- Whistleblower Reforms - What do they mean and are you ready?
Proposed changes to the Corporations Act 2001 (the Act) will significantly increase compliance obligations for whistleblower protection for corporate employers.
Civil and criminal penalties apply if a company and/or its individuals fail to manage a whistleblowing disclosure in accordance with the Act. This arises from the Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2017 (the Bill). The Senate Economics Legislation Committee has recommended that the Bill be passed. Under the new regime, businesses will need to ensure their policies, procedures and practices reflect the changes, and also develop robust response plans to proactively prepare for a potential whistleblowing scenario.
More commonly known as someone who provides a ‘tip off’ in an organisation, a whistleblower is generally defined as an ‘insider within an organisation, who reports misconduct or dishonest or illegal activity that has occurred within that same organisation.’
Historically, there have been cases where whistleblowers have attracted adverse media attention with stories of victimisation by their employers. We have seen examples where whistleblowers have tried to raise the alarm on serious misconduct, but faced internal ridicule and sometimes the issues are ‘swept under the carpet’, with careers destroyed for ‘rocking the boat’. We have also seen several cases where whistleblowers have made allegations, which upon investigation, were found to not have been made in good faith and/or not on reasonable grounds, and which caused reputational harm to the companies and individuals involved.
The current situation
Scenario A – How would your company manage this?
A company’s accountant suspects the Chief Financial Officer is hiding unbudgeted expenditure in the financial reports. There is no whistleblowing procedure and they discuss their concerns direct with the company’s auditor who reports the matter to the chair of the audit & risk committee. The chair informs the CFO of the allegation who then fires the accountant. The former accountant then sues the company for wrongful dismissal which is reported in the media….
In summary, Part 9.4AAA of the Corporations Act provides for:
- Confidentiality of information provided by, and the identity of, eligible whistleblowers (unless the whistleblower consents otherwise)
- Protection for whistleblowers from victimisation, including civil and criminal proceedings for having made a qualifying disclosure
- Penalties for failing to protect an eligible whistleblower
The criteria for a whistleblower to qualify for protection will change. The current criteria are:
- The disclosure is limited to a contravention of the Corporations Act or the ASIC Act
- The whistleblower must be a current company officer, employee, contractor or employee of a contractor, must disclose their identity to whom they make their disclosure and make the disclosure in good faith and on reasonable grounds
- The whistleblower must make their report/disclosure to an eligible recipient being ASIC, the company’s auditor or member of the audit team, a director, secretary or senior manager of the company or a person authorised by the company to receive whistleblowing disclosures.
Increasing compliance obligations
Scenario B – How would (and should have) your company manage this?
The company’s former disgruntled CFO reports allegations of fraud to the Australian Federal Police, who after several months appear not to have taken action. The former CFO then reports the allegations to a journalist who commences an investigation. There may be reasonable grounds for the allegations but they don’t appear to have been made in good faith….
The Bill includes significant reforms such as:
- All public companies, large proprietary companies, and registerable superannuation entities will be required to have a whistleblowing policy in place by 1 January 2019
- Expanding the protections to a broader range of potential whistleblowers: former officers, employees or contractors; a relative or dependent of such persons; and in some instances journalists
- Expanding the reporting of a qualifying disclosures to a broader range of eligible recipients, including APRA and the Australian Federal Police
- Expanding reportable contraventions beyond the Corporations Act and ASIC Act, including the Banking Act 1959 and the Insurance Act 1973, as well as an offences against any other laws of the Commonwealth that are punishable by imprisonment for a period of at least 12 months
- Provision for protected emergency disclosure, where a previous qualifying disclosure was made but not actioned with a reasonable period, can subsequently be reported to a member of Federal, State or Territory Parliaments or even a journalist
- The disclosure can be anonymous and create an offence in relation to breaching the confidentiality of a whistleblower’s identity or information leading to their identification
- Removing the requirement that a disclosure is made in good faith, in order to qualify for protection, provided the whistleblower has reasonable grounds for suspecting misconduct or a contravention
- Improved compensation and other remedies for whistleblowers and other persons who suffer damages due to victimising conduct
- A requirement for public companies and large proprietary companies to have a whistleblower policy and to make that policy available to officers and employees of the company
The amendments will apply in relation to whistleblower disclosures made on or after 1 July 2018, including disclosures about events occurring before this date, as well as from 1 July 2018 in respect of victimisation of whistleblowers including rights to compensation and other remedies.
What should companies do?
To ensure your company complies with these new obligations, as a minimum there are a number of things your organisation needs to do:
- Identify and assess what Whistleblowing Framework is currently in place and determine what gaps exist compared to the Bill as well as best practice Australian Standard 8004-2003 Whistleblowing Protection Programs for Entities
- Remedy gaps in your current Whistleblowing Framework, including ensuring that an appropriate Whistleblowing Policy is in place and that it can be demonstrated to have been effectively implemented and maintained, including training and consideration of an independent reporting hotline
- Ensuring your company has a Response Plan in place as to how to manage whistleblowing disclosures, including preliminary assessment to determine if it is an eligible disclosure and what investigation may be required to substantiate and/or refute allegations made.
In addition to the above, the significance of the increased compliance obligations for companies mean they should also consider engaging an independent Conduct Risk Assessment to identify and assess the company’s corporate culture and conduct risks.
This is important for Board Directors and Executive Management to understand historical, current and future conduct risks that could give rise to whistleblowing events. Importantly, historical conduct risks may exist which could result in whistleblowing disclosures from former employees, who may be entitled to protection.
Get in touch with the Grant Thornton team
Our Forensic & Business Risk professionals work with businesses to strengthen, design, implement and maintain Whistleblowing Programs. In particular, we provide Whistleblowing Reporting services, including dedicated telephone hotlines for each client supported by trained forensic professionals. We have expertise in acting as authorised recipients of corporate whistleblowing disclosures, conducting preliminary assessment of disclosures and reporting such to a company’s whistleblower protection officer.
We also undertake investigations to assess and establish facts regarding whistleblowing disclosures and advise on strategies to manage risks, including fraud risk assessments, forensic audits, policy reviews, internal control reviews and employee training.