Corporations Act: Whistleblower Protections in Australia

Discover how the Corporations Act 2001 safeguards whistleblowers in Australia and what companies must do to comply with the law.

Understanding the Corporations Act 2001

The Corporations Act 2001 is the primary legislation governing companies in Australia. It is the legal framework for the formation, operation, and management of companies, as well as the rights and responsibilities of company officers, employees, and shareholders.

The Act also includes provisions for whistleblower protections, which are designed to encourage individuals to report suspected misconduct or illegal activities within their organisation. These protections are vital in promoting corporate transparency, accountability, and ethical behaviour.

Corporations Act compliance

Under the Corporations Act 2001, it is mandatory for public companies, large proprietary companies, and registrable superannuation entities to have a whistleblower policy in place. A proprietary company is considered “large” for a financial year if it satisfies at least two of the following criteria:

The revenue for the financial year of the company and any entities it controls is $50 million or more.
The value of gross assets at the end of the financial year of the company and any entities it controls is $25 million or more.
The company and any entities it controls have 100 or more employees at the end of the financial year.

Criteria for whistleblowing under the Corporations Act

To qualify for protection under the Corporations Act, a whistleblower must meet certain criteria:

Eligible whistleblower: The individual must be a current or former employee, officer, contractor, supplier, or associate of the company, or a relative or dependent of any of these individuals.

Eligible recipient: The disclosure must be made to an eligible recipient, such as:

A senior manager or designated whistleblower officer within the company
An auditor or member of an audit team conducting an audit of the company
An actuary of the company
A legal practitioner for the purpose of obtaining legal advice or representation
A regulatory body, such as ASIC, APRA, or a prescribed Commonwealth authority

Reasonable grounds: The whistleblower must have reasonable grounds to suspect that the information they are disclosing concerns misconduct, or an improper state of affairs or circumstances, in relation to the company or a related body corporate.

Disclosable matters: The disclosure must relate to one or more of the following:

Misconduct, or an improper state of affairs or circumstances, in relation to the company or a related body corporate
Conduct that constitutes an offence against, or a contravention of, a provision of specified legislation (including the Corporations Act)
Conduct that represents a danger to the public or the financial system
Conduct prescribed by regulations
Conduct that is not a personal, work related grievance

Good faith: While not a strict requirement, it is generally expected that the whistleblower is acting in good faith and has a genuine belief in the truth of the information being disclosed.

These criteria are designed to strike a balance between encouraging legitimate whistleblowing and preventing vexatious or frivolous disclosures.

Public interest and emergency disclosures

In certain circumstances, the Corporations Act allows for public interest and emergency disclosures to be made to journalists or members of Parliament. These disclosures are subject to additional requirements and should only be made as a last resort when other reporting channels have been exhausted or are not appropriate.

For a public interest disclosure, the whistleblower must:

Have previously made a disclosure to a regulator (such as ASIC or APRA)
Wait at least 90 days since the initial disclosure
Have reasonable grounds to believe that no action is being taken to address the matter
Notify the regulator of their intention to make a public interest disclosure

For an emergency disclosure, the whistleblower must:

Have previously made a disclosure to a regulator
Have reasonable grounds to believe that the information concerns a substantial and imminent danger to the health or safety of one or more persons or to the natural environment
Notify the regulator of their intention to make an emergency disclosure

In both cases, the whistleblower must only disclose information necessary to inform the recipient of the misconduct or the substantial and imminent danger.

Protections for whistleblowers

The Corporations Act provides whistleblower protections for eligible whistleblowers who make qualifying disclosures about their organisation. These protections are designed to encourage whistleblowers to come forward by shielding them from adverse consequences and providing them with legal remedies in the event of detrimental conduct.

Detrimental conduct

Under the Corporations Act, it is an offence to cause or threaten detriment to a whistleblower due to their disclosure. Detrimental conduct can take many forms, including:

Dismissal or alteration of an employee's position to their disadvantage
Harassment, intimidation, or discrimination
Harm or injury, including psychological harm
Damage to property, reputation, business, or financial position
Any other damage to the whistleblower

The Corporations Act also provides whistleblowers with immunity from civil, criminal, or administrative liability for making a protected disclosure. This means that whistleblowers cannot be subject to legal action for breach of confidentiality or other contractual obligations as a result of making a qualifying disclosure.

To ensure compliance with the whistleblower protection provisions, companies should have robust policies and procedures in place to manage whistleblower disclosures, investigate reports of misconduct, and protect whistleblowers from detrimental conduct. This includes providing training to employees on their rights and obligations under the whistleblower protection regime and fostering a culture that encourages and supports whistleblowing.

Penalties

Engaging in detrimental conduct can result in significant civil penalties of up to $1.05 million for individuals and $10.5 million for companies. In addition, whistleblowers who suffer loss, damage, or injury due to detrimental conduct may seek compensation through the courts.

Expanded protections under the Treasury Laws Amendments

In 2019, the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act introduced new whistleblower provisions. The reforms were designed to provide greater protections for whistleblowers who report misconduct and help uncover and prevent corporate wrongdoing.

The key changes include:

Expand eligibility for whistleblower protections: The amendments broaden the scope of individuals who qualify for whistleblower protections, including current and former employees, officers, contractors, suppliers, and their family members.
Broadening the definition of an "eligible whistleblower": The amendments expand the definition of an "eligible whistleblower" to include current and former employees, officers, contractors, and their family members.
Expanding the range of reportable conduct: The amendments expand the range of conduct that can be the subject of a protected disclosure, including misconduct, improper state of affairs, and breaches of tax laws.
Allow anonymous disclosures: Whistleblowers can now make anonymous disclosures and remain protected under the law. This provision aims to encourage more individuals to come forward without fear of retaliation.
Strengthen confidentiality protections: The amendments introduce stricter confidentiality obligations for recipients of whistleblower disclosures, ensuring the identity of the whistleblower remains protected.
Introduce civil penalties and remedies: In addition to existing criminal offences, the amendments introduce civil penalty provisions for causing or threatening detriment to a whistleblower or breaching a whistleblower's confidentiality.
Require whistleblower policies: Public companies, large proprietary companies, and corporate trustees of registrable superannuation entities are now required to have a whistleblower policy in place.

Implications for Australian organisations

To comply with the law and promote a speak-up culture, organisations must adopt a comprehensive approach that involves all levels of management and various departments.

Developing a robust whistleblower policy

A key requirement under the amendments is for public companies, large proprietary companies, and corporate trustees of registrable superannuation entities to have a whistleblower policy. This policy must include information about:

The protections available to whistleblowers
How and to whom disclosures can be made
How the organisation will support and protect whistleblowers
How investigations into disclosures will be conducted
How the organisation will ensure fair treatment of employees mentioned in disclosures

Developing a comprehensive whistleblower policy requires input from various stakeholders, including legal, compliance, and risk management departments.

Establishing secure reporting channels

Organisations must provide secure and confidential channels for whistleblowers to make disclosures. This may include internal reporting mechanisms, such as dedicated hotlines or online platforms, as well as external channels, such as legal practitioners or regulatory bodies.

Ensuring the confidentiality and anonymity of these reporting channels is crucial to encourage whistleblowers to come forward and protect them from retaliation. Organisations should consider implementing a secure, third-party whistleblowing platform to provide an additional layer of protection and anonymity for whistleblowers.

Training and awareness

To foster a speak-up culture, organisations must invest in training and awareness programs for all employees. This includes educating staff about their rights and protections as whistleblowers, how to make disclosures, and the organisation's commitment to protecting whistleblowers from retaliation.

Managers and senior leaders should also receive training on how to handle whistleblower disclosures, maintain confidentiality, and prevent victimisation of whistleblowers within their teams. Regular training sessions and awareness campaigns can help embed a culture of speaking up and reinforce the organisation's commitment to whistleblower protection.

Prompt and fair investigations

Organisations must have processes in place to investigate whistleblower disclosures promptly and fairly. This may involve establishing an internal investigations team or engaging external investigators to ensure independence and impartiality.

Investigations should be conducted thoroughly, with findings and recommendations reported to appropriate levels of management and the board. It is essential to maintain the confidentiality of the whistleblower throughout the investigation process and to protect them from any form of retaliation or adverse action.

Ongoing monitoring and review

Compliance with whistleblower protection laws requires ongoing monitoring and review. Organisations should regularly assess the effectiveness of their whistleblower policy, reporting channels, and investigation processes, and make improvements where necessary.

Boards and senior management should also receive regular reports on whistleblower disclosures and the outcomes of investigations to ensure appropriate oversight and accountability. This can help identify trends, systemic issues, and areas for improvement in the organisation's whistleblower protection framework.

Corporation Act 2001: Whistleblower reports in trading or financial corporation. How Elker can help.

How Elker can help your organisation

Elker is a comprehensive reporting platform that helps Australian organisations protect whistleblowers and achieve compliance with the Corporations Act. The platform provides a secure and anonymous reporting channel to encourage employees to speak up without fear of retaliation. By encouraging your people to report internally, Elker allows you to detect, manage and resolve workplace issues efficiently.

Elker enhances compliance by:

Protecting whistleblowers: With the highest grade security and anonymous reporting, Elker safeguards the identities of whistleblowers.
Providing policy templates: Tailored to your organisation by our legal experts, Elker's policy templates ensure your policies meet Australian compliance standards.
Simplifying case management: Our platform optimises the handling of reports, from triage to resolution, making the process efficient and effective.

Elker is the solution for organisations aiming to bolster their whistleblowing protocols and adhere to regulatory demands. Discover how Elker can transform your approach to whistleblowing management.

Book a demo today.

Frequently asked questions

What is a whistleblower policy in a company?

A whistleblower policy is a document that outlines a company's ethics, rules and procedures around:

identifying reportable conduct
reporting serious misconduct
whistleblower protections
how the company will investigate and manage disclosures

What types of companies must have a whistleblower policy?

Under the Corporations Act 2001, public companies, large proprietary companies, and registrable superannuation entities are required to have a whistleblower policy in place by 1 January 2020. The policy must be made available to all employees of the company. Failure to comply with the requirement to have a whistleblower policy can result in strict liability offences.

While a whistleblower policy is not required for all businesses, doing so is advised as best practice since it promotes a culture of integrity and accountability within an organisation.

How are whistleblowers protected?

The Corporations Act 2001 provides a whistleblower protection regime for eligible whistleblowers who make qualifying disclosures. These protections include:

Confidentiality: The whistleblower's identity must be kept confidential unless they consent to its disclosure or it is required by law.
Protection from detrimental conduct: It is illegal to cause or threaten detriment to a whistleblower due to their disclosure. Detrimental conduct may include dismissal, harassment, discrimination, or damage to property or reputation.
Compensation: Whistleblowers who suffer loss, damage, or injury due to detrimental conduct may seek compensation through the courts.
Immunity from legal action: Whistleblowers are protected from civil, criminal, or administrative liability for making a protected disclosure.

Companies must ensure their whistleblower policies and practices align with these legal protections to create a safe environment for whistleblowers to come forward.

Can a whistleblower report anonymously?

Yes, under the Corporations Act 2001, whistleblowers have the right to make anonymous disclosures. Companies must ensure that their policies and reporting channels allow for anonymous reports. This can be achieved through various means, such as:

Anonymous hotlines or web-based reporting platforms
Engaging an external, independent whistleblowing service provider to manage reports

When a whistleblower chooses to remain anonymous, the company must take steps to protect their identity. Companies must ensure that any information that could potentially identify the whistleblower is kept confidential and shared only on a need-to-know basis.

Companies should be aware that anonymous reports may be more challenging to investigate and should have processes in place to manage such situations effectively.

What happens if a company does not have a compliant whistleblower policy?

If a company that is required to have a whistleblower policy fails to comply with this obligation, it may face significant consequences:

Penalties: The company may be subject to civil penalties of up to $12,600 for individuals and $126,000 for body corporates. These penalties can be applied for each day that the company remains non-compliant.
Reputational damage: Non-compliance with whistleblower protection laws can lead to negative publicity and reputational harm, as it may be perceived as a lack of commitment to corporate governance and ethical behaviour.
Increased risk of misconduct: Without a clear whistleblower policy in place, employees may be less likely to report potential wrongdoing, leading to an increased risk of undetected misconduct within the organisation.
Legal action: Whistleblowers who suffer detriment due to the company's lack of a compliant policy may seek compensation through the courts, exposing the company to further financial and reputational risks.