Changes to whistleblower protections: What every employer needs to know

The right of individuals to disclose wrongdoing has long been stymied by the conflicting right of employers keeping confidential information, confidential. This conflict has been recently highlighted by the plight of Richard Boyle who is currently facing a 161 year prison sentence for blowing the whistle on the Australian Tax Office. His decision to disclose confidential information regarding the conduct of the ATO, has come at a significant cost to him. It is also clear that the failure to protect whistleblowers has had a real detriment to the disclosure of problematic conduct.

The Federal Government has attempted to address this issue by balancing the interests of employers in protecting their confidential information, and the right of employees to raise real issues of concern. On 1 July 2019, the Treasury Laws Amendment (Enhancing Whistleblower Protection) Act 2019 (“the Act”) came into full force and effect and will impact almost every Australian business.

The new law aims to simplify the existing complex framework of whistleblower laws and create a single, strengthened whistleblower protection regime covering the corporate, financial and credit sectors. Accordingly, in this week’s article, we examine the implications of the Act and provide tips on what employers should be doing in order to comply with the Act.

Brief overview and key amendments

Australia’s whistleblower protection laws have long been criticised for not offering whistleblowers sufficient protection and as such, the new law aims to improve, expand and strengthen the whistleblower laws. The Act will amend the Corporations Act 2001 (Cth) and a number of other relevant legislation, including the Taxation Administration Act 1953 (Cth).

In brief, the Act will extend the group of people who can make disclosures as well as broaden the types of conduct whistleblowers can disclose. It also provides for anonymous disclosures, strengthens immunities for whistleblowers, increases penalties in relation to breaches of the protections provided by the new legislation. Most importantly however, are the new requirements for public and large proprietary companies to have an appropriate policy in place by 1 January 2020.

Eligible whistleblower

Under the new Act, an eligible whistleblower now includes:

• An officer of the organisation;
• An employee of the organisation;
• An individual who has a contract to supply goods or services to the organisation (whether paid or unpaid);
• An employee of a supplier of a contract of goods or services to the organisation (whether paid or unpaid);
• An individual who is an “associate” of the organisation (as defined in the Corporations Act 2001 (Cth);
• In addition, it also includes:
  • a relative of any of the above (e.g. a spouse, child or dependant);
  • any person or organisation who formerly held any of the above positions – i.e. former director, officer, employee and contractor.

There is also no requirement under the Act for the whistleblower to provide their name when making a disclosure to qualify for the protection provided under the Act.

Disclosable matters

Disclosable matters include where the whistleblower has reasonable grounds (previously “good faith”) to suspect the information concerns misconduct or an improper state of affairs for a regulated entity. These include companies, banks, insurers and superannuation trustees.

In addition to the broad definition of disclosable matter, disclosable matters include information which indicates that the regulated entity (or an officer or employee) has engaged in conduct contravening relevant legislation, such as offences against or contraventions of:

• The Corporations Act 2001 (Cth);
• The ASIC Act 2001 (Cth);
• The Banking Act 1959 (Cth);
• The Financial Sector (Collection of Data) Act 2001 (Cth);
• The Insurance Act 1973 (Cth);
• The National Consumer Credit Protection Act 2009 (Cth); and
• The Superannuation Industry (Supervision) Act 1993 (Cth).

It will also include information that:

• Constitutes an offence against any other law of the Commonwealth that is punishable by imprisonment for a period of 12 months or more;
• Represents a danger to the public or the financial system; or
• Is prescribed by the regulations.

We note the Act specifically excludes protection for disclosures which relate to personal work-related grievances.

Eligible recipient of a disclosure

An eligible recipient of a protected disclosure includes:

• An officer or senior manager;
• ASIC;
• APRA;
• A prescribed Commonwealth authority;
• An auditor;
• An actuary; and
• A person authorised to receive disclosures.

The Act also allows for public interest and emergency disclosures to be made to a member of Parliament and to journalists. This may only occur in specific circumstances outlined in the Act.

Protections for whistleblowers

If the specified criteria is met in accordance with the Act, a whistleblower will receive certain protection including the maintenance of the confidentiality of the whistleblower’s identity without their consent. In addition, the Act makes it an offence to engage in conduct which causes detriment to a person due to a belief or suspicion that a person made, or proposes to make, a qualifying disclosure. The definition of detriment includes dismissal, injury within employment, alteration of an employee’s position to his/her disadvantage, discrimination, harassment or intimidation of a person, harm/injury to a person, damage to property, damage to person’s reputation, damage to a person’s business or financial position and victimisation which may be directed either to the whistleblower or certain persons associated with them (e.g. family member).

Whistleblowers will also receive immunity, meaning any information disclosed will not be admissible against them.

A discloser may claim compensation for contraventions of the protections offered under the Act.  It is also important to note that as set out above, there is specific criteria regarding who is an eligible whistleblower and what is a “disclosable matter” under the Act. A discloser who gets it wrong will lose the protection offered under the Act.

However, breaching a discloser’s anonymity and/or engaging in detrimental conduct towards a whistleblower or potential whistleblower, will carry significant civil penalties. Failure to comply with these provisions are also criminal offences and punishable by imprisonment and/or fines. It is therefore vital for employers to ensure that all senior employees who qualify as eligible recipients of a protected disclosure, know that they are such recipients and receive training on what to do in circumstances where a protected disclosure is made. In this regard, employers and the eligible recipients will not be able to rely, as a defence, that they did not know what to do in relation to a whistleblower disclosure. The Act imposes significant consequences if staff do not deal with the protected disclosure correctly, for example civil penalties for a breach of confidentiality of the whistleblower’s identity.

Key takeaways for employers

The Act requires public companies and large proprietary companies to implement a whistleblower policy by 1 January 2020. Employers should begin to draft and implement whistleblower policies and processes now to ensure they are in compliance with the new law.

The policy must include information about:

• The protections available to whistleblowers;
• Who protected disclosures may be made to;
• How the company will support whistleblowers and protect them from detriment;
• How the company will investigate protected disclosures;
• Information about how the company will ensure fair treatment of employees of the company who are mentioned in protected disclosures, or to whom such disclosures relate;
• Information about how the policy is to be made available to officers and employees of the company; and
• Any other matters prescribed by the regulations.

Failure to comply with the requirement to implement a whistleblower policy will incur a penalty of 60 penalty units (currently $12,600). In addition, it is vital that eligible recipients of protected disclosures are aware of their obligations and are able to:

• Recognise a disclosure as falling under the protections of the legislation;
• Know how to respond; and
• Know how to escalate the matter without offending the protections afforded by the Act.

As such, it is vital that employers consider the following matters:

• The internal process for identifying recipients of protected disclosures;
• Provide training to the potential recipients regarding their obligations;
• Develop a process for dealing with protected disclosures appropriately;
• Organisations that operate in multiple jurisdictions should consider whether a ‘one size fits all’ approach is appropriate given that there may be key differences in relation to whistleblower protections in the different international jurisdictions – it is likely multinationals may have a whistleblower policy in place but the organisation will be required to ensure it has a policy for Australia to comply with the Act;
• Establish a procedure in circumstances where the disclosure is about the person designated to receive disclosures;
• Consider Board reporting processes in relation to whistleblowing; and
• Consider what support the organisation may offer to whistleblowers such as counselling and/or paid leave if appropriate.

We also recommend providing training to all staff as to how the new whistleblower regime works and in addition the operation of the employer’s whistleblower policy including the internal processes for disclosing and investigating such matters and the protections offered to eligible whistleblowers.

If you wish to discuss any aspect of this article or require assistance to implement an appropriate whistleblower policy and/or provide training to your workforce, please do not hesitate to contact us.

This alert is not intended to constitute, and should not be treated as, legal advice.