Insight,

Whistleblower laws under review: Insights and impacts five years on

27 June 2024

Our People
KWM Kinetic
Owl Advisory
AU | EN
Current site :    AU   |   EN
Australia
EN |
China
JP | ZH | EN |
China Hong Kong SAR
ZH | EN |
Japan
JP | ZH | EN |
Singapore
ZH | EN |
United States
EN |
Global
ZH | EN |

Introduction

Nearly five years on from when the enhanced whistleblowing regime for private sector organisations was first introduced into Part 9.4AAA of the Corporations Act 2001 (Cth) (Corporations Act), it is becoming clearer to organisations what is expected of them in order to achieve compliance under the regime. However, it’s also clear that practical challenges remain in handling disclosures made under the regime.

With an emerging focus on how organisations are managing protected disclosures, and what it takes ‘on the ground’ to build a robust, properly resourced and effective internal whistleblower framework, we are noticing an upsurge in client engagement with whistleblowing issues.

The introduction of the enhanced whistleblower laws came with an inbuilt review mechanism, as a result of which the regime is due to be reviewed as soon as practicable after 1 July this year. Ahead of this review, in this article we bring together some insights from the last five years and take a look at how our clients are finding the implementation of the provisions in practice.

Whistleblowing in the rear-view mirror: the past five years

The whistleblowing laws were revamped in 2019 to simplify and unify the previous complex legislative framework in the private sector and enhance the protection of whistleblowers. The regime applies to regulated entities, including constitutional corporations, Corporations Act companies and other prescribed entities, who must comply with the provisions and afford certain protections to eligible whistleblowers. Public companies, large proprietary companies, and proprietary companies that are the trustee of a registrable superannuation entity are also required to have a policy setting out certain prescribed matters in relation to the whistleblower laws and make that policy available to officers and employees.

ASIC guidance

Regulated entities have several responsibilities as a result of these laws. ASIC’s Report 758: Good practices for handling whistleblower disclosures, published in March 2023,  sets out ASIC’s observations as to how organisations could best be handling whistleblower disclosures received under the Corporations Act regime. Report 758, which we discussed here, confirmed that ASIC considers an entity’s Board responsible for oversight of the handling of disclosures, including formally establishing Board or Board Committee oversight of the whistleblower policy and program in order to sufficiently manage risk.[1]

For listed entities, handling of whistleblower disclosures also currently features in the ASX Corporate Governance Principles and Recommendations (ASX CGPRs) (4th edition), with Recommendation 3.3 to the effect that the organisation should have a whistleblowing policy and ensure the Board or a Board Committee is informed of material incidents reported under the entity’s policy. The proposed 5th edition of the ASX CGPRs removes the current Recommendation 3.3, consistent with the broader approach to reduce regulatory duplication and overlap, an approach KWM supports in principle. A proposed new Recommendation 3.3 focusses on the best interests duty of Directors and the role of stakeholder considerations in discharging that duty. This recommendation still references that a Board’s activities may include requiring information on serious or systemic workplace incidents, and that Board Committees should have escalation procedures to communicate important information and trends to the Board. It remains clear to us from this guidance and that provided by ASIC in Report 758 and ASIC’s earlier guidance around compliant whistleblower policies[2] that Boards and Board Committees are expected to maintain oversight of the organisation’s whistleblower framework and its effectiveness.[3]

To compile Report 758, ASIC obtained material from seven large Australian organisations both voluntarily and using its statutory compulsory information-gathering powers.[4] ASIC indicated in that Report that it will continue to review organisations’ policies and arrangements.

As awareness of the regime grows, we are seeing an increase in activity from whistleblowers in relation to organisations of all sizes and industries. Anecdotally, we are also observing across the market, ways in which features of the statutory regime can materially increase the complexity and sensitivity associated with disclosures. A common challenge arises where a whistleblower’s refusal to consent to certain disclosures (on the basis of identification risk) means effective investigation of the matters raised is significantly hampered if not completely frustrated.  Other features include other practical challenges arising from anonymity, strategic use of media, and the making of unparticularised and/or mixed reports that include elements of personal non-work-related grievances.

These observations highlight the importance of organisations continuing to keep the effective management of whistleblowing issues on their radar, to ensure good governance of the framework, continue to provide an avenue for the disclosure of suspected misconduct, and manage the legal, reputational and ethical risks that may arise as a result of a mismanaged report.

Case developments

A whistleblower will be afforded the protections under the Corporations Act when a qualifying disclosure of information is made by an “eligible whistleblower” to any public authority or “eligible recipient” as set out under s 1317AA.  Our insights from our clients’ experiences with the whistleblowing regime over the past five years include that greater clarity is required as to when a disclosure will be considered ‘in scope’ for protection, or when it is an excluded personal work-related grievance.

Since its enactment, there have been few cases in which our private sector whistleblowing laws have come before the courts for testing of the key elements of the regime.

ASIC, Report 758: Good practices for handling whistleblower disclosures, March 2023, p18.

ASIC, Regulatory Guide 270, RG 270.150-157.

ASX, Corporate Governance Principles and Recommendations: Consultation Draft, February 2024p34.

ASIC, Report 758: Good practices for handling whistleblower disclosures, March 2023, p20.

In particular, we note that organisations contemplating making any public statement or announcement in relation to the existence of a whistleblower disclosure or investigation need to carefully navigate a range of overlapping considerations. These include obligations of confidentiality to protect the identity of the whistleblower, ensuring the announcement does not cause detriment to the whistleblower in breach of the regime’s non-detriment provisions, ensuring the statement is not misleading or deceptive, and carefully managing non-waiver of privilege over any advice or advice-related documents created in the process.

With relatively limited guidance so far from the courts on the various elements of the whistleblower laws, we are interested to see what may come from any public consultation arising from the impending statutory review. and what any consequential amendments will mean for those who seek to make a disclosure, and those who receive and investigate such disclosures.

Our clients’ perspectives

In light of the upcoming statutory review, we asked a sample of our clients about their frontline experience with the current whistleblower regime in the five years since its enactment. Through an online survey, we asked several of our individual instructors across a range of industries a short series of questions to seek to understand how their organisations are managing compliance with the regime.  

Key insights

  • Only 25% of responses described the readiness of the eligible recipients in their organisation as “very prepared” (in that they have all have received training and understand their role, or have recent disclosure-handling experience).
  • 8% of responses identified they handle whistleblower disclosures through expansion of existing roles to create a whistleblower program function (such as existing C-suite members taking on whistleblowing oversight rather than the creation of positions dedicated to whistleblowing duties).
  • 5% of responses reported that “almost all” whistleblower disclosures to their organisation are anonymous.

What would you change about the whistleblower regime?

We asked our clients what they would change about the private sector whistleblower regime and a common theme was an overwhelming need for greater clarity. In particular:

  • Greater clarity on what constitutes an eligible report (in particular, to reduce ineligible reports unnecessarily being investigated).
  • More guidance on how to manage anonymous reports.
  • Clarity on important terminology within the regime – including “personal work-related grievances” and, a key concept in framing the misconduct that is eligible for protection, an “'improper state of affairs or circumstances”.

What is your organisation’s position on bullying and harassment complaints being addressed through the whistleblower program?

Almost a third of responses reported that bullying and harassment constitutes reportable conduct and should be regarded as a protected disclosure.

But still, nearly 20% of responses indicated that their organisation holds no clear position on this question, and they will take advice each time such a disclosure is received.

Has the whistleblowing regime improved your organisation's handling of reports about suspected misconduct or impropriety?

62.5% of responses felt the whistleblowing regime had resulted in “some improvement” in their organisation's handling of reports of misconduct. Specifically, clients noted the required updating of their whistleblower policy and training of personnel has provided greater confidence in handling disclosures lawfully.

Yet nearly 20% of responses identified “no material improvement” in their organisation’s handling of reports, indicating further clarity around the regime is required and perhaps even a need for support to identify and address underlying systemic issues. This is particularly significant given the sizeable investment we know our compliance-focussed clients have made in the development of their whistleblower policies and supporting procedures and frameworks.

Verbatims: re If there was one thing you could change about the private sector whistleblower regime, what would it be?

We expect the statutory review will include a public consultation process to enable those on the front line to provide feedback on these challenges and uncertainties, and consequential amendments or regulatory guidance to address them. 

Key takeaways

As we see an increase in activity from whistleblowers, ASIC and ASX guidance demands that organisations’ focus evolves towards ensuring whistleblowing is seen and managed as a Board governance and risk-management issue and not an HR issue or management compliance requirement. The insights of our clients amidst the pending five-year review provide a useful reminder that an effective whistleblower program is not one-size-fits-all. Material questions and uncertainties remain as to what ‘good’ looks like from a regulator’s perspective, measured against ongoing uncertainty about key concepts and what is realistically achievable in a resource-constrained environment.

Whilst we await more information as to the process for, and opportunities to participate in, the upcoming statutory review, the complex day-to-day work of handling disclosures in the real world continues. The organisations that will best meet those challenges today and into the next five years, are those whose whistleblower programs are and are regularly assessed as being fit for purpose, whose Boards have oversight of and accountability for the program, and whose non-executive and executive leaders set a culture from the top that promotes safety in speaking up openly, so that access to the whistleblowing regime – anonymously or otherwise – becomes an avenue of last resort.

Categories

Reference

  • [1]

    ASIC, Report 758: Good practices for handling whistleblower disclosures, March 2023, p18.

  • [2]

    ASIC, Regulatory Guide 270, RG 270.150-157.

  • [3]

    ASX, Corporate Governance Principles and Recommendations: Consultation Draft, February 2024p34.

  • [4]

    ASIC, Report 758: Good practices for handling whistleblower disclosures, March 2023, p20.

MEET THE AUTHORS

LATEST THINKING
Insight
Yes, for King & Country too: The Full Federal Court confirms broad interpretation of Crown copyright exemption
ast May, we wrote about the test case, Australian News Channel Pty Ltd v Isentia Pty Ltd [2024] FCA 363, in which the Honourable Justice Burley made findings regarding the scope of the Crown copyright exception in section 183 of the Copyright Act 1968 (Cth). Section 183 permits the use of copyright material by federal, state and territory governments for ‘the services of the Commonwealth or a State’, subject to an obligation to pay reasonable compensation.

22 May 2025

Insight
Productivity Commission Opens Consultation Period on New Energy Infrastructure
The Productivity Commission is now inviting feedback from industry stakeholders as part of the second phase of its ongoing inquiries into the five pillars of productivity.

21 May 2025

Insight
Leave unraveled: the fly-in, fly-out challenge in leave accrual
Leave entitlements can be deceptively complex. Although the average employee is well aware of their entitlement to four or five weeks off each year for annual leave, and 10 days for personal leave, operationalising that entitlement in a payroll system in the form of leave accruals can cause a headache for employers.

21 May 2025

EXPLORE LATEST THINKING
OUR PEOPLE
LOCATIONS
MEDIA CENTRE
CAREERS
ABOUT US
Explore Our Expertise
Explore insights
Explore Our Insights

Advertising and Targeting Cookies