Earlier this year, the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Act) passed and the new laws took effect on 1 July 2019. The new laws introduced a strong yet simple (well, simpler) regime for protecting whistleblowers to encourage disclosure of crime and misconduct in the private sector.
Part of the regime is a requirement for public and large proprietary companies to deal with disclosures in a certain manner, have a compliant policy for receiving and investigating disclosures (which also touches on the matters set out in guidelines issued by ASIC this month) and carry out staff training. The kicker is, companies need to be compliant now and need to have policies in place by 1 January 2020. 😮
Your company needs to comply if:
1. It is a public company;
2. It is a public company limited by guarantee (usually, a charity) with revenue over $1m; or
3. It is a proprietary company (i.e. “Pty Ltd”) with two of revenue over $50m, assets over $25m and 100 employees.
The regime applies to whistleblower disclosures made by eligible people, to eligible recipients about reasonably suspected misconduct or an improper state of affairs. There are also niche rules for public interest disclosures and emergency disclosures.
Once a disclosure is made within the regime, the whistleblower automatically gains statutory protections for strict confidentiality, liability and admissions as well as protection against detrimental treatment or reprisal actions.
Severe civil and criminal penalties will apply to breaches of the requirements and protections, and courts are empowered to make orders for relief against a company if they fail to prevent the whistleblower suffering from detriment in addition to the company’s usual vicarious lability for employee actions.
Failure to have a compliant policy by 1 January could mean a penalty of $12,600.00. Breaching confidentiality of a whistleblower’s identity or causing or threatening detriment could mean a penalty of up to $1.05 million (for individuals) or the higher of $10.5 million or 10% of the annual turnover up to $525m (for companies). So, under the new laws, a company could be fined $10m if the whistleblower’s identity is disclosed by one officer to another. Yeah, the confidentiality provisions are THAT strict.
Don’t be blowing in the wind on January 1. Get in touch for a compliant whistleblower policy and supporting procedure to avoid your company being at risk.