New Australian whistleblower laws came into effect on 1 July 2019. Here are our top 5 practical challenges facing Australian companies from the new laws and what you need to think about and do to address these challenges.

1. Foreign operations

  • Issue: The new laws protect disclosures concerning misconduct or an improper state of affairs or circumstances in related bodies and received by officers and senior managers of related bodies.  For Australian companies with overseas-based related entities, the regime may protect disclosures made to or about people or parts of the business based overseas.
  • What you need:  Whistleblower policies and programs need to contend with whistleblower laws in different jurisdictions that may have different (and conflicting) requirements and train overseas-based officers or personnel on their obligations to the corporate group as a whole.

2. Eligible recipients

  • Issue: The new laws protect disclosures made to a wide range of eligible recipients, including officers and senior managers of a company and its related bodies. 
  • What you need:  Whistleblower programs need to build in training and communication strategies which reach all potential eligible recipients addressing whistleblower confidentiality and prohibitions on victimisation.

3. A one-stop-shop or a dedicated channel?

  • Issue:  Disclosures about solely personal work-related grievances are generally excluded from protection under the new laws while disclosures concerning misconduct or an improper state of affairs or circumstances are protected.  The line between what is protected and what is not is not always clear.
  • What you need:  Whistleblower policies and programs need to set up sound but flexible investigation processes that can adapt to the variety of potential disclosures, even when it is not clear whether a disclosure is protected.  For practical reasons, some clients prefer to take an expansive and consistent approach in their policies to streamline the investigation of issues which may be raised.  However, companies need to do this without raising expectations of protection under the whistleblower regimes if those protections may not apply.

4. Appointing whistleblower officers

  • Issue:  The new laws allow companies to authorise certain people to receive protected disclosures.  This provides the company with an opportunity to structure its whistleblower program proactively but requires careful consideration as to who may be an appropriate whistleblower officer.
  • What you need:  Whistleblower policies should identify appropriate whistleblower officers appointed to act as a liaison point and overall managers of the program.  Several practical and legal considerations should inform who that person should be, including the potential for conflicts of interest.  Companies that are proactive in establishing a good structure from the outset can help mitigate the risk of common pitfalls, such as breaches of whistleblower confidentiality, conflicts of interest and accusations of victimisation.

5. Documents stored on servers

  • Issue:  The confidentiality protections require a whistleblower’s consent to the disclosure of their identity or information which may identify them, subject to limited exceptions.  For companies with email servers and document management systems that are accessible to people other than the intended recipient of a protected disclosure, navigating the confidentiality obligations can be tricky in practice.
  • What you need:  Whistleblower policies and programs, and the systems that support them, must protect whistleblower identity, provide confidential channels for the making and storage of disclosures and/or facilitate the consent of whistleblowers to the disclosure of their identity, as appropriate.

We have implemented simple and practical solutions for clients which address these, and other, practical challenges presented by the new Australian whistleblower regime.  We can help you review and implement your whistleblower policies and programs, develop and implement training for your personnel, and navigate disclosures safely through investigation processes in a way which minimises legal and reputational risks to your company.

The costs of getting this wrong are severe.  Significant criminal and civil penalties apply to breaches of whistleblower confidentiality and victimisation prohibitions, including maximum penalties of 2 years’ imprisonment for individuals and civil penalties of up to $525 million for companies.  Whistleblowers can also take their complaints to regulators, MPs and journalists in certain circumstances, and bring actions directly against companies and individuals for compensation and other relief if they are subjected to or threatened with any detriment. 

All public companies and large proprietary companies must have a compliant whistleblower policy in place by 1 January 2020.