penalties in the event of a breach, many clients are working with us to prepare whistleblower policies now so that they can properly deal with disclosures from 1 July 2019.

The requirement carries a $12,600 penalty for non-compliance, and applies to:

  • public companies;
  • large proprietary companies (characterised by having any two of the following: $50+ million in consolidated revenue; $25+ million or more in consolidated gross assets; or 100+ employees); and
  • registerable superannuation entities.

To comply with section 1317AI, the policy must contain:

  • the protections available to whistleblowers;
  • how and to whom an individual can make a disclosure;
  • how the company will support and protect whistleblowers;
  • how investigations into a disclosure will proceed;
  • how the company will ensure fair treatment of employees who are mentioned in whistleblower disclosures; and
  • how the policy will be made available.

In addition to those requirements, we are recommending to clients that their policies include scope to conduct investigations internally and externally, and address client legal privilege. Further, we recommend that policies set out a process to work through situations where a person subject to a disclosure is also authorised to receive the disclosure. Lastly, we suggest that policies include a process to determine whether an eligible whistleblower consents to be identified during an investigation.

ASX-listed companies should also consider the ASX Corporate Governance Principles and Recommendations, which further recommends that policies:

  • link to the company’s values;
  • identify the types of concerns that may be reported under the policy;
  • provide for the training of employees about the policy and their rights and obligations under it;
  • provide for the training of managers and others who may receive whistleblower reports about how to respond to them; and
  • state that the policy will be periodically reviewed to check that it is operating effectively and whether any changes are required to the policy.

2 – Train all staff

Given the significant changes presented by the Act, we are recommending to clients that employers provide two types of training.

The first training program is for ‘eligible recipients’, which includes senior managers, officers, and anyone else authorised by the company to receive disclosures from whistleblowers (such as Compliance Officers). This training should cover the process set out in the company’s whistleblower policy to respond to disclosures. Special attention should be paid to the importance of protecting the whistleblower’s right to anonymity during the investigation, unless they consent to their identity being disclosed.

A company’s auditors, actuaries, tax agents and BAS agents are also ‘eligible recipients’. Although employers cannot be expected to train those persons, we recommend they be informed of their new obligations under the Act.

The second training program is for all staff. It sets out how the whistleblower regime works under the Act, and how the whistleblower policy provides a process for disclosing and investigating certain matters. It also details the protections that will be provided to eligible whistleblowers.

3 – Assess current procedures

The new regime requires a thorough analysis of any existing whistleblower procedures. It is likely that these will have to be reworked or replaced in light of the changes.

Further, to protect whistleblowers from harm, companies should ensure that the storage of whistleblowers’ information is secure and complies with privacy laws.

Next steps

Employers must respond to the new whistleblower regime now to ensure compliance.

With significant experience across all aspects of employment, whistleblower and privacy laws, we can provide up-to-date and bespoke solutions that will help you confidently comply with the Act. Contact us to discuss your needs.


For further information please contact: