Understanding the upcoming changes to Australia’s whistleblower regime
From mid-2018 onwards, Australia’s corporate whistleblower regime is expected to move into line with many other OECD (Organisation for Economic Co-operation and Development) countries in a process that will affect all public and large proprietary (private) companies in the ‘corporate, financial, credit and tax sectors’ – and require them, for example, to implement extensive internal whistleblower policies.
Clearly, these changes will also directly impact global companies with operations and interests in Australia.
Under Australia’s new rules, what constitutes a ‘large’ company?
The impending new regime is expected to impact a very significant number of Australian companies given that, under Australian Securities and Investments Commission (ASIC) rules, a proprietary company is defined as “large” for a financial year if it satisfies two or more of the following:
- The consolidated revenue for the financial year of the company and any entities it controls is AUD25M (about $19M US) or more
- The value of the consolidated gross assets at the end of the financial year of the company and any entities it controls is AUD12.5M (about $9.5M US) or more
- The company and any entities it controls have 50 or more employees at the end of the financial year
Historically, ASIC has identified effective whistleblower processes as a key element of strong corporate governance and, as a consequence, it is widely expected that companies will face early and close regulatory scrutiny of their performance under the new regime.
The new regime has been triggered by a number of factors, including:
- Current legislative shortcomings in a now global business environment
- Increasingly complex corporate structures and societal and governmental expectations
Moreover, the widely-held perception that Australia has not protected whistleblowers from victimization and retaliation as effectively as other jurisdictions has historically resulted in relatively few whistleblower related cases in Australia
Enhanced protections for Australian whistleblowers
The new single regime will rationalize existing whistleblower provisions across a range of legislation, whilst also facilitating disclosures and providing whistleblowers with greater protection.
To achieve these objectives, there are five primary elements of the new regime which are summarized below:
- Extension to the range of eligible whistleblowers, which will include, for example, company officers both current and past, employees, contractors and suppliers/vendors – plus their associates and specified family members.
- Extensions to who can receive whistleblower reports, including designated individuals within a company, regulators, law enforcement bodies, lawyers (when legal advice is being sought), politicians in certain circumstances, and journalists. Clearly, this may heighten the risk of reputational damage to a company, not only from the information disclosed, but also as a result of the company’s subsequent approach to, and dealings with, the whistleblower.
- Extension to the types of conduct covered by whistleblower protection, including conduct that ‘represents a danger to the public or financial system’, conduct that is an offence under any Australian law that carries a penalty of 12 months or more imprisonment, and ‘misconduct or an improper state of affairs or circumstances’ in relation to a regulated entity.
- Enhancements to protections for whistleblowers, including removal of any ‘good faith’ requirement, anonymity, compensation and fines for victimization or retaliation (payable by both the individual(s) and company involved), together with criminal and/or civil immunity.
- New requirements for company whistleblower policies to be established in line with the new regime by January 1, 2019 at the latest (for public companies) and December 1, 2019 (for large proprietary companies).
It should be recognized that this is considered to be just the first ‘wave of reform’, with more to follow. For example, the possibility of a U.S.-style reward system for whistleblowers has certainly not been discounted; over 50 Australian whistleblowers provided information to the SEC in 2017 alone.
Penalties & compensation under Australia’s new whistleblowing legislation
Individuals and companies will face civil penalties up to AUD200,000 and AUD1M respectively (about $150,000 and $750,000 US), for breaching a whistleblower’s anonymity and for victimizing (or threatening to victimize) a whistleblower.
Failure to comply with the confidentiality and victimization provisions will also be categorized as criminal offences, punishable by imprisonment and/or fines. Whistleblowers will also be able to seek compensation for reprisals of this type.
In addition, companies will face potential penalties of around AUD65,000 ($50,000 US) for failing to set up a compliant whistleblower policy.
It is expected that the new legislation will apply to protected disclosures made on, or after, July 1, 2018, including disclosures about issues that occurred before that date. Whistleblowers will also have access to the compensation and enhanced protection against victimization and retaliation outlined above after July 1, 2018, regardless of when the disclosure was made. This issue is crucial given that the ‘lag’ between an issue and a disclosure can be 11 months or more, particularly in the case of sexual abuse and harassment-type issues.
What are the main compliance challenges being faced as the policy is enacted?
The significance of the extensions, enhancements and new requirements cannot be overstated and, without question, they will be a wake-up call for many companies as they work to ensure that they comply with the new requirements in what is a new era of whistleblowing.
The new regime is planned to come into force on July 1, 2018. Affected companies will clearly need to develop a proactive program now to ensure that they are compliant, particularly given that there is the potential for an upsurge in whistleblowing reports as a consequence of the new legislation.
Clearly, an organization’s whistleblower policy will need to be written such that it is comprehensive, reassuring, culturally sensitive, and covers key issues such as the protections available to whistleblowers and how the company will ensure that whistleblowers are treated fairly and without victimization or retaliation in accordance with the requirements of the new regime.
It is also essential that company processes and frameworks are fully documented, tested, and cover, for example:
- Case management of whistleblower protected disclosures (workflow)
- Timely responses
- Fair treatment of employees who are identified in protected disclosures
- Fair treatment of employees to whom protected disclosures are made
- Wider employee communications
Whilst some companies will already have global and/or local whistleblowing policies, it is essential that they are reviewed to ensure that they meet both the letter and spirit of the new regime.
Crucially, and arguably uniquely, the policy needs to apply not only to current employees but also past employees, contractors, suppliers/vendors, and family members of employees. As such, there should also be systems in place to ensure that the policy is distributed electronically or physically to any individual or organization that may be an eligible whistleblower in relation to the company.
Given that there are a multitude of examples where companies have only discovered major fraud, accounting, and other issues following the intervention of a whistleblower, the importance of an effective whistleblower program cannot be underestimated.
Implementing an effective whistleblower program
An effective whistleblower program is a key component of all ethical companies: society is undergoing an ethical transformation, and employees and consumers alike expect more from the companies they interact with, both in Australia and throughout the world.
For companies impacted by the new whistleblowing regime, fast action may be needed to ensure compliance. There are a variety of solutions available, and the hotline and case management portion of Convercent’s Ethics Cloud Platform is one such option that streamlines the connection between ethics and business performance.