New Whistleblowing Obligations for the Private Sector – have you got your systems in place?

The Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Cth) came into effect in July this year, finally recognising the need for enhanced protections for private sector whistleblowers. In seeking to protect those that raise concerns about misconduct in Australian companies, the new laws make significant demands on companies and impose tough penalites on those who get it wrong.

The amended laws have widened the scope of protection, including in regard to:

  • who may make a disclosure – not just staff, but former staff, suppliers and relatives are considered whistleblowers and anonymous disclosures are permitted.
  • to whom the disclosure can be made – ‘eligible recipients’ of disclosures  include a company’s officers, senior managers and auditors.
  • matters that can be disclosed – covers reports about ‘misconduct’ or an ‘improper state of affairs’ (personal workplace grievances are specifically carved out).
  • the level of protection for whistleblowers – whistleblowers have greater access to compensation and contractual remedies and there are stiff criminal and civil penalties[i] for individuals that breach confidentiality of a whistleblower’s identity or cause detriment to a whisteblower. Companies will also be liable, unless they can show that they have taken all reasonable steps to maintain thewhistleblower’s confidentiality and protect them from suffering detriment.

The above applies to all companies incorporated under the Corporations Act.  In addition, all public companies[ii], large proprietary companies[iii] and proprietary companies that are trustees of registrable superannuation entities, must implement a whistleblower policy.

These whistleblower policies must include;

  • a summary of the protections available to whistleblowers;
  • to whom protected disclosures should be made, and how they can be made;
  • how the company will support whistleblowers and protect them from resulting detriment;
  • how the company will investigate protected disclosures;
  • how the company will ensure named or affected employees are treated fairly; and
  • how the policy will be available to all officers and employees.

Failure to implement a policy before 1 January 2020 will constitute an offence and penalties will apply.

In the light of the above, immediate priorities for companies should be to:

  1. Decide how whistleblowing is going to work in your company.
  2. Draft and implement a policy. Even if your organisation is not required to have a policy, you will find it difficult to ensure that you do not breach the confidentiality and victimisation provisions without one.
  3. Identify and train your eligible recipients and train your investigators.

The above is just the start of what your company needs to do to have an effective whistleblowing system in place. Making whistleblowing work in practice is not easy but the benefits can be considerable. Obviously whistleblowing assists companies to detect misconduct and have the first opportunity to address any wrongdoing, however done right, internal whistleblowing systems can support a culture of openness which promotes ethics and management accountability, deters misconduct and leads to greater employee retention, engagement and innovation.

SLF lawyers are working with a specialist whistleblowing consultancy firm, Moken Consulting, to ensure our clients have access to the advice they need in this area.


  1. Penalties for individuals can be $1.05 million and three times the benefit derived or detriment avoided and 6 months imprisonment for breach of confidentiality and 2 years for victimisation. Penalties for corporations can result in the greater of $10.5 million, three times the benefit derived or detriment avoided and 10% of annual turnover (up to $525 million).

[ii] Including all charities and not-for-profits which are structured as public companies limited by guarantee – although AISC have indicated that this may be revisited.

[iii] Large proprietary companies are those that satisfy at least two of the following:

  • consolidated annual revenue for the company and any entities it controls of $50 million or more;
  • consolidated gross assets of the company and any entities it controls is $25 million or more;
  • the company and any entities it controls have 100 or more employees.


Leave a Reply

Your email address will not be published. Required fields are marked *