Australia: Recent whistleblowing case law developments

Two recent judgments highlight the challenges for companies, directors and those managing potential disclosures in navigating whistleblower protections and defending against alleged breaches. At the same time, the judgments also provide important guidance on the parameters of the protections.

Over the past few years, whistleblower protections have been in the spotlight, and we are increasingly seeing individuals raise concerns as whistleblower disclosures. However, despite this trend, many cases have not progressed to a final hearing.

Recently, however, on 21 and 28 February 2025 respectively, two judgments were handed down in the Federal Court of Australia, which for the first time contain detailed and substantive consideration of the interpretation and application of the amendments to Part 9.4AAA of the Corporations Act 2001 (Cth). The cases are Mount v Dover Castle Metals Pty Ltd [2025] FCA 101 (Katzmann J) (Mount), and Reiche v Neometals Ltd (No 2) [2025] FCA 125 (Feutrill J) (Reiche).

Both cases were brought by individuals claiming they had been victimised due to raising whistleblower disclosures. Additionally, Mr Mount also alleged his confidentiality had been breached. Both claimants also alleged breach of employment contract. The cases are factually complex, with both judgments running to over 150 pages.

For a full summary of the cases, issues and implications for employers, companies and directors, you can request a copy of our full briefing note here. Key points to highlight are:

1. Eligible disclosures: Not every alleged disclosure will be an eligible disclosure. Many ordinary business emails and interactions which an individual may later seek to characterise as a disclosure may not rise to the threshold required for a whistleblower disclosure. However, employers should take care, as if they suspect or believe a disclosure may be a protected disclosure, the victimisation provisions apply. Although we have seen a trend of some individuals seeking to characterise past interactions as whistleblower disclosures, the discloser must subjectively believe that the information discloses misconduct or an improper state of affairs, and there must objectively be reasonable grounds to found that belief.
    
2. Confidentiality: This is a factual question as to whether the identity or information which could lead to the identification of the discloser has been disclosed. Merely telling someone about an alleged whistleblower report does not necessarily involve disclosing the identity of its author or information which would likely lead to the author’s identification. Where a disclosure is sent to an eligible recipient and a non-eligible recipient, the eligible recipient must still comply with the obligations (unless an argument of waiver may be raised).
    
3. Non-victimisation under s 1317AD: First, there must be detriment caused to the discloser. This is any form of disadvantage. Secondly, the person engaging in the conduct must have the relevant state of mind – a subjective belief or suspicion the discloser has made, may have made, proposes to make or could have made a protected disclosure. Finally, that state of mind must have actually motivated the person in their reasons for engaging in the detrimental action; that is, it must be a substantive or operative reason for the conduct. Whether the discloser has objectively made a protected disclosure that qualifies for protection under the Act may be relevant in assessing whether the person had the relevant state of mind.
    
4. Burden of proof: A company will have a reverse onus of proof to show that a belief or suspicion that the individual has made, may have made, proposed to make or could make a protected disclosure was not a substantive or operative reason for the detrimental conduct. Decision-makers and other involved will need to establish positive evidence of their reasons for decisions, and companies should expect close scrutiny and cross-examination of the decision-makers and others involved.
    
5. Standing to bring a claim: The cases clarify that only ASIC can bring civil penalty proceedings for a breach of the confidentiality obligation in s 1317AAD or the non-victimisation protection in s 1317AC. Individuals cannot seek pecuniary penalties or compensation orders under those provisions. However, individuals may seek declarations of contraventions of those provisions using the Federal Court’s powers under the Federal Court of Australia Act 1976 (Cth) (noting no reverse onus applies), and may seek orders under s 1317AE if the conditions in s 1317AD are satisfied (which mirror the non-victimisation provisions in s 1317AC). While this limits the claims that individuals may make for a breach of confidentiality, it may see a greater number of complaints to ASIC, and ASIC becoming more active in this space. ASIC has already brought proceedings against TerraCom under the non-victimisation provisions: see our article here on that case.

This follows further potential regulatory reform on the horizon, with the introduction of two bills into Federal Parliament in relation to whistleblower protections on 10 and 11 February 2025 – see our article on this development here.

Employers should continue to monitor these developments and consider the key takeaways, below.

Key takeaways

Notwithstanding that the ability to bring proceedings is narrow, and only arises under s 1317AE for individuals, we expect to continue to see individuals claiming whistleblower protections for disclosures. We may also see an increase in complaints to ASIC regarding confidentiality or victimisation, or to any new body that is formed if the current proposed bills before Parliament are ultimately passed.

While these judgments are helpful in that they make clear that many ordinary business emails and interactions may not rise to the threshold of a whistleblower disclosure, care should be taken and advice sought if it is unclear whether a disclosure is protected.

Further, as the test for whether the victimisation provisions are engaged is subjective, there may be situations where the decision maker still suspects or believes the discloser may or could bring a protected disclosure.

For this reason, employers need to continue to be vigilant in this space, and ensure those who are or may be eligible recipients and/or decision makers are trained and aware of their obligations in relation to confidentiality and non-victimisation of individuals.

Clear records should be kept articulating the reasons for any decision to engage in conduct that may be viewed as detrimental. It is also important to identify with precision who is the decision maker on behalf of the company and ideally processes of delegation should limit the number of people involved in the decision. This is because, like the general protections provisions, each of the decision maker’s evidence will be central to defending any claim.

We expect to see more judicial consideration of these provisions as these matters continue to be raised by individuals, and we will continue to provide updates as developments occur.

Request more