New Whistleblower laws: what you need to be thinking about

Whistleblower reform is underway in Australia after the Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2017 (Bill) was passed on 19 February 2019.

The new law is likely to commence on 1 July 2019, assuming Royal Assent is given by 1 April 2019. If this occurs, the obligation for public companies to have a compliant whistleblower policy will apply from 1 January 2020 (potentially later for large proprietary companies).

We have set out below a number of the key changes that the new law will introduce and, more importantly, what organisations should be thinking about in terms of implementing these changes in your business. There have been a number of changes to the new law since the initial Bill was first read in December 2017 so, even if you have previously considered the new law in one of its former iterations, you should now consider the final version.

Breach of the new law will carry a number of consequences, with some of the provisions being both civil penalty provisions and criminal offences. In line with the recent passing of the Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Bill 2018 (Cth) (the Penalties Bill), the penalties under the new law have been increased and are significant. Given the current increased focus on corporate governance and culture, a failure to comply may also carry significant reputational issues.

For further information about the new law, how it changes the current law and/or the steps that you should be taking in relation to the new law (as amended), please don’t hesitate to contact one of the authors of this article (details below).

What are the key changes introduced by the new law?

The new law introduces a number of changes to the existing protections. The key changes include:

1. Easier for a disclosure to be protected: As we described in our coverage of the initial draft of the Bill (see here), the new law makes it easier for a whistleblower to make a protected disclosure by:
   • broadening the categories of eligible whistleblowers (e.g. to include former employees, associates and relatives);
   • broadening the categories of people whistleblowers can report to. The initial draft of the Bill proposed to make anyone who supervised or managed an employee an eligible recipient. This has been removed in the final version of the new law and replaced with ‘senior managers’;
   • broadening the range of disclosures that will qualify for protection to include where the whistleblower has reasonable grounds to suspect that the disclosed information concerns misconduct or an improper state of affairs in relation to an entity. Again, the final version of the new law is narrower than the initial draft of the Bill as it introduces an exception for certain personal work-related grievances; and
   • removing requirements that whistleblowers identify themselves and make their disclosure in good faith.

2. Emergency and public interest disclosures: Disclosures to parliamentarians and journalists will be protected in certain limited circumstances of emergency and public interest.
3. Broader range of confidentiality exceptions: Strict requirements in relation to preserving the confidentiality of a whistleblower’s identity are maintained, but some limited flexibility has been introduced in relation to the investigation of disclosures.
4. Easier to claim compensation: It is easier for victimised whistleblowers to claim compensation, including with the introduction of a reversed onus of proof on parties responding to a claim and a broader range of remedies that may be ordered by the Courts.
5. Higher penalties: In line with the Penalties Bill, there are more significant penalties for both individuals and companies. The confidentiality protection and non-victimisation protections are both civil penalty provisions (carrying significant pecuniary penalties for both individuals and companies) and criminal offences if breached. The criminal offences will carry monetary penalties for both companies and individuals and potentially imprisonment for individuals. It will also be an offence to not have a whistleblower policy.
6. Whistleblower policy. Public and large proprietary companies are required to have a whistleblower policy that contains certain prescribed information. This is in addition to similar proposed recommendations contained in the consultation draft of the 4^th edition of the ASX Corporate Governance Principles and Recommendations.

Practically, what do I need to be thinking about?

Implementing a compliant policy is an obvious next step, but that alone will not be enough to adequately respond to the changes. Some of the other things organisations should be thinking about include:

1. Effective processes and procedures. Processes for disclosures to be identified, escalated, assessed, investigated, actioned and reported on need to be effective and robust.

As part of this, it is necessary to clearly define and distribute roles and responsibilities within an organisation with respect to a whistleblower program, including who will be responsible for receiving, investigating and making decisions on disclosures.

In addition to allowing for the effective resolution of disclosures, having such processes in place and communicating them to staff will encourage confidence in the program and support a ‘safe to speak up’ culture.

2. Robust investigation practices. Investigating disclosures can raise particular challenges for organisations, in light of:
   • strict confidentiality requirements; and
   • the importance of taking reasonable precautions, and exercising due diligence, to avoid a whistleblower suffering detriment as a result of their report.

An investigation framework should be set up which has regard to the bespoke considerations that arise in this context.

Further, careful thought should be given to how disclosures should be triaged – for example, whether they will be investigated as a whistleblower disclosure, or whether it is appropriate that they be investigated pursuant to other processes (e.g. where the disclosure solely concerns a personal work-related grievance).

3. Oversight and reporting mechanisms. It is imperative for the Board and senior management to be appropriately aware of financial and non-financial risks in the organisation. Reporting on concerns raised by whistleblowers forms part of this.

Organisations will need to consider the form and frequency that such reporting will take, and the data and metrics that need to be tracked, whilst ensuring any confidentiality requirements under law are met.

4. Training staff. Front-line staff who will have responsibilities under a whistleblower program (e.g. those receiving and investigating disclosures) need to be trained in how to effectively support the program and meet their legal obligations, while encouraging a ‘safe to speak up’ culture. Boards and senior executives should also be provided with training on the importance and requirements of a whistleblower program.

Further, all staff should be made aware of the whistleblower program through company-wide training, including in relation to how to make a disclosure and the rights and process and protections that will apply to protected disclosures.

We can assist in setting up the frameworks needed to support the actions set out above.

What’s next for whistleblowing laws?

While the new law represents a large step forward in Australian whistleblower reform, we expect this to be an area to of continued regulatory development.

Labor has announced that, if elected, it will:

• set up a Whistleblower Rewards Scheme;
• establish a Whistleblower Protection Authority;
• consolidate existing whistleblowing laws into a single Whistleblowing Act; and
• fund a special prosecutor.

The new law itself requires a review of the new laws after 5 years. The debate of the Bill in Parliament has suggested the first three of these further amendments are to be considered in the next review.

Organisations will need to continue monitoring developments in this space.