How To Prepare Your Business For The New Whistleblower Legislation
Many things have changed since Australia’s first Whistleblower protection laws were introduced in Queensland following the recommendations of the Fitzgerald Inquiry. Later, an important step was represented by the passage of the Public Interest Disclosure Act 2013, which consisted of the adoption of federal legislation in the field.
Currently, a new era for Whistleblower in Australia is approaching as amendments to the Corporations Act 2001 and Taxation Administration Act 1953 have been implemented, starting with 1 July 2019. In short, people who are eligible Whistleblowers benefit from increased protection by prohibiting disclosure of their identity and criminalising a wide range of conduct that is considered detrimental to a Whistleblower. Those breaking the law should expect significant civil and criminal sanctions.
As a business owner, the new Whistleblower legislation should be of great interest to you as the number of persons who can be eligible Whistleblower in relation to your company is very large. Let’s see what some of the most important changes in Australian Whistleblower legislation are:
Who can be an eligible Whistleblower?
The definition of the eligible Whistleblower includes “an officer, employee, associate or supplier (and the supplier’s employees) of an Australian incorporated company or foreign company registered in Australia.” The recent changes have expanded the number of people who can be eligible Whistleblower by covering individuals who are currently or previously in a relationship with a company – they can even be relatives of contractors or former employees.
Who is an eligible recipient?
Senior managers of an Australian company or senior managers of companies in a group with subsidiaries in Australia can be eligible recipients and these persons need to ensure the Whistleblower identity’s confidentiality and prevent detrimental action to the Whistleblower. These managers need to be trained to properly deal with disclosures and meet their obligations under the Australian whistleblowing laws. There are three conditions that need to be met in order to obtain protection:
- The person making a disclosure is an “eligible Whistleblower” – he or she should be an officer, employee, associate, suppliers, or employer of the supplier
- The eligible Whistleblower makes a “protected disclosure” – it implies the existence of reasonable grounds to suspect that the disclosure concerns misconduct or an improper state of affairs or circumstances in relation to the regulated entity
- The disclosure is made to an “eligible recipient” – officers, senior managers, auditors, or actuaries of the regulated entity or a related body corporate
- Stronger protection ensured for Whistleblower.
Updated protection for people who expose information or activity that is illegal, unethical, or not correct includes anonymity, protection against detriment through victimisation, and increased immunities against prosecution. The requirement of acting in good faith to be protected is no longer in effect, but Whistleblower need to have reasonable grounds to suspect misconduct.
Protection is now also offered if the Whistleblower discloses information about other matters than criminal breaches, such as breaches of tax laws or laws administered by ASIC and APRA. Furthermore, now it is allowed to report conduct which indicates systemic issues even if it’s not illegal. However, protection is not provided for disclosures related to personal employment or workplace grievances like disciplinary decisions or interpersonal conflicts.
When do the amended laws apply?
The new Whistleblower legislation will apply to disclosures even if the disclosed conduct occurred before the commencement date. Amended victimisation and compensation provisions apply to protected disclosures made at any time on condition that the victimisation in respect of the disclosure occurred after the commencement date.
What you need to do?
Even if changes in the Whistleblower legislation have been implemented starting with July 2019, you will have until 1 January 2020 to update your current whistleblowing policy and create a new, compliant one. The large majority of businesses will need to do that as it is unlikely that existing whistleblowing policies will comply with the new requirements. Here are the main steps you need to take to become compliant with the recently-introduced Whistleblower legislation:
Make sure you have a complete policy
The policy needs to be made available to officers and employees and provide for protection available to Whistleblower, the persons who can receive disclosures qualifying for protection under the Corporations Act, the supports offered by companies to Whistleblower and how they are protected from detriment, the investigation of protected disclosures, ensuring fair treatment for employees who are mentioned in protected disclosures, making the policy available to officers and employees, and other matters prescribed by regulations.
Not all companies are obliged to have a Whistleblower policy, but having one is extremely useful in case a Whistleblower event arises considering that the new Whistleblower legislation in complex and comes with severe penalties.
A Whistleblower policy should comply with section 1317AI and meet the following conditions: stating the protections available to Whistleblower, determining how and to whom an individual can make a disclosure, showing how investigations into a disclosure will proceed, informing on how the company will support and protect Whistleblower, ensuring the fair treatment of employees mentioned in Whistleblower disclosures, and providing for how the policy will be made available. Additionally, a Whistleblower policy should include the scope to conduct investigations internally and externally, and address client legal privilege. Since confidentiality is deemed highly important, a policy should include a process to determine whether an eligible Whistleblower consents to be identified during an investigation.
In order to create a compliant Whistleblower policy, you should use for guidance the following principles, stated in the ASX Corporate Governance Principles and Recommendations (if you are an ASX-listed company): linking to company values, determining the types of concerns that may be reported under the policy, providing for training employees about the policy, providing for training managers and other persons who may receive Whistleblower reports, and taking care to review the policy periodically to make sure it is effective.
There are two types of training you need to offer to your staff in order to comply with the new Whistleblower legislation: training for “eligible recipients” – senior managers, officers, and other persons authorised to receive disclosures from Whistleblowers – and training for eligible recipients that should cover processes for responding to disclosures. As for eligible recipients operating outside your company (auditors, actuaries, tax agents, etc.), you are not expected to provide training to them but your employees may inform them on their obligations under the new laws.
Update Whistleblower procedures
As a result of the recently-implemented Whistleblower legislation, companies will have to complete a thorough analysis of their existing Whistleblower procedures and update or replace them. The aim of the legislation is to make sure Whistleblower information is stored securely and is compliant with privacy laws.
Making sure you are compliant with the new Whistleblower legislation can look overwhelming at the first sight, and the process of creating and implementing a policy can turn to be rather complex and lengthy. This is where Creative Quality Solutions, your first choice in compliance matters, can help!
The experts at Creative Quality Solutions have designed flexible packages for companies needing to update their existing Whistleblower policy or to create a new one to ensure a compliant whistleblowing process. Due to our regulatory expertise, we can offer reliable legal advice on the new Whistleblower legislation and regime to minimise risk to your organisation and its staff.