The widespread introduction of legislation protecting the actions of ‘whistleblowers’, and increased public expectations of global corporate accountability, mean that businesses need to adopt a proactive approach to managing allegations or disclosures that point to misconduct within their organisation. Not understanding the law surrounding whistleblowing can be costly for businesses in terms of potential claims as well as damage to reputation.

Whistleblowing is a high priority on international and national anti-corruption agendas, and is continuing to grow in importance, highlighting whistleblowing’s relevance as a corporate governance and regulatory tool.

Compliance and transparency are of paramount importance today. For this reason, whistle-blowing laws are being enacted to encourage employees to come forward without fear of reprisals. While these rules safeguard employee interests, multi-national companies are facing increasing challenges relating to whistle-blowing, ethics and retaliation claims.

Knowing how to appropriately anticipate and manage these issues could prevent significant negative exposure in all media, potentially and unnecessarily damaging a company’s image and reputation.
Country-by-country and EU whistle-blowing rules need to be taken into account in setting the best practices and policies in this growing area of risk, including what an employer must do when faced with a whistle-blower claim, such as whether an investigation is required, protections of the employee who complained of company practices and litigation issues. Best practice requires companies to take action in advance by creating a hotline and training its employees in ethical behavior.

The Public Sector

Whistleblower legislation has historically focused on the public sector.  The legislation has been described by Dr A.J. Brown (Griffith University) as “a tapestry, because it’s got some rich threads, the problem is that there’s no single law which even approaches what would be reasonable best practice. Everybody’s experimented, nobody’s really got a good handle on what best practice would look like.”

In 2002, in its discussion paper Corporate Disclosure,  the Australian government signalled its intention to legislate and later committed to “provide best-practice legislation to encourage and protect public interest disclosure within government”.   Australian whistleblower protection rules are fairly comprehensive for the public sector, with federal and state legislation now covering all jurisdictions aimed at ensuring integrity and accountability in the public sector.

Federal and State public interest disclosure Acts :

  • Whistleblowers Protection Act 1993, South Australia
  • Whistleblowers Protection Act 1994, Queensland
  • Public Interest Disclosures Act 1994, New South Wales
  • Public Interest Disclosure Act 2012, Australian Capital Territory
  • Public Interest Disclosure Act 2013, Commonwealth
  • Protected Disclosure Act 2012, Victoria
  • Public Interest Disclosures Act 2002, Tasmania
  • Public Interest Disclosure Act 2003, Western Australia
  • Public Interest Disclosure Act 2008, Northern Territory

The main objectives of these laws are to provide:

  • a safe means to report wrongdoing
  • appropriate protection for those who make such reports
  • a framework to properly deal with and fix reported matters
  • The protection offered to whistleblowers includes protection against victimisation and suffering any detriment.

Whilst the federal and state laws relating to the public sector share these main objectives they are not without shortcomings.

Critics have observed that:

  • the reportable wrongdoing is ill-defined and differs between jurisdictions
  • anonymous complaints are not always protected
  • it is not clear who will be protected and how
  • the obligations on agencies themselves differs and is unclear
  • the absence of an oversight agency responsible for whistleblower protection

The Private Sector

For the private sector, legislative protection is considerably weaker. The primary provisions are contained in the federal Corporations Act 2004. The protection however only covers disclosers reporting breaches of the Corporations Act and the ASIC Act (protected disclosure).

Pursuant to Part 9.4AAA Section 1317 AA-AE a person is protected as a discloser if they are:

  • an officer of a company; or
  • an employee of a company; or
  • a contractor or their employee who has a contract to supply goods or services to the company.

The Corporations Act prohibits retaliation against a discloser and gives them a civil right, including seeking reinstatement of employment.

The Corporations Act provides that where a person makes a disclosure that qualifies for protection:

  • the person is not subject to any civil or criminal liability; and
  • no contractual or other remedy may be enforced, and no contractual or other right may be exercised, against the person on the basis of the disclosure (This means that secrecy provisions in any employment contracts and the like will not preclude whistleblowing.)

Note: The Corporations Act does not provide that the person is not subject to any civil or criminal liability for conduct of the person that is revealed by the disclosure.

To qualify for protection a whistleblower’s revelation must be made to:

  • ASIC or
  • the company’s auditor or a member of the audit team conducting an audit of the company; or
  • a director, secretary or senior manager; or
  • senior manager of the company or
  • a person authorised by the company to receive disclosures of that kind.

To trigger the provisions of the Corporations Act, the discloser must:

  • give their name before making the disclosure and
  • have reasonable grounds to suspect that the information indicates the company or an officer or employee has, or may have, contravened a provision of the  Corporations legislation (which includes both the Corporations Act and the ASIC Act); and
  • acts in good faith.

Passing on information provided by a discloser under the Corporations Act

Under the Corporations Act information provided by a discloser and the identity of the discloser  (or information that may lead to the identity of the discloser) may only be passed on under the following circumstances:

  • To  ASIC, APRA or the Australian Federal Police without asking for the discloser’s’s permission.
  • To  another person if the discloser  has given their consent. Note: This means that as a member of an audit team you cannot pass on the information to an audit partner unless the disclose has consented to you doing this.

The Whistleblower Program for Entities, AS 8004-2003, applies to the private sector and offers a guide to the key requirements of a whistleblowing framework. Confidentiality, anonymity and protection are amongst them.

What does all this mean?

The absence of comprehensive legislation, particularly for the private sector, imposes a strong requirement on organisations to have internal policies and procedures not only for facilitating disclosures, but also for protecting and supporting employees who report wrongdoing.  Using a Whistle Blower Policy Review Checklist for best practice and good governance regarding whistleblowing programs is best and available form Whistle Blowing Service.

An accessible and independent external reporting process is required to allow reporting of wrongdoing in circumstances where a person may not feel safe or find it impossible reporting the wrongdoing via internal channels. To the extent that a person cannot do so via external means the organisation is exposed to risk and criticism.

Best practice requires that the external reporting option in your Whistleblower Policy work in collaboration with your internal reporting means.

Recommendations of the Australian Stock Exchange (ASX)

This view and approach is strongly supported by the ASX.  In 2003 the Australian Stock Exchange’s Corporate Governance Council issued Principles of Good Corporate Governance and Best Practice Recommendations. The ASX recommended companies establish a code of conduct for directors and senior executives.  Recommendations included fostering and encouraging whistleblowing by staff.

In 2007 the ASX Corporate Governance Council (Council) undertook an extensive review of the first edition of the Principles of Good Corporate Governance and Best Practice Recommendations and undertook a public consultation process.

The revised Corporate Governance Principles and Recommendations issued by the Council recommended companies “Identify measures the company follows to encourage the reporting of unlawful or unethical behaviour and to actively promote ethical behaviour. This might include reference to how the company protects those, such as whistleblowers, who report violations in good faith, and its processes for dealing with such reports.”

International Whistleblower Legislation

In the USA, the Sarbanes-Oxley Act provides whistleblower protection for corporate employees and mandates that companies establish procedures to permit anonymous reporting by employees. The obligation to establish these is imposed on the audit committee.  In the United Kingdom, the Combined Code of Corporate Governance protects whistleblowers and recommends audit committees have whistleblower arrangements for financial reporting irregularities.

The final report on Whistleblower Protection Laws  in G20 Countries

Priorities for Action issued by Simon Wolfe, Mark Worth and Suelette

Dreyfus A J Brown in September 2014 stated by way of executive summary:

The G20 countries committed in 2010 and 2012 to put in place adequate measures to protect whistleblowers, and to provide them with safe, reliable avenues to report fraud, corruption and other wrongdoing. While much has been achieved as a result of the G20 commitment, on the whole much remains to be done to meet this important goal. Many G20 countries’ whistleblower protection laws continue to fail to meet international standards, and fall significantly short of best practice.

Lacking strong legal protections, government and corporate employees who report wrongdoing to their managers or to regulators can face dismissal, harassment and other forms of retribution. With employees deterred from coming forward, government and corporate misconduct can be perpetuated. Serious wrongdoing such as corruption, fraud, financial malpractice, public health threats, unsafe consumer products and environmental damage can persist without remedy.