04 July 2019

New corporate whistle-blower laws

This article was written by Andrew Gray.


The enhanced protections for corporate whistle-blowers under the Corporations Act 2001 (Cth) commenced on 1 July 2019.  The laws were enacted to provide a single regime, replacing multiple regimes that were administered by various regulators, and to create stronger statutory protections that will encourage whistleblowing.  The Government’s objective is to improve corporate compliance and promote ethical corporate culture.

Broadened protections

Under the new laws, protection is provided for an eligible person (past or present employee, supplier or contractor) who makes a disclosure to an eligible recipient (see below) of information concerning ‘misconduct or an improper state of affairs’ in relation to a regulated entity (basically a corporation, a bank, an insurer or superannuation entity regulated in Australia, including foreign entities) or its related bodies corporate. 

Without limiting this provision, the new laws specify that information relating to the following matters will qualify as a protected disclosure:

  • conduct that amounts to an offence or contravention of Australia’s corporations and financial services legislation, or any other Commonwealth offence carrying a penalty of at least 12 months imprisonment; or
  • conduct that ‘represents a danger to the public or financial system’.

However, personal work-related grievances are expressively excluded from protection.

A significant change is that a whistle-blower can now make an anonymous disclosure and still be protected.

People who can receive complaints

The list of eligible recipients in the new laws includes an ‘officer or senior manager’ of the regulated entity.  For companies, all directors will be eligible recipients and will need to comply with the strict information controls discussed below.  Significantly, directors of one company in a corporate group will be eligible to receive whistle-blower disclosures made about any of the entities within the group.

Eligible recipients also include regulators and legal practitioners. If a disclosure is made to a regulator, and no action is taken within 3 months, the whistle-blower can disclose the matter to a journalist and continue to be protected.


An eligible recipient (including any director) who receives a whistle-blower disclosure is subject to strict confidentiality obligations and should not disclose the identity of the whistle-blower to anyone without the whistle-blower’s consent.  The only exception to this legislative prohibition is where the eligible recipient discloses the whistle-blower’s identity to:

(1)   a regulator (ASIC, APRA or the ATO); or

(2)   a legal practitioner for the purposes of obtaining advice in relation to the whistle-blower regime.

The eligible recipient should not identify a whistle-blower to any Board member unless specific, informed consent has been provided beforehand.

The details of the disclosure may be disclosed but the recipient will also need to take precautions to ensure that details about the substance of the complaint are strictly limited, and only shared on a ‘needs to know’ basis for the purposes of proper investigation of the disclosure.  Spreading information of this nature risks the identification of the whistle-blower, or victimisation of the whistle-blower for which the company may be liable.

Deemed liability of employers

The new laws impose significant civil and criminal penalties for any victimisation of individuals who have made, or supported those who have made, whistle-blower disclosures.  Compensation orders can be made against an employer, in circumstances where the victimisation was engaged in by an employee, and in connection with their position as an employee.  

In deciding whether to make an order against the employer, the court will have regard to (among other things) whether the employer took reasonable precautions, and exercised due diligence, to avoid the victimisation. As a result, it will be important for employers to implement policies and effective governance mechanisms and training to avoid being deemed liable for the conduct of their employees.  

What do you need to know?

In order to comply with the new laws, organisations should take steps to:

  • update current whistle-blower policies (this is mandatory for public companies and large proprietary companies from 1 January 2020);
  • educate officers and senior managers on their roles under the new laws;
  • develop a governance framework to ensure protected disclosures are properly handled and investigated; and
  • provide general training for employees to understand the avenues through which to make a complaint, and to prevent liability for any reprisal action that may be taken by employees.

For listed entities, the suggestions in box 3.3 of the ASX Corporate Governance Council Principles and Recommendations, 4th Edition, February 2019 are a helpful starting point for the content of whistle-blower policies.

Share on LinkedIn Share on Facebook Share on Twitter Share on Google+
    You might also be interested in

    The Supreme Court of Tasmania recently handed down a decision on privity of contracts in Clarence City Council v Commonwealth of Australia [2019] FCA 1568.

    21 October 2019

    In the recent decision of Sandvik Mining and Construction Australia Pty Ltd v Fisher [2019] WASC 352, the Supreme Court of Western Australia considered an application to prevent the enforcement of an...

    17 October 2019

    The 4th edition of the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations (“4th Edition CGPs”) were released in February this year and will take effect for an ASX...

    14 October 2019

    Discovery of such omissions can lead to very stressful situations for the people involved. Thankfully, a little-known section of the Corporations Act can assist in times like these.

    14 October 2019

    This site uses cookies to enhance your experience and to help us improve the site. Please see our Privacy Policy for further information. If you continue without changing your settings, we will assume that you are happy to receive these cookies. You can change your cookie settings at any time.

    For more information on which cookies we use then please refer to our Cookie Policy.