Commencement of New Whistleblower Laws on 1 July 2019

Recent Media Focus on Whistleblowing

On Sunday 23 June 2019, non-government organisations across the world that advocate for whistleblower protections marked the annual World Whistleblowers Day. According to Transparency International, “in February this year, Australia set a new standard in private sector whistleblower protection. Companies there now have to proactively put in place protections to that [sic] will safeguard people who speak out.”

Transparency International goes on to suggest that the next step should be to provide the same level of protection to government employees.

There has been much discussion in Australia recently about protections for public sector whistleblowers and for journalists, with The Australian [see subscriber content] reporting recently that the Commonwealth Attorney-General, the Hon Christian Porter MP, plans to reform the Public Interest Disclosure Act 2013 (Cth) (PID Act). This article follows wide reporting of raids by the Australian Federal Police on the ABC, following disclosures by a former Australian Defence Force employee, who will stand trial on several charges relating to his disclosure of information about the actions of Australian special forces in Afghanistan.

In a Federal Court decision handed down in April this year, the PID Act was described as “a statute which is largely impenetrable, not only for a lawyer, but even more so for an ordinary member of the public or a person employed in the Commonwealth bureaucracy”.

Whistleblowing Under the Corporations Act

On our Whistleblower Resource Page, we provide links to articles and the two-part webinar presented by Katharine Wilkinson, Head of Corporate and Financial Services at CompliSpace, on the implications of the expanded whistleblower protections in Part 9.4AAA of the Corporations Act 2001 (Cth) (Corporations Act). From 1 July 2019, heavy civil and criminal penalties may apply if companies fail to:

  • keep the identity of an “eligible whistleblower” confidential (except in circumstances where the Corporations Act recognises the disclosure of their identity to be “authorised”); or
  • protect an “eligible whistleblower” from being victimised following the making of a disclosure that qualifies for protection.

Under the amended whistleblower provisions, a greater range of disclosures will qualify for protection than previously. For example, “eligible whistleblowers” will now include former, as well as current, officers, employees and suppliers of services or goods (who may be paid or unpaid), their relatives and dependants, and the dependants of their spouses.

Requirement for a Whistleblower Policy

From 1 January 2020, public companies and large proprietary companies (for which the thresholds have changed, as noted below) will also face criminal penalties if they do not have in place a whistleblower policy that provides information about:

  • the protections available to whistleblowers, including the protections under Part 9.4AAA
  • to whom and how disclosures that qualify for protection may be made
  • how the company will support whistleblowers and protect them from detriment
  • how the company will investigate disclosures that qualify for protection
  • how the company will ensure fair treatment of employees who are mentioned in qualifying disclosures
  • how the policy will be made available to officers and employees

as well as any other matters that are prescribed in regulations made under the Corporations Act in relation to the whistleblower laws. Regulations — which the Corporations Act states may also be made regarding “eligible whistleblowers”, “regulated entities” and “eligible recipients”, the type of conduct that is the subject of a qualifying disclosure, and circumstances where it disclosure of a whistleblower’s identity is “authorised” — have not been made to date.

Changes to Thresholds for “Large” Proprietary Companies

Also from 1 July 2019, the thresholds for determining whether an Australian proprietary company is a large proprietary company were raised. A proprietary company that satisfies at least two of the following will be a large proprietary company for a financial year if:

  • the consolidated revenue for the financial year of the company and any entities it controls is $50 million or more (increased from $25 million)
  • the value of the consolidated gross assets at the end of the financial year of the company and any entities it controls is $25 million or more (increased from $12.5 million)
  • the company and any entities that it controls have 100 employees at the end of the financial year (increased from 50).

Effective Complaints Handling Procedures

It has often been noted that many whistleblowers raise concerns internally in the first instance, making public disclosures when other avenues have been exhausted. To be able to address issues early and thoroughly, it is critical for companies to have in place robust policies and procedures for handling complaints and receiving notifications of compliance breaches. An essential component is ensuring that those who raise concerns are informed of how their concerns are being looked into and addressed.

The Australian Securities and Investments Commission (ASIC) is proposing changes to its Regulatory Guide 165 Licensing: Internal and external dispute resolution, including reflecting the guidelines for effective complaint management in Australian Standard AS/NZS 10002:2014 Guidelines for complaint management in organisations. The proposed changes include:

  • expanding the definition of “complaint”
  • introducing a requirement to record all complaints received
  • reducing maximum time frames for internal dispute resolution (IDR) responses
  • setting standards about what should be included in written reasons for decisions
  • new requirements for determining whether a complaint has been resolved to a complainant’s satisfaction
  • new requirements to identify and escalate possible systemic issues
  • a new framework for reporting complaints data to ASIC.

ASIC invites feedback on its Consultation Paper 311 by 9 August 2019 and proposes to publish a revised regulatory guide and legislative instruments in December 2019. A further, separate consultation on the publication of IDR data will commence in early 2020.

Whistleblower Disclosures to Regulatory Bodies

On 1 July 2019 ASIC updated the guidance it provides to whistleblowers on its website, including issuing two new information sheets, Information Sheet 238 Whistleblower rights and protections and Information Sheet 239 How ASIC handles whistleblower reports and creating an online misconduct reporting form. ASIC’s guidance includes the following key points:

  • ASIC does not provide legal advice as to whether the whistleblower protections apply and encourages people to seek their own legal advice about the rights or remedies available to them.
  • ASIC’s primary role is to investigate reports of misconduct and investigate them where appropriate and within ASIC’s regulatory responsibilities. ASIC will also investigate allegations that a whistleblower’s confidentiality has been breached or that they have experienced or threatened with detriment for making a disclosure. But ASIC does not act for the whistleblower in such cases (for example, to seek reinstatement where a whistleblower has been dismissed, or to seek compensation for loss or damage suffered) nor can ASIC investigate every allegation it receives. ASIC’s focus is on the alleged misconduct engaged in by the regulated entity.
  • Recognising that the whistleblower protections allow for an eligible whistleblower to report misconduct to ASIC even if the misconduct is outside ASIC’s remit, ASIC advises that in those cases it will generally encourage the whistleblower to directly contact the responsible regulatory body.
  • Reports to ASIC may be made anonymously, but in such cases ASIC will not be able to follow up with the whistleblower for further information or to advise them what action may be taken in response to the information they have provided.
  • ASIC communicates with people who report misconduct to it, but may not be able to tell them what specific action may be taken in response.
  • While companies may prefer whistleblowers to use a whistleblower complaints service or hotline they have established, whistleblowers are entitled under the legislation to choose to make their disclosure to an “eligible recipient” such as an officer, senior manager, auditor or actuary.
  • The protections in the Corporations Act include protection from legal action for making a whistleblower disclosure, but not protection from legal action for any misconduct the whistleblower was involved in that is revealed in the disclosure. ASIC advises that where a person voluntarily reports their involvement in corporate misconduct, ASIC will take their cooperation into account when considering what action to take regarding the wrongdoing.
  • ASIC has established an Office of the Whistleblower to look into whistleblower reports, communicate with whistleblowers during ASIC’s inquiries and liaise with other regulators and industry stakeholders.

The Australian Prudential Regulation Authority (APRA) provides some brief information for whistleblowers on its website. Similar to ASIC, APRA indicates that while it accepts information provided anonymously, it is preferable that contact details be provided, to assist any investigation. APRA also states that “all information provided in good faith by a member of the public is appreciated in that it assists APRA to carry out its regulatory function in a more effective and efficient manner”. We note, however, that good faith is no longer a statutory requirement for invoking the whistleblower protections.

Financial Services Updates

Financial Services Updates