Since 1 January 2020, the Corporations Act 2001 (Cth) (Corporations Act) has required public companies, large proprietary companies,1 and trustees of registrable superannuation entities to have a whistleblower policy. The requirement is set out in section 1317AI of the Corporations Act. A whistleblower policy must cover information concerning:
- the purpose of the policy;
- the protections available to whistleblowers, including protections under the Corporations Act;
- what types of wrongdoing can be reported;
- to whom disclosures that qualify for protection may be made, and how they may be made;
- how the entity will support whistleblowers and protect them from detriment;
- how the entity will investigate disclosures that qualify for protection under the Corporations Act;
- how the entity will ensure fair treatment of its employees who are mentioned in disclosures that qualify for protection, or its employees who are the subject of disclosures;
- how the policy will be made available to officers and employees of the entity;
- any matters prescribed by regulations; and
- the protections provided in the tax whistleblower regime under Part IVD of the Taxation Administration Act 1953 (Cth) (Taxation Administration Act).
An entity that does not have a compliant policy commits an offence: section 1311 of the Corporations Act.
Recent news coverage of a lawsuit concerning allegations of misconduct, bullying and intimidation by a chief executive has highlighted the importance of implementing and following a robust whistleblower policy.
The Australian Financial Review has reported on a confidential letter from a senior executive which raised concerns about alleged misconduct, bullying and intimidatory conduct by the CEO of that company. Within days of receipt of this letter, it was alleged that it had been provided to the subject of the complaint. Irrespective of the truth or substance of the allegations in this particular case, it highlights the important considerations which can arise out of workplace complaints, both in relation to employment policies and whistleblower obligations.
This report serves as a timely reminder to employers of the importance of having a robust and compliant whistleblower policy in place in the workplace, and the need to be mindful of whether it applies in respect of allegations raised in connection with a workplace bullying complaint.
Strict confidentiality is a key component of any effective whistleblower policy. Where a policy has been implemented, employers can best ensure their compliance with any statutory obligations arising under the Corporations Act, and protect themselves from the risk of enforcement action by the regulator, by reviewing their policy and making sure that staff are trained on its contents and practical implications.
ASIC recently wrote to CEOs of public companies, large proprietary companies and trustees of registrable superannuation entities to urge them to renew their whistleblower policies for compliance with the whistleblower protection regime outlined in the Corporations Act.
ASIC expressed concern about a sample of policies which it had reviewed, in particular where they contained ‘unclear, incomplete or inaccurate information’. ASIC reviewed non-compliant policies that:
- merely listed information for the entity’s preferred reporting channels rather than all categories of persons to whom a whistleblower can report misconduct, in order to engage the Corporations Act whistleblower protections;
- inaccurately purported to require whistleblowers to identify themselves or make good faith disclosures in order to qualify for protection; and
- did not describe the available protections fully or accurately.
Whistleblower protections clearly remain a priority area for ASIC. The regulator has indicated that it will be taking an active interest in compliance with the statutory obligations moving forward and relevant entities are on notice.
This article was written by Brad Swebeck, Partner and Amelia Simpson, Law Graduate.
1 A proprietary company is considered a large proprietary company if it has two or more of the following characteristics in a financial year: (a) the consolidated revenue for the financial year of the company and any entities it controls is $50 million or more; (b) the value of the consolidated gross assets at the end of the financial year of the company and any entities it controls is $25 million or more; and (c) the company, and any entities it controls, has 100 or more employees at the end of the financial year: s 45A(3) of the Corporations Act.