Australia has recently had a big (and much needed) overhaul of its whistleblower protection laws. Don't like reading legislation? You're not alone, legislation is horrible and leads to thick lines forming on your furrowed brow. Not to worry, we've translated all that law into human English and distilled it all down, only saving the parts that you need to know. So, here we go! Read on for the ultimate whistleblower factsheet below...
First off: Who is a "whistleblower" and why do they need protection?
A whistleblower is someone who exposes information about any misconduct or criminal conduct occurring within an organisation, whether it be public or private. Someone who knows something and says something. Whistleblowers do an important job - they help expose corruption, crime, and misconduct.
They need protection because the people who are the subject of such corruption, crime, and misconduct generally aren't big fans of evidence of their wrongdoing coming to light. They have a nasty habit of subduing and even harming whistleblowers. Whistleblowers get fired, threatened, bombarded, and retaliated against. Which is wrong, unfair, unjust. You shouldn't be punished for exposing someone's crime. They did the crime, why is someone else doing the time? So we have to protect them. And the way we protect them is through a robust and wide-reaching whistleblower regime.
Which companies are affected by Whistleblower laws?
Historically, whistleblower laws were designed to combat public corruption. That is, corruption within our public (i.e., government) institutions. However, the legislators have now broadened their horizons and set their sites on some other big fish: corporations and companies.
As such, disclosures can be made about all of the following types of organisations:
- Life insurance and general insurance providers
- Superannuation entities and their trustees
- Incorporated associations or other bodies corporate that are trading or financial institutions.
In sum: nearly all organisations are affected by whistleblower laws.
How can I receive protection under Whistleblower legislation?
A disclosure must meet three criteria to be protected:
- It must be made by an eligible whistleblower;
- To an eligible recipient of that disclosure; and
- The discloser must have reasonable grounds to suspect that either:
a. The disclosed information concerns 'misconduct, or an improper state of affairs' about the regulated entityOR a related body corporate of the regulated entity.
b. An officer or employee of the regulated entity has committed an offence or represents a danger to the public.
Let's go through each of these steps in turn:
1. Who is an 'eligible whistleblower'?
As the name suggests, an eligible whistleblower is someone who is eligible to make whistleblower disclosures.
All current and former employees of a company are eligible whistleblowers. Not only that - but their spouses, relatives, and dependents are eligible whistleblowers too.
All of the following are eligible whistleblowers:
- Officers of the company that the disclosure is about (which usually means a director or company secretary).
- Contractors, or employees of a contractor, who have supplied goods or services to the company the disclosure is about.
- An associate of the company or organisation the disclosure is about (usually someone who works with the company).
- A trustee, custodian, or investment manager of a superannuation entity.
- The spouse, relative or dependent of any of the above.
2. Who is an 'eligible recipient' of whistleblower disclosures?
An eligible recipient is someone who is authorised to receive whistleblower disclosures. Disclosures do not receive protection unless made to an eligible recipient.
All of the following are eligible recipients within a particular company:
(a) an officer or senior manager of the body corporate or a related body corporate;
(b) an auditor, or a member of an audit team conducting an audit, of the body corporate or a related body corporate;
(c) an actuary of the body corporate or a related body corporate;
(d) a person authorised by the body corporate to receive disclosures that may qualify for protection under this Part.
Note 1: Companies are free to train and appoint anyone within their employ to be eligible recipients. To find out who is eligible to receive disclosures within your place of employment, consult your company's whistleblower policy.
Note 2: A "senior manager" is someone who makes or participates in making decisions that affect the whole or a substantial part of the business or organisation that you work for. They will generally be senior executives within your company, such as the Chief Executive Officer and Chief Financial Officer.
3. The discloser must have reasonable grounds to suspect...
When making a disclosure, there used to be a requirement that all disclosures must be made in "good faith." "Good faith" basically means "honest." This required examination into why someone did something - and whether or not their motives were honest.
This is problematic because motives are elusive - often even to the person whose motives we're trying to discern. We can't reach into someone's brain and pull out their reasons for doing something. The technology doesn't exist. So they scrapped it. It's too hard; it's not useful, it's out.
Now, what's required is that you have reasonable grounds to suspect that the information you are disclosing concerns misconduct, an improper state of affairs, an offence, or demonstrates someone to be a danger to the public interest. That's a mouthful, so let's break it down piece by piece:
"Reasonable grounds to suspect..."
Having "reasonable grounds" means that a reasonable person in your position would also believe that the information you're disclosing is correct, and that they would draw the same conclusion as you have. If you have information you wish to disclose, ask yourself, "would someone else in my position also reach the same conclusion?" If the answer is yes, you have reasonable grounds.
"Misconduct or an improper state of affairs"
The legislators have here cast a vast net. Instead of limiting the kinds of things you can make disclosures about to criminal activity, they've gone for broad, vague terms with near-unlimited application. This means that even if the conduct you're concerned about isn't technically illegal, you can still receive protection for reporting it. Think tax evasion, insider trading. Things where the line between legal and illegal is blurred and incredibly fine.
This also means that systemic problems can also be addressed under Whistleblower legislation - where nobody has overtly discriminated, but a series of past actions suggest a greater systemic issue.
In short, information about 'misconduct or an improper state of affairs' is the stuff that may not be illegal, but it's just not quite right.
"An officer or employee of the regulated entity has committed an offence or represents a danger to the public"
This is probably the most straight forward - it's explicit permission for whistleblowers to make disclosures about crimes perpetrated by people who work with them.
The "represents a danger to the public" this is a little more subjective, but I wouldn't fret too much over the semantics of it. Do you think that someone is about to endanger the public? Yes? Perhaps you should disclose that information. It's pertinent.
Whether someone is a danger to the public is a value judgment, of course. And people have different ideas about what's dangerous. But whether or not someone actually is dangerous isn't the qualifier - it's whether you have a reasonable belief that they represent a danger. So don't get caught up on degrees of danger - go back to the first test, "is my belief reasonable?" Yes? You're protected.
What behaviour violates Whistleblower protections?
Two main categories of behaviour violate the Whistleblower regime:
- Actions which breach a whistleblower's confidentiality; and
- Actions that cause detriment to a whistleblower.
1. Breaching a whistleblower’s confidentiality
This one's pretty obvious: you're not allowed to reveal the identity of a whistleblower or go blabber-mouthing about the information they've disclosed.
Not only this - but it's also a violation of the regime to reveal information that is likely to lead to a breach of a whistleblower's identity. Mum's the word. Disclosures are private. Don't go dropping hints. Or sly-mentions that someone said something about a certain something that someone did. It's not gossip. You're liable for breach of confidence.
There are a couple of exceptions to this, however. If you are an eligible recipient, and someone has made a disclosure to you, you are allowed to reveal the whistleblower's identity and the information they've disclosed to:
- The Australian Securities and Investments Commission
- The Australian Prudential Regulation Authority
- A member of the Australian Federal Police
- A lawyer for the purpose of obtaining legal advice
- Anyone, with the consent of the discloser.
That's because there's no point making disclosures if nothing comes of it. So eligible recipients aren't penalised for passing disclosed information on to the people whose job it is to investigate that information.
2. Causing detriment to a whistleblower
You're not allowed to harm or threaten to harm a whistleblower because they've made a disclosure. You'll end up in court, coughing up the dollars, if you engage in any of the following behaviour (or threaten such behaviour) against a person because they've made a whistleblower disclosure:
- Dismissing an employee
- Injuring an employee in his or her employment
- Altering an employee's duties to their disadvantage
- Harassment or intimidation of a person
- Harm or injury to a person, including psychological harm
- Damaging someone's property
- Damaging someone's reputation
- Damaging someone's business or financial position
- Any other damage to a person.
The ramifications of violation
Any whistleblower who has had their confidence broken, or has suffered detriment (or been the subject of threats to cause detriment) can take an action to court against the perpetrator. The court can make orders, including but not limited to: compensation, injunctions to restrain behaviour, and the issuing of apologies. What remedies and the level of compensation are available will be assessed according to the level of harm caused.
However, it's not going to be small: The maximum civil penalty for breaching the confidentiality of a whistleblower is AUD$10.5 million or 10% of annual turnover for companies. For individuals, it's AUD$1.05 million. It's a big one. You're going to want to stay on the right side of the law here.
What do you have to do?
Be proactive. Train your staff. Inform them. Equip them with skills. Vicarious liability means that employers will be liable for the acts and omissions of their employees. Not only that - these laws directly target companies. They're designed to hold them accountable. To protect Whistleblowers (and avoid a whopper of a fine), we need to ensure that every employee understands how to make disclosures, what can and can't be disclosed, and what is in violation of the regime. Litigation is not fun. It's expensive, onerous and unnecessary. You don't want to end up in court. And you don't have to - if you protect your Whistleblowers.
Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Cth)
Australian Securities and Investments Commission 2019, Whistleblower Rights and Protections, viewed 12 November 2019 2019, <https://asic.gov.au/about-asic/asic-investigations-and-enforcement/whistleblowing/whistleblower-rights-and-protections/>
Norton Rose Fulbright 2019, A new era for Whistleblowers in Australia, viewed 12 November 2019, <https://www.nortonrosefulbright.com/en/knowledge/publications/63b0f230/update-on-new-whistleblower-protection-laws-in-australia>
Courtney is the face behind the Yarno blog. She’s our fact-finding expert, Instagram connoisseur and the only person we know who can write 1500 words and fix a fence in the same half hour.
You might also like
I'm excited to kickoff our case study series, where I'll post a short case study each week highlighting fast and smart hyperlearning organisations. This week we're covering Shopify.
There is no point in training unless you repeat it. Our brains are like leaky buckets: the things we learn spill out over time. That is, unless you repeat and reinforce your learning.
Can you get your remote teams on the same page in <48 hours? Hyper learning organisations can. Here's how you become a fast & smart hyperlearning organisation.