Whistleblower reform: New laws – are you ready?
Whistleblower reform: New laws – are you ready?
New laws were passed in 2019 that make significant reforms to Australia’s private sector whistleblower laws. Under these laws, public companies, large proprietary companies and corporate trustees of superannuation entities regulated by APRA are required to have a Whistleblower Policy in place by 1 January 2020.
In addition, all entities regulated by the Corporations Act (even if not mandatorily required to have a whistleblower policy) must comply with strict protections for whistleblowers, or face significant penalties.
New laws in effect from 1 January 2020
What are the key requirements of the new laws?
- Whistleblowers have a right to make anonymous disclosures, and to have their identity protected. Disclosure of a whistleblower’s identity without consent could result in a fine of up to $1,050,000 for an individual and $10,500,000 for a company.
- Whistleblowers who make a report in compliance with the law will be protected from retaliation. A whistleblower who believes that they have been subject to ‘detrimental conduct’ because they have made a protected whistleblowing report may make a claim for compensation. There is a reverse onus of proof in such cases. This means that if the whistleblower can show a reasonable possibility that detrimental conduct was taken against them because of a whistleblowing report, the company must prove that the conduct was not taken for that reason.
- A broad group of persons will be eligible for protection as whistleblowers. Former and current employees are now eligible for protection, in addition to former and current officers, contractors, suppliers, and their family members, spouses and dependents.
- A wide scope of matters may be reported. This includes matters that breach a range of Federal laws, as well as any “misconduct or improper state of affairs or circumstances”, including in relation to the tax affairs of the company. Personal work-related grievances are excluded from the scope of whistleblowing disclosures, except where they relate to retaliation for making a prior whistleblowing report, or involve 'significant implications' for the company.
- Whistleblowers no longer need to make a report in ‘good faith’. The motivations of the whistleblower are irrelevant, as long as they have ‘reasonable grounds’ to suspect wrongdoing.
- Individuals in a wide range of roles are designated as 'eligible recipients' for whistleblowing disclosures. This includes directors, officers, senior managers, actuaries and members of an audit team (both internal and external audit). In order to avoid potential liability, these individuals need to understand their obligations under the law, particularly in relation to protecting the identity of anonymous whistleblowers.
- A separate tax regime provides similar protections for whistleblowing on tax matters. Eligible recipients for tax-related whistleblowing reports include registered tax agents and BAS agents, as well as any employee who has functions or duties that relate to the tax affairs of the company.
What should organisations be doing to comply?
1. Review and update whistleblower policies and procedures
Organisations coming under the mandatory whistleblower policy requirement should have formulated a policy and made it known to staff by 1 January 2020. If this has not been done it should be attended to on an urgent basis.
For organisations with an existing policy, it should be reviewed to ensure compliance with the law, and with regulatory guidance released by ASIC in November 2019. The regulatory guidance sets out further details on the mandatory information that a whistleblower policy must include, as well as a number of recommendations as to 'better practice' in running a whistleblowing program. For example, organisations may wish to consider implementing dedicated channels to allow anonymous reporting (such as an internal or external hotline or web reporting service), to ensure that disclosures are handled consistently and in a manner that is compliant with legislative requirements.
2. Training and support for eligible recipients
Directors, officers and senior managers of the company are all ‘eligible recipients’ for protected whistleblowing disclosures under the law. As such, they have individual responsibility for ensuring that any reports made to them are handled in compliance with the law. These individuals will need to be identified, and trained in:
- how to recognise whistleblowing disclosures that will be subject to the new laws
- how to handle or act upon any disclosures that are made, including obtaining essential information from whistleblowers
- the importance of maintaining anonymity if the whistleblower wishes to remain anonymous, and how to handle such disclosures.
Disclosure of a whistleblower’s identity without consent will not be a breach of the law if it is made to a legal practitioner for the purpose of obtaining legal advice on the whistleblowing laws. This may be an important exemption for eligible recipients, since a legal practitioner may be the only 'safe harbour' where the recipient can discuss and receive advice on a report they have received. Companies may wish to consider arranging independent legal advice for recipients who receive a disclosure and are unsure of whether it is protected, or how to handle it.
3. Implementing appropriate investigation procedures
A company’s whistleblower policy must contain information on how whistleblowing reports will be investigated. Information in an anonymous whistleblowing report can be disclosed if it is reasonably necessary for the purpose of investigation, but only if all reasonable steps are taken to reduce the risk that the whistleblower will be identified.
Companies will need to ensure that investigations of whistleblowing reports:
- are carried out by reputable investigators, who understand the importance of maintaining confidentiality
- consider alternative approaches that differ from the traditional formal investigation, where necessary
- do not inadvertently compromise the whistleblower’s anonymity.
How we can help
KPMG provides a comprehensive range of specialist whistleblower services, including:
- the FairCall service – a 24/7 anonymous and confidential whistleblower hotline
- the KPMG Legal Advice Line – a confidential and independent advice line for eligible recipients to receive legal advice about a whistleblowing report
- drafting and implementing compliant whistleblower policies
- effective and impactful training for boards, executive teams, disclosure officers and eligible recipients
- whistleblower program reviews and framework development
- legal advice on the handling, investigation and resolution of disclosure matters
- legally privileged investigation services.
KPMG Australia acknowledges the Traditional Custodians of the land on which we operate, live and gather as employees, and recognise their continuing connection to land, water and community. We pay respect to Elders past, present and emerging.
©2022 KPMG, an Australian partnership and a member firm of the KPMG global organisation of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved. The KPMG name and logo are trademarks used under license by the independent member firms of the KPMG global organisation.
Liability limited by a scheme approved under Professional Standards Legislation.
For more detail about the structure of the KPMG global organisation please visit https://home.kpmg/governance.