Insights + Resources

December 23, 2019

New Whistleblower Policy: 10 Key Points To Note!

All public companies have until 1 January 2020 to comply with the new whistleblower policy requirements enacted by Part 9.4AAA of the Corporations Act 2001 (Cth) and amendments to the Taxation Administration Act 1953 (Cth). This requirement carries a $126,000 (body corporates) or $12,600 (individuals) penalty for non-compliance, making it important for public companies to ensure that they have a legally compliant and up-to-date whistleblower policy.

The new changes were enacted by the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Cth) and commenced operation on 1 July 2019. ASIC released a detailed guide in November 2019 outlining these new requirements, which are distilled below.

New Requirements: Summary

1.    Purpose of the Policy, s 1317AI

The Policy must include a brief explanation about the purpose of the policy.

2.    Policy Application, s 1317AI(5)(a)

The policy must identify the different types of disclosers within and outside the entity who can make a disclosure that qualifies for protection (i.e. ‘eligible whistleblowers’).

3.    Matters the policy applies to, s 1317AI(5)(a)

The policy must:

  • Identify the types of wrongdoing that can be reported based on the entity’s business operations and practices;
  • Identify the types of matters that are not covered by the policy (e.g. personal work-related grievances); and
  • State that disclosures that are not about ‘disclosable matters’ do not qualify for protection under the Corporations Act.
4.    Who can receive a disclosure, s 1317AI(5)(b)

The policy must:

  • Identify the types of people within and outside the entity who can receive a disclosure that qualifies for protection;
  • include information about who a discloser can contact to obtain additional information before making a disclosure.
5.    How to make a disclosure, s 1317AI(5)(b)

The policy must:

  • Include information about how to make a disclosure;
  • outline the different options available for making a disclosure, which should allow for disclosures to be made anonymously and/or confidentially, securely and outside of business hours;
  • include information about how to access each option, along with the relevant instructions; and
  • advise that disclosures can be made anonymously and still be protected under the Corporations Act.
6.    Legal protections for disclosers, s 1317AI(5)(a)

The policy must include information about the protections available to disclosers who qualify for protection as a whistleblower, including the protections under the Corporations Act. These protections are:

  • Identity protection (confidentiality);
  • protection from detrimental acts or omissions;
  • compensation and remedies; and
  • civil, criminal and administrative liability protection.
7.    Support and practical protection for disclosers, s 1317AI(5)(c)

The policy must outline the entity’s measures for supporting disclosers and protecting disclosers from detriment in practice, and provide examples of how the entity will:

  • Protect the confidentiality of a discloser’s identity; and
  • Protect discloses from detrimental acts or omissions.
8.    Handling and investigating a disclosure, s 1317AI(5)(d)

The policy must:

  • Include information about how the entity will investigate disclosures that quality for protection; and
  • outline the key steps the entity will take after it receives a disclosure, including how it:
    • Investigates a disclosure
    • Keeps a discloser informed; and
    • Documents, reports internally and communicates to the discloser the investigation findings.
9.    Ensuring fair treatment of individuals mentioned in a disclosure, s 1317AI(5)(e)

The policy must include information about how the entity will ensure the fair treatment of employees who are mentioned in a disclosure that qualifies for protection, including those who are the subject of a disclosure.

10.    Ensuring the policy is easily accessible, s 1317AI(5)(f)

The policy must:

  • Cover how the policy will be made available to the entity’s officers and employees; and
  • outline the entity’s measures for ensuring its policy is widely disseminated to and easily accessible by disclosers within and outside the entity.

 Entities are expected to establish a whistleblower policy that is aligned to the nature, size, scale and complexity of the entity’s business, supported by processes and procedures for effectively dealing with disclosures and uses positive language that encourages the disclosure of wrongdoing. A whistleblower policy is important for an entity’s broader risk management and corporate governance framework. Periodically reviewing whistleblower policies is strongly recommended, especially as existing policies will unlikely comply with new laws.

If you have any questions or concerns involving the new whistleblower policy requirements, please contact us below.

Close Btn Created with Sketch.


Straight to your inbox on legal and business developments set to disrupt and transform.