Australia: A seismic shift: Commonwealth government releases draft whistleblower legislation

Australian whistleblower reform is coming thick and fast. Hot on the heels of the Whistleblower Protection report by the Parliamentary Joint Committee on Corporations and Financial Services (Committee),1 the Commonwealth Government has now released an exposure draft of the proposed legislation (Draft Legislation), open for comment until 3 November 2017.

While the draft legislation does not cover every recommendation from the Committee, it will reflect a seismic shift from the current framework. A specific regime has also been announced to deal with breaches of tax laws and tax avoidance, and an Expert Advisory Panel has been established to consider the alignment of the draft legislation with the recommendations made in the Committee's report.


At a national level, there has been little consistency in the protections available to whistleblowers and the obligations imposed on companies, trade unions, government bodies and other employers. While specific legislation has applied to the government sector, and different legislation has governed different industries in the private sector, rights and obligations have differed.

These reforms aim to provide a consistent application of whistleblower protections across the private sector (in the corporate and financial space), which aligns with the government sector regime. They will provide an environment in which a whistleblower will have greater comfort in disclosing a wider range of conduct, and will mean that organisations will face an increased prospect of whistleblowing occurring.

The reforms will impact every public company and large private company. With the heightened focus by regulators on 'corporate culture', and the possibility for failures in culture to expose senior managers and directors to action, the importance of getting the tone right in adapting to and living with these changes cannot be understated.

Organisations should start auditing or developing their policies and training requirements now. This presents an opportunity for leaders to take a clear step in setting the "tone from the top".

The proposal is for the draft legislation to apply to any disclosures made after 1 July 2018, or conduct that victimises or damages an individual after 1 July 2018, even if the relevant disclosure occurred before then.

Below is a comprehensive summary of the changes proposed by the draft legislation:


In brief, under the draft legislation:

  • There will no longer be a requirement that the whistleblower is acting in good faith to gain the benefit of protections. Their motivation will be irrelevant, and it will be enough that the person has objectively reasonable grounds to suspect misconduct or a contravention.
  • Anonymous disclosures will be allowed.
  • In extreme cases (excluding tax matters), a protected disclosure can be made to the media or members of parliament.
  • A wider scope of corporate misconduct can be the subject of a protected disclosure.
  • A wider range of people can qualify for whistleblower protection.
  • The protection obligations now extend to all public and large proprietary companies.
  • These companies will have to have whistleblower policies in place – by January 2019 for public companies and December 2019 for large proprietary companies.
  • There is an expansion of the protections and redress available to whistleblowers who suffer reprisals, and improved access to compensation.
  • The onus of proof has been reversed when a person seeks compensation, once they have established they have suffered detriment

The new regime will, for the most part, be implemented by amendments to the Corporations Act. However, a similar regime will also apply to tax-related whistleblowing through changes to the Taxation Administration Act.


The new whistleblower protection regime will cover all corporate and financial sector whistleblowers who are employed or associated with entities regulated by one or more of the following:

  • the Corporations Act;
  • the ASIC Act;
  • the Banking Act;
  • the Life Insurance Act;
  • the Insurance Act: Superannuation Industry (Division) Act;
  • the National Consumer Product Protection Act; and
  • the Financial Sector (Collection of Data) Act.

Organisations governed by the new regime will have to ensure their employees are afforded the protections required, including through the adoption of whistleblower policies (see further below).


The existing Corporations Act whistleblower protections only apply to people who are currently officers, employees and suppliers.

The draft legislation, however, creates a new concept of an 'eligible whistleblower' – people whose relationship with the relevant organisation may place them in a position to identify wrongdoing by that entity. Under the draft legislation, 'eligible whistleblower' is a much wider category and now includes:

  • an officer of the organisation;
  • an employee of the organisation;
  • an individual who has a contract to supply goods or services to the organisation;
  • an employee of a supplier of a contract of goods or services to the organisation; and
  • an individual who is an 'associate' of the organisation (as defined in sections 9 and 10-17 of the Corporations Act).

The draft legislation also contains two other significant extensions of the existing protections – the category of informants who will be the subject of whistleblower protections will also include:

  1. A spouse, child or dependant of any the above (as there is the potential for victimisation or retaliatory action to be visited not only on the person who blows the whistle, but other people or entities associated with them).
  2. Any person or organisation who formerly held any of those positions – that is, former directors, officers, employees, contractors and closely related persons.

NOTE: For businesses involved in the superannuation industry, trustees, custodians and investment managers will also get whistleblower protections under the new regime.


The existing corporate and financial sector regimes have different definitions of the types of misconduct that can be disclosed. This is because they refer to conduct under the relevant piece of legislation itself.

Under the draft legislation, an individual can make an eligible protected disclosure if they have reasonable grounds to suspect that the information indicates that the organisation or any of its staff has engaged in conduct that at a general level concerns 'misconduct or an improper state of affairs or circumstances' in relation to the entity or its related bodies corporate.

This permits disclosures to be made of breaches of any Commonwealth, state or territory laws, and covers misconduct by officers and employees of the entity and the improper state of affairs caused by such individuals.

More specific types of conduct are identified, but are not intended to limit the wider application of the misconduct concept. The draft legislation specifically identifies conduct that:

  • constitutes an offence or contravention of any of the statutes identified above;
  • constitutes an offence against any other law of the Commonwealth punishable by imprisonment for a period of 12 months or more (this would, for example, cover conduct which is in breach of the Criminal Code's bribery and corruption prohibitions or the Competition and Consumer Act's cartel prohibitions);
  • represents a danger to the public or a financial system; or
  • may be prescribed by regulations.

The 'danger to the public/financial system' category is intended to cover conduct which may not be immediately apparent as a contravention of the law but which poses significant risk to safety or the stability of or confidence in a financial system. That is, it does not need to be a contravention of any law.

The draft legislation's Explanatory Memorandum states that it could also 'include emerging forms of misconduct not covered under existing law such as exploitation of a loophole in the law that creates vulnerability in a government program.'


  1. People associated with the organisation

The draft legislation sets out a new concept – the 'whistleblower disclosee'.

This covers the following people inside and outside the organisation to whom a protected disclosure may be made:

  • an auditor or a member of an audit team conducting an audit within the organisation or related body corporate;
  • the actuary of the body corporate or a related body corporate;
  • a director, secretary or senior manager of a body corporate or related body corporate; and
  • a person authorised by the body corporate to receive disclosures (this will cover, for example, those organisations who outsource their whistleblower hotline services to external providers).

NOTE: For superannuation entities, a protected disclosure may also be made to the following people:

  • an individual who is a trustee;
  • a director of a body corporate that is the trustee; and
  • any person authorised by the trustees.
  1. Regulators

Under the draft legislation, disclosures can be made to regulators – specifically, ASIC, APRA and the Australian Federal Police. Additionally, the minister can expand the scope of those persons through regulations. In tax related matters, the disclosure can be made to the Commissioner.

  1. Press and legislators

Finally, the draft legislation includes the potential for disclosures to be made to members of parliament or the media. This wider scope of disclosure is intended to apply in situations where the wrongdoing is of such gravity and urgency that it is justified to raise it with the media or the parliament.

However, such disclosures are a "last resort" and can only be made if the following conditions are satisfied:

  • the whistleblower must have previously disclosed information to a regulatory body (i.e ASIC, APRA, AFP);
  • a reasonable period must have passed since the disclosure was made; and
  • the whistleblower must have had reasonable grounds to believe that there is an imminent risk of serious harm or danger to the public health or safety, or to the financial system if the information is not acted on immediately.

Further, these types of disclosures cannot be made to any persons who self-describe themselves as a journalist, and can only be made to a person who is working in a professional capacity as a journalist. (This ensures that public disclosures on social media are not covered by the protection). A disclosure can also be made to a lawyer for the purpose of the discloser obtaining legal advice or representation.

NOTE: The tax changes do not allow disclosures to media or parliamentarians. This is based on policy reasons - avoiding vexatious disclosures, and the confidential nature of taxpayer information.


The draft legislation also outlines the introduction of Mandatory Whistleblower Policies, meaning that from 1 January 2019, all public and large proprietary companies will need to have a whistleblower policy which details:

  • the protections available; and
  • how the company will ensure fair treatment of the employees who are the subject of a protected disclosure, consistent with the requirements of the legislation.

While many ASX listed entities already have such a policy (as part of a Code of Conduct required by the ASX Listing Rules), this is a significant change for a large number of organisations.

Most significantly, this applies to any proprietary company which has, in the prior financial year, satisfied the definition of a large proprietary company as defined in the Corporations Act.

A company meets that definition if it satisfies at least two of the following three criteria:

  • the consolidated revenue for the financial year of the company and any entities it controls is $25 million or more;
  • the value of the consolidated gross assets at the end of the financial year of the company and any entities it controls is $12.5 million or more; and
  • the company and any entities it controls have 50 or more employees at the end of the financial year.

Failure to comply with these proposed policy requirements will be a strict liability offence with a penalty of 60 penalty units ($12,600).

Corporations who already have Whistleblower Policies will need to review these in light of the proposed changes, because a much wider range of conduct will fall within the protections.


  1. Victimisation Offence

The current victimisation offence is extended in the draft legislation to cover instances where the victimiser causes any other person any detriment, where their motivation is simply that they believe or suspect that a person has made, or may make a protected disclosure. The offence arises regardless of whether a disclosure in fact occurred.

The 'victim' who suffers the detriment need not be the whistleblower – it could be an investigator, a family member of the whistleblower or a business associated with them.

Detriment is undefined, but includes:

  • injury to an employee in their employment (e.g. being held back from promotion)
  • dismissal;
  • discrimination;
  • alteration of their position or harassment;
  • intimidation of a person;
  • harm or injury (physical or psychological);
  • damage to a person's property, reputation, business or financial position.

It will be a contravention (with a maximum fine of $200,000 for an individual of $1M for a corporation) to disclose the whistleblower's identity, or information which may allow them to be identified. Corporations will need to be mindful of this when they conduct investigations arising from a protected disclosure.

Any person will have a right to seek compensation where they suffer detriment, where a suspicion that they made a protected disclosure is part of the motivating reason for the conduct that caused the damage. In these cases, the victim merely has to prove they suffered damage. The person who caused the damage has the burden of demonstrating that they were not motivated by the fact or possibility that the victim made a protected disclosure. Organisations may be liable for detrimental conduct towards a whistleblower, e.g. where the organisation has aided the unlawful conduct of an officer or employee.

The standard approach courts must take is that victims will not have costs awarded against them if they are unsuccessful in an application for compensation. This will not apply if the proceedings were vexatious.

  1. Immunity from use of whistleblowers' information in court proceedings

The draft legislation will prevent the information whistleblowers provide from being admissible against them in any criminal or penalty proceedings (except proceedings relating to the falsity of the information). This is not a complete immunity – as it does not prevent a regulator from making derivative use of the information to progress its own investigations. That information may in turn allow a case to be developed against the whistleblower, if they were involved in the misconduct.


The Committee recommended some additional changes – but these remain under consideration by the Commonwealth Government's Expert Advisory Panel.

Some important recommendations which are not currently part of the draft legislation include:

  • the establishment of a reward or 'bounty' system for whistleblowers;
  • overriding confidentiality clauses in employment contracts and settlement agreements reached with employers.

The draft legislation is open for comment until 3 November 2017.2 Corrs will endeavour to keep you updated on any further developments.


1 See:

2 See:

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Chambers Asia Pacific Awards 2016 Winner – Australia
Client Service Award
Employer of Choice for Gender Equality (WGEA)

To print this article, all you need is to be registered on

Click to Login as an existing user or Register so you can print this article.

Some comments from our readers…
“The articles are extremely timely and highly applicable”
“I often find critical information not available elsewhere”
“As in-house counsel, Mondaq’s service is of great value”

Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


From time to time Mondaq may send you emails promoting Mondaq services including new services. You may opt out of receiving such emails by clicking below.

*** If you do not wish to receive any future announcements of services offered by Mondaq you may opt out by clicking here .


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at and we will use commercially reasonable efforts to determine and correct the problem promptly.