All public companies and large proprietary companies* must have a compliant whistleblower policy in place by 1 January 2020.
Not sure of where to start? See our below drafting tips that cover the 5 main areas to address for a whistleblower policy to be compliant with the legislation.
1. Stipulate how the company will protect the whistleblower and the accessibility of the policy
The policy must make a clear statement about measures that a company will implement to protect the whistleblower and ensure fairness in the investigation process (regardless of the outcome of the investigation).
The two key elements of protections that are mandated by legislation concern:
- Confidentiality: the identity of the whistleblower must remain confidential (your policy should include strategies to de-identify details contained in the disclosure); and
- Victimisation: victimisation of the whistleblower is prohibited (you may decide to outsource the whistleblower investigation process to an external third party to reduce the possibility of victimisation).
We recommend that the policy set out the legal protections afforded to whistleblowers (such as protection from civil, criminal and administrative liability); inform the whistleblower of support services to look after the welfare of the discloser; detail measures employed to protect the whistleblower’s identity; and ensure secure record keeping relating to the investigation and complaints handling process.
The policy should also include a statement relating to its accessibility (for example, details of the company website or intranet site where it can be accessed) and the purpose of the policy.
2. Set out the parameters for protected disclosures
The policy must step out the bases under which a disclosure qualifies for whistleblower protection. In brief, a disclosure will be protected where it:
- is made by an individual who has reasonable grounds to suspect the subject matter of the disclosure and is a past or present officer, employee, contractor, supplier of goods and services to the company;
- concerns misconduct, or an improper state of affairs (or tax affairs) in relation to the company; and
- is made to an eligible recipient.
3. Explain how an eligible disclosure can be made
There is no prescribed process under legislation for the making of protected disclosure. However, the process should be straightforward and easily accessible to the class of eligible disclosers. For example, a complaint handling service that is accessible through the company’s website or a whistleblower complaints telephone service providing for anonymous disclosures are measures that a company could implement to satisfy the requirements of the legislation
4. Identify eligible recipients
Without being exhaustive, individuals employed in the following roles are eligible recipients for the purposes of the whistleblower laws:
Possible internal recipients |
Corps Act |
Tax Admin Act |
|---|---|---|
|
Authorised whistleblower officer |
✔ |
✔ |
|
Company director or secretary |
✔ |
✔ |
|
Officer |
✔ |
✖ |
|
Senior manager |
✔ |
✔ |
|
Auditor / member of audit team |
✔ |
✔ |
|
Actuary |
✔ |
✖ |
|
Register tax agent or BAS agent |
✖ |
✔ |
|
Employee / officer with functions / duties re tax affairs |
✖ |
✔ |
|
Prescribed others |
✔ |
✔ |
|
Certain persons in a related body corporate |
✔ |
✔ |
|
Legal practitioner (limited purposes) |
✔ |
✔ |
5. Set out the investigation process
The policy should cover the steps involved in the investigation process, at the very least this should address:
- receiving the disclosure;
- maintaining the confidentiality of the identity of the discloser and direct them to the company’s Whistleblower Officer (or other appropriate individual) to determine whether the disclosure is a protected disclosure;
- the investigation of the disclosure (whether internally or by an external investigator) and reporting on the outcome of the investigation (both to the Board of the company and the discloser); and
- a statement relating to how procedural fairness will be afforded to all parties involved in the investigation.
ASIC Regulatory Guide
ASIC have recently published Regulatory Guide 270 (RG) to assist companies draft whistleblower policies.
The Regulatory Guide provides insight on ASIC’s interpretation of the laws and how it will conduct any of its own investigations under the laws relating to compliance with whistleblower policy. Where the guidance provided by the RG goes further than that prescribed by the whistleblower laws, the RG should be used by way of a reference on what may be put into a whistleblower policy rather what is legally required to be included.
We provide guidance for whistleblower policies
We provide effective solutions for our clients to help them adapt to the evolving corporate compliance landscape. We can help you review and implement your whistleblower policies and programs, develop and implement training for your personnel, and navigate disclosures safely through investigation processes in a way which minimises legal and reputational risks to your company.
The importance of adhering to the whistleblower laws cannot be understated: the criminal and civil penalties for breaches of whistleblower confidentiality and victimisation prohibitions are severe and may result in maximum 2 years imprisonment for individuals and civil penalties up to $525 million for companies. Whistleblowers can also take their complaints to regulators, MPs and journalists in certain circumstances, and bring actions directly against companies and individuals for compensation and other relief if they are subject to or threatened with any detriment.
* A company that meets at least two of the following conditions: at least $50 million consolidated revenue per financial year, $25 million in assets or 100 employees.
Visit SmartCounsel
