Whistleblower reform in Australia - new legislation enacted

What are the key changes introduced by the new law?

The new law introduces a number of changes to existing whistleblower protections in Australia. The key changes include:

1. It is easier for a disclosure to be protected: As described in our coverage of the initial draft of the Bill (see here), the new law makes it easier for a whistleblower to make a protected disclosure by:
   • broadening the categories of eligible whistleblowers (e.g. to include former employees, associates and relatives);
   • broadening the categories of people whistleblowers can report to. The initial draft of the Bill proposed to make anyone who supervised or managed an employee an eligible recipient. This has been removed in the final version of the new law and replaced with ‘senior managers’;
   • broadening the range of disclosures that will qualify for protection to include where the whistleblower has reasonable grounds to suspect that the disclosed information concerns misconduct or an improper state of affairs in relation to an entity. Again, the final version of the new law is narrower than the initial draft of the Bill as it introduces an exception for certain personal work-related grievances; and
   • removing requirements that whistleblowers identify themselves and make their disclosure in good faith.

2. Emergency and public interest disclosures: Disclosures to parliamentarians and journalists will be protected in certain limited circumstances of emergency and public interest.
3. Broader range of confidentiality exceptions: Strict requirements in relation to preserving the confidentiality of a whistleblower’s identity are maintained, but some limited flexibility has been introduced in relation to the investigation of disclosures.
4. Easier to claim compensation: It is easier for victimised whistleblowers to claim compensation, including with the introduction of a reversed onus of proof on parties responding to a claim and a broader range of remedies that may be ordered by the Courts.
5. Higher penalties: In line with the Penalties Bill, there are more significant penalties for both individuals and companies. The confidentiality protection and non-victimisation protections are both civil penalty provisions (carrying significant pecuniary penalties for both individuals and companies) and criminal offences if breached. The criminal offences will carry monetary penalties for both companies and individuals and potentially imprisonment for individuals. It will also be an offence to not have a whistleblower policy.
6. Whistleblower policy: Public and large proprietary companies are required to have a whistleblower policy that contains certain prescribed information.  This is in addition to similar proposed recommendations contained in the consultation draft of the 4th edition of the ASX Corporate Governance Principles and Recommendations.

Practically, what do I need to be thinking about?

Implementing a compliant policy is an obvious next step for organisations subject to the Law, but that alone will not be enough to adequately respond to the changes. Some of the other things organisations should be thinking about include:

1. Effective processes and procedures. Processes for disclosures to be identified, escalated, assessed, investigated, actioned and reported on need to be effective and robust.

As part of this, it is necessary to clearly define and distribute roles and responsibilities within an organisation with respect to a whistleblower programme, including who will be responsible for receiving, investigating and making decisions on disclosures.

In addition to allowing for the effective resolution of disclosures, having such processes in place and communicating them to staff will encourage confidence in the programme and support a ‘safe to speak up’ culture.

2. Robust investigation practices. Investigating disclosures can raise particular challenges for organisations, in light of:
   • strict confidentiality requirements; and
   • the importance of taking reasonable precautions, and exercising due diligence, to avoid a whistleblower suffering detriment as a result of their report.

An investigation framework should be set up which has regard to the bespoke considerations that arise in this context.

Further, careful thought should be given to how disclosures should be triaged – for example, whether they will be investigated as a whistleblower disclosure, or whether it is appropriate that they be investigated pursuant to other processes (e.g. where the disclosure solely concerns a personal work-related grievance).

3. Oversight and reporting mechanisms. It is imperative for the Board and senior management to be appropriately aware of financial and non-financial risks in the organisation. Reporting on concerns raised by whistleblowers forms part of this.

Organisations will need to consider the form and frequency that such reporting will take, and the data and metrics that need to be tracked, whilst ensuring any confidentiality requirements under law are met.

4. Training staff. Front-line staff who will have responsibilities under a whistleblower program (e.g. those receiving and investigating disclosures) need to be trained in how to effectively support the program and meet their legal obligations, while encouraging a ‘safe to speak up’ culture. Boards and senior executives should also be provided with training on the importance and requirements of a whistleblower program.

Further, all staff should be made aware of the whistleblower program through company-wide training, including in relation to how to make a disclosure and the rights and process and protections that will apply to protected disclosures.

Our team can assist in setting up the frameworks needed to support the actions set out above.

What’s next for whistleblowing laws in Australia?

While the new law represents a large step forward in Australian whistleblower reform, we expect this to be an area of continued regulatory development.

Labor has announced that, if elected, it will:

• set up a Whistleblower Rewards Scheme;
• establish a Whistleblower Protection Authority;
• consolidate existing whistleblowing laws into a single Whistleblowing Act; and
• fund a special prosecutor.

The new law itself requires a review of the new laws after 5 years. The debate of the Bill in Parliament has suggested the first three of these further amendments are to be considered in the next review.

Organisations subject to the Australian legislation will need to continue monitoring developments in this space.