The Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Cth) has been passed and has significant implications for corporate Australia. The legislation significantly alters and expands protection for 'eligible whistleblowers' who report wrongdoing in the corporate sphere. The amendments revamp the current whistleblowing scheme provided in Part 9.4AAA of the Corporations Act 2001 (Cth).

Key changes

The reforms:

  • expand the definition of 'whistleblowers' to cover officers, employees (paid and unpaid), individuals supplying goods and services (paid and unpaid) and their employees, an individual who is an associate of the regulated entity, and the relatives and dependents of the above
  • allow and protect anonymous disclosure by whistleblowers
  • remove the 'good faith' disclosure requirement which previously rendered whistleblowers ineligible for protection if their disclosure was not motivated by 'good faith'
  • provide whistleblowers with immunity from civil, criminal, or administrative liability for protected disclosures
  • provide protection for disclosure to journalists or parliamentarians in certain circumstances, namely where it is in the 'public interest', or the information concerns 'a substantial and imminent danger to the health and safety' of people or the 'natural environment'
  • introduce civil penalties for victimising or breaching the confidentiality of a whistleblower
  • specifically exclude 'personal work-related grievances' from protection.

Emergency and Public Interest Disclosures

The new regime allows whistleblowers who have previously made disclosures to escalate their concerns to parliamentarians and journalists with immunity, after following a prescribed procedure. The discloser must have 'reasonable grounds' to believe that the information concerns either 'a substantial and imminent danger to the health and safety' of people or the 'natural environment', or where it would be in the 'public interest to do so'.

Certain companies will be required to have a whistleblower policy

The Act provides that it will be mandatory for all public companies, large proprietary companies or corporate trustees of registrable superannuation entities to have a privacy policy, and to make that policy available to officers and employees of the company.

In accordance with section 45A(3) of the Corporations Act, a business will be a 'large proprietary company' if it satisfies at least two of the following criteria:

  • the annual consolidated revenue of the company and its related entities exceeds $25 million
  • the value of consolidated gross assets that the company and its related entities control exceeds $12.5 million
  • the company and its related entities have 50 or more employees.

What must a whistleblower policy contain?

Each company's whistleblower policy is required to outline:

  • the protections provided to whistleblowers, including under the provisions of the Corporations Act
  • to whom disclosures should be made and how
  • information regarding how the company will support whistleblowers and protect them from detriment
  • how the company will ensure fair treatment of employees who are mentioned in protected disclosures
  • information about how the policy is to be made available
  • what actions the company will take to investigate disclosures.

Where disclosures are made, companies are also required to ensure that the whistleblower's identity remains anonymous. Companies that fail to do this face significant penalties as well as potential criminal charges. Exemptions remain for disclosures made to legal practitioners, ASIC, APRA and the AFP.

Deadlines and penalties

The amendments will come into effect from 1 July 2019 and will apply to disclosures made on, or after commencement, but may relate to conduct which occurs or "occurred before, at or after commencement". However, greater leeway has been given to allow companies to implement a compliant whistleblower policy.

Public companies and proprietary companies that are trustees of a superannuation entity must have a compliant whistleblower policy in place by 1 January 2020. Large proprietary companies have a deadline that is dependent on their financial year.

The amendments have also significantly increased civil and criminal penalties for breaches of the new laws. Companies that fail to implement a compliant whistleblower policy, or fail to do so by the deadline may be subject to a civil penalty. Breaching the confidentiality of a whistleblower, or victimising a whistleblower (or threatening to do so), may also incur a significant civil or criminal penalty.

Key take aways

You need to consider:

  • do these amendments apply to your company?
  • do you have a compliant whistleblower policy?
  • do you have the appropriate internal management framework to support the scheme?

Holding Redlich can assist in this regard.

This publication does not deal with every important topic or change in law and is not intended to be relied upon as a substitute for legal or other advice that may be relevant to the reader's specific circumstances. If you have found this publication of interest and would like to know more or wish to obtain legal advice relevant to your circumstances please contact one of the named individuals listed.