As we have seen from the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry and the Royal Commission into Aged Care Quality and Safety, a culture of integrity and having the related frameworks, processes and controls in place to support ethical behaviour is becoming more and more vital to companies. Legislation which came into effect 1 January 2020 means whistleblowing framework and program should be in place, but are they operating effectively and as intended? Does your whistleblowing framework support a culture of integrity?

What’s happened?

Following our articles last year Whistleblower Reforms - what do they mean and are you ready? and Impact of New Whistleblowing Laws, the Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2018 was passed by the House of Representatives on 19 February 2019, which significantly amend provisions in Part 9.4AAA of the Corporations Act 2001.

By now, companies should be aware of their increased compliance obligations and associated risks, and be looking to whether their whistleblowing framework is being effectively adopted and embedded as part of their employee and supplier integrity framework.

What’s new?

In summary, a much broader group of people can now be whistleblowers and be protected from victimisation for disclosing a broader range of suspected wrongdoing to a larger group of authorised recipients.

Key changes are highlighted below:

  • For a whistleblower to qualify for protection:
    • that person can be a former trustee, officer, employee or contractor
    • that person can now also be a current or former supplier
    • that person can now also be a relative or dependent of a current or former officer, employee, contractor or supplier
    • that person no longer needs to be acting in good faith
    • that person no longer has to disclose their identity
  • An eligible recipient of a qualifying whistleblower’s disclosure has been expanded to include:
    • an internal auditor (in addition to an external auditor)
    • an actuary (of a superannuation entity)
    • in certain circumstances, a journalist or parliamentarian
    • a lawyer for the purposes of obtaining legal advice
  • Conduct that qualifies for protection:
    • will now generally exclude work-related grievances
    • will now include a much broader range of misconduct beyond contraventions of the Corporations Act and ASIC Act, including contravention of any law administered by ASIC and/or APRA and any conduct that represents a danger to the public or the financial system
  • A corporate defense to a whistleblower’s claim for compensation where it can be shown that:
    • no reasonable steps could have been taken to avoid detrimental conduct; or
    • reasonable steps were taken to avoid detrimental conduct.
  • All public companies, large proprietary companies, and registerable superannuation entities will be required to have a whistleblowing policy in place which is communicated to officers and employees
  • Amends the Taxation Administration Act 1953 so that the Corporations Act 2001 now provides a regime to protect and compensate individuals who report breaches or suspect breaches of the tax law or misconduct in relation to an entity’s tax affairs
  • The Corporations Act whistleblowing provisions now covers financial sector whistleblowers in entities regulated by one or more of the Corporations Act, the ASIC Act, the Banking Act, the Life Insurance Act, the Insurance Act, the Superannuation Industry (Supervision) Act, the National Consumer Credit Protection Act, and the Financial Sector (Collection of Data) Act
  • Significant penalties from $12,600 for individuals failing to implement a whistleblowing Policy to $10.5million for victimisation of a whistleblower by a company

The legislation came into effect on 1 January 2020.  Companies should have completed or, at the very least, be very progressed on implementing a compliant whistleblowing framework and policy.

What should companies do?

To ensure your company complies with these new obligations, as a minimum there are a number of things your organisation needs to do:

  • Identify and assess the Whistleblowing Framework (including your Corporate Risk Register) currently in place and determine what gaps exist compared to the new regime as well as best practice Australian Standard 8004-2003 Whistleblowing Protection Programs for Entities
  • Remedy gaps in your current Whistleblowing Framework, including ensuring that an appropriate Whistleblowing Policy is in place and that it can be demonstrated to have been effectively implemented and maintained, including training and consideration of an independent reporting hotline
  • As part of the Whistleblowing Policy and broader Framework, ensure that adequate internal controls, policies and procedures are in place to protect eligible whistleblowers confidentiality and protect them from victimisation
  • Ensuring your company has a Response Plan in place as to how to manage whistleblowing disclosures, including preliminary assessment to determine if it is an eligible disclosure and what investigation may be required to substantiate and/or refute allegations made.

In addition to the above, the significance of the increased compliance obligations for companies mean they should also consider engaging an independent Conduct Risk Assessment to identify and assess the company’s corporate culture and conduct risks.

This is important for Board Directors and Executive Management to understand historical, current and future conduct risks that could give rise to whistleblowing events.  Importantly, historical conduct risks may exist which could result in whistleblowing disclosures from former employees, who may be entitled to protection.