Part 9.4AAA of the 2001 Corporations Act sets out a consolidated whistleblower protection regime for Australia's corporate sector. Changes to this regime designed to provide whistleblowers with stronger and more robust protections were introduced by the 2019 Treasury Laws Amendment (enhancing Whistleblower Protections) Act.
Companies need to assess whether their whistleblower policies are compliant with the new laws. The Australian Securities and Investments Commission (ASIC) has published regulatory guidance to assist companies with compliance.
The new laws apply to:
The new laws have a strong focus on preserving the whistleblower's confidentiality and deterring others from engaging in detrimental conduct. Some regulated entities are also required to have a whistleblower policy in place by 1 January 2020. Regardless of whether entities are required to have a whistleblower policy in place by 1 January 2020, the way they handle whistleblower complaints will need to change to comply with the new laws.
Regardless of whether entities are required to have a whistleblower policy in place, the way they handle whistleblower complaints will need to change to comply with the new laws.
The identity of a whistleblower or information that is likely to lead to the identification of the whistleblower must be kept confidential unless:
Information that may lead to the identification of the whistleblower may only be disclosed if it is reasonably necessary for the purposes of investigating the disclosure, and all reasonable steps are taken to reduce the risk that the whistleblower will be identified.
The law prohibits detrimental conduct against a whistleblower. Detrimental conduct is conduct that causes detriment to an individual, and includes making threats to cause any detriment to an individual.
Detriment includes:
The confidentiality obligation and the obligation not to engage in detrimental conduct apply not only to regulated entities but to their employees and officers.
The following entities must implement compliant whistleblower policies by 1 January 2020:
A company is a large proprietary company if it and any entities it controls meet two or more of the following thresholds:
ASIC will be surveying whistleblower policies from a sample of public companies, large proprietary companies and corporate superannuation trustees during 2020 to review compliance with the legal requirements and to monitor the good practice requirements.
Public and large proprietary companies will be liable where they fail to have a whistleblower policy in place by 1 January 2020.
ASIC Regulatory Guide 270 (RG 270) sets out the components that a whistleblower policy must include to comply with the laws. These include:
The matters set out above are meant to reflect all stages of the whistleblowing process.
A compliant whistleblowing policy must also cover:
Applicable penalties under the Corporations Act are as follows:
Criminal penalties:
Pecuniary penalties:
Criminal penalties:
Pecuniary penalties:
Criminal penalties:
No pecuniary penalties are available.