August 26, 2019
Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Cth) (Act) took effect from 1 July 2019. The Act applies to public and large proprietary companies (Companies). It provides a single, strengthened whistleblower protection regime covering corporate, finance and credit sectors.
From 1 January 2020, Companies must implement a complaint whistleblower policy and provide training to ensure that potential eligible recipients of disclosures know how to identify a whistleblower report and steps to take if one is received. The new regime consolidates the various private sector whistleblower regimes into the Corporations Act 2001 (Cth), and creates separate but largely consistent protections within the Taxation Administration Act 1953 (Cth).
The Act expands the existing whistleblower framework by:
- extend eligible persons: extending the range of people who are eligible to make protected disclosures (and to rely on the whistleblower protection after making a disclosure) to include current and former officers, employees and suppliers of the entity in question, plus their associates and specific family members. Previously, eligible whistleblowers only included current officers, employees or suppliers of the entity under question;
- expand reportable acts/ wrongdoing: allowing the making of protected disclosures about a broader range of misconduct, including concerns about corporate corruption, bribery, fraud, money laundering and terrorist financing. Previously, disclosures were limited to breaches of the Corporations Act 2001 (Cth) or the Australian Securities and Investments Commission Act 2001 (Cth). Personal or professional work-related grievances are not within the scope of protected disclosures;
- expand who can receive a protected whistleblower's disclosure: change to the range of people who are eligible to receive protected disclosures to include officers or senior managers of the company, the company’s auditors, actuaries or another person authorised by the company, but removing the person’s managers or supervisors. This is intended to reduce the compliance burden on companies by having only a select group of employees who can receive disclosures. Companies should also be aware that disclosure to a lawyer for the purposes of obtaining legal advice will also be a protected disclosure;
- expand general protections:
- allowing anonymous disclosures;
- removing the ‘good faith’ requirement, so that it is sufficient that the whistleblower has objectively reasonable grounds to suspect misconduct or a contravention or an improper state of affairs or circumstances;
- allowing protected ’emergency’ or ‘public interest’ disclosures to be made to journalists or members of Parliament in extreme cases (excluding tax matters) in circumstances where at least 90 days have passed since an earlier protected disclosure has been made without reasonable steps having been taken to address the misconduct, or there will be substantial and imminent danger to someone’s health or safety;
- increasing penalties for individuals (up to $200,000) and corporates (up to $1 million respectively) for disclosing a whistleblower’s identity or causing detriment to a whistleblower; and
- reversing the onus of proof when a person seeks compensation (after they have pointed to evidence that suggests there is a reasonable possibility that they have suffered detriment or have received a threat of detriment).
The Act introduces a new requirement for all public companies and large proprietary companies to have a ‘compliant’ whistleblower policy in place. A large proprietary company is a proprietary company which has at least two of the following characteristics:
- the consolidated revenue for the financial year of the company and any entities it controls is $50 million or more;
- the value of the consolidated gross assets at the end of the financial year of the company and any entities it controls is $25 million or more; and
- the company and any entities it controls have 100 or more employees at the end of the financial year.
For a whistleblower policy to be ‘compliant’, it must contain the following information:
- the protections available to whistleblowers;
- the person/organisations to whom protected disclosures may be made, and how they can be made;
- how the company will support whistleblowers and protect them from detriment;
- how the company will investigate protected disclosures;
- how the company will ensure fair treatment of employees of the company who are mentioned in protected disclosures, or to whom such disclosures relate;
- how the policy is to be made available to officers and employees of the company; and
- any other matters prescribed by the regulations from time to time.
Timeframes for compliance:
- From 1 July 2019: The Act takes effect. The Act applies to disclosures made on or after 1 July 2019 but may apply to conduct that occurred before 1 July 2019. Importantly, the compensation and remedies amendments will apply to disclosures made prior to the amendments taking effect provided that the disclosure was such that it would have been protected had the Act been in force at the time.
- From 1 January 2020: Companies are required to have implemented a whistleblower policy.
Penalties for breaches:
- No Policy: Companies who fail to have a compliant whistleblower policy may be subject to a civil penalty of 60 penalty units (currently $12,600).
- Identifying the whistleblower: Breaching the confidentiality of the identity of a whistleblower, or victimising (or threatening to victimise) a whistleblower may incur a maximum civil penalty (as a result of the Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Act 2019 (Cth)) of:
- for an individual, the greater of:
- 5,000 penalty units (currently $1.05 million); or
- three times the benefit derived or detriment avoided; and
- for companies, the greater of:
- 50,000 penalty units (currently $5 million);
- three times the benefit derived or detriment avoided; or
- 10% of the body corporate’s annual turnover, up to 1 million penalty units (currently $210 million).
- for an individual, the greater of:
Breaching the confidentiality of the identity of a whistleblower or victimising (or threatening to victimise) a whistleblower may also incur significant criminal penalties.
What you need to do:
- Companies must ensure to implement a compliant whistleblower policy prior to 1 January 2020.
- Implement training regarding the new protections.
- Company officers should also review their D&O insurance arrangements.