Protecting a whistleblower – is your organisation ready?

Overview

ASIC has recently published Regulatory Guide 270, providing guidance on Whistleblowing policies.

This follows on from the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Act), which took effect on 1 July 2019.  We reported in April 2019 on some of the main impacts of these new laws, which amend both the Corporations Act and the tax legislation.

RG 270 is particularly important to large proprietary companies, public companies and superannuation trustees – all of which must have a whistleblowing policy in place by 1 January 2020.  It is also helpful for other companies (for example, small proprietary companies) to understand their legal obligations, which apply even if they are not required to have a written policy.

The intention behind the law and RG270

The underlying intention behind the Act and RG270 is to foster a culture of compliance, in which  whistleblowers feel they can come forward to make a disclosure in a protected environment.  Whistleblowers must have their anonymity preserved and be protected from detriment.    The new laws apply to officers and employees, as well as others connected with the company (including suppliers and associates).

A whistleblower is not protected from the consequences of any earlier illegal behaviour in which they may have been involved.  However, they are protected against liability for (broadly) disclosing information where they have reasonable ground to suspect it concerns misconduct or an improper state of affairs within the company or its group, and the disclosure is made to an officer, senior manager, auditor, actuary or other authorised person of the company.  (External disclosures to some regulators are also permitted in some circumstances).

Some practical issues

The Act requires a regulated entity’s whistleblower policy to contain information about:

• protections available to Whistleblowers;
• disclosures that qualify for protection and how they are made;
• how the company will support whistleblowers and prevent detriment;
• how the company will investigate disclosures;
• how the company will ensure fair treatment; and
• how the policy will be made available to eligible whistleblowers.

Recently, we discussed some of the practical implications of RG270 and the Act a strongly attended seminar arranged by the Law Society in Phillip Street, Sydney.   Some of the issues that came up included:

Reasonable grounds?

While whistleblowers no longer need to make a disclosure in ‘good faith’, they are only protected where they have ‘reasonable grounds to suspect’ that the information indicates misconduct or an improper state of affairs in the company.

‘Reasonable grounds’ is an objective test, i.e. what the hypothetical ‘reasonable person’ would consider enough to give rise to a suspicion.  This may create some significant practical difficulties.  While the whistleblower’s motive is irrelevant (for example a disclosure may still be protected even if motivated by malice), a mere claim or allegation without at least some supporting information may not be ‘reasonable grounds’.

This can mean that a whistleblower may be, effectively, required to conduct an investigation before making a disclosure in order to obtain statutory protection.  By its nature, corporate wrongdoing is rarely recorded, at least in an accessible format.  There have been several recent cases where a whistleblower has conducted an investigation in a manner which is later said to have broken the law.  As above, this a whistleblower is not protected from any such illegal behaviour, meaning it is no defence that the investigation was carried out in order to make a protected disclosure.

Who is eligible to receive a disclosure?

‘Eligible recipients’ are persons who may receive protected disclosures.  As above, ‘eligible recipients’ include officers, senior managers, auditors and actuaries of the company and any other person who is authorised by the company.  ASIC (in RG 270) also endorses the use independent whistleblowing service providers.

Generally, a recipient must not disclose the identity of the whistleblower except in very limited circumstances.  One practical issue arises where a company’s general counsel or inhouse legal team receives disclosures.  This may place the internal lawyer in a potential position of ethical conflict, where they hold a duty of disclosure to their client (the company) will simultaneously having a statutory obligation not to disclose the identity of the whistleblower.

Ethical conflict can also arise where the internal lawyer wishes to make an external disclosure (e.g. to ASIC or APRA).  While external disclosures are permitted in principle, it may be said this violates the lawyer’s ethical obligation to maintain client confidence and preserve legal professional privilege in the matter being disclosed.

Additionally, where the recipient (whether or not a lawyer) wants to make an on-disclosure (for example, higher within the organisation or perhaps to a regulator), they are only protected by the Act if they also have ‘reasonable grounds’ to suspect wrongdoing.  In many cases it is easy to imagine that the recipient will have no direct knowledge of the matter and no means of investigating its merits.  This problem is compounded if the recipient receives an anonymous disclosure.  All this could put the recipient in an invidious position, particularly so in a large corporation with potentially multiple reporting layers.

What is the nature of the obligation to investigate the disclosure?

The legislation does not impose a statutory obligation on the company to investigate the claim.  This can be contrasted with the Public Interest Disclosure Act 2013 (Cth) (PID Act) which applies to government agencies.

While the PID Act mandates a comprehensive investigative framework, the whistleblowing laws do not.  This means that the company must investigate in a way which is consistent with the statutory directors’ duties of care and diligence (Act, section 180) and related statutory and common law duties.  In practice however, this can raise complex issues under employment and workplace law including the requirement to treat the alleged wrongdoer fairly.

What is the position of relatives, dependants and spouses?

Eligible whistleblowers include relatives, dependants and spouses of company officers, employees, suppliers and associates (current or former).

In practice, it may be difficult for these persons to make protected disclosures without this leading to other complications.  In many cases, the only way in which these persons can have knowledge of the information is where there has been a prior breach of some duty of confidentiality – for example, by an employee that discloses wrongdoing to the non-employee spouse.  Because the Act does not protect earlier wrongdoing, this may make it problematic where a third person seeks to make a disclosure.

Next Steps

We are currently assisting organizations in establishing their corporate policies.   As above, all large proprietary companies, public companies and superannuation trustees must update or put in place a compliant whistleblowing policy by 1 January 2020.  In doing so, these entities should have regard to the law including these issues in order to implement a workable and compliant policy.