Companies that fall foul of the new whistleblower laws risk seriously heavy fines. So what should your business and your HR department be doing to comply? Employers who fall on the wrong side of these new whistleblower policies, risk the prospect of being fined up to 10 per cent of their annual turnover. This new whistleblower protection regime came into effect on 1 July 2019.

Which whistleblower protections have changed?

The key changes introduced on 1 July, that affect your HR policies are set out below.

• Protected disclosures now include any breaches of tax laws, ASIC laws and APRA laws, as well as criminal law breaches. Disclosures on systemic issues are also protected, even if they involve legal activities. However, disclosures about personal employment or workplace grievances such as interpersonal conflicts, transfer, promotion and disciplinary decisions aren’t protected.
• More people fall into the category of ‘eligible whistleblowers’, such as anyone who has ever been in a relationship with a company. This includes former employees, contractors, employees of contractors, associates and relatives.
• More people can be ‘eligible recipients’ of disclosures, including senior managers, directors and auditors. In certain circumstances, even journalists and politicians can be eligible recipients.
• Stronger whistleblower protections including anonymity increased immunities against prosecution and protection against victimisation. Whistleblowers are no longer required to act in good faith to be protected, although they need to have reasonable grounds to suspect misconduct.

The federal government introduced the changes by amending the Corporations Act 2001 (Cth) and the Taxation Administration Act 1953 (Cth). Together, these Acts regulate almost all companies, including foreign corporations, trading or financial corporations formed within the limits of the Commonwealth, ADIs, NOHCs, super funds, and insurers.

What penalties apply if your business breaches the new whistleblower laws?

Courts can make orders against a company if they fail in their duty of care to protect a whistleblowing employee. The maximum civil penalties for breaching the confidentiality of an eligible whistleblower’s identity or causing or threatening harm include:

• for individuals, up to $1.05 million (5,000 penalty units); and
• for companies, up to $10.5 million (50,000 penalty units) or 10% of the annual turnover (up to $525 million or 5 million penalty units).

Three actions your company needs to do to comply with the new whistleblower laws

To make sure your company stays on the right side of these laws, we believe there are three things your business should be doing.

Implementing a whistleblower policy

From 1 January 2020, some companies will be required to have a whistleblower policy that complies with the new section 1317AI of the Corporations Act 2001 (Cth) or face a $12,600 fine. This can be drawn up by your Human Resources department.

This includes:

• public companies
• large proprietary companies (characterised by having any two of the following: $50+ million in consolidated revenue; $25+ million or more in consolidated gross assets; or 100+ employees), and
• registrable superannuation entities.

To comply with section 1317AI, the policy must contain:

• the protections available to whistleblowers
• how and to whom an individual can make a disclosure
• how the company will support and protect whistleblowers
• what investigations into a disclosure will proceed
• how the company will ensure the fair treatment of employees who are mentioned in whistleblower disclosures, and
•  how the policy will be made available.

What if you don’t fall under these rules?

Although only certain companies are required to have a whistleblower policy, we strongly recommend all companies create or update their whistleblower policy. We also recommend that your policy includes a scope to conduct investigations internally and externally, and addresses client legal privilege. Your policies should also set out a cohesive process to work through situations where a person subject to disclosure is also authorised to receive it. Finally, as part of these new policies and procedures, we suggest you have a process for determining whether eligible whistleblower consent to be identified during an investigation.

And for listed companies?

ASX-listed companies should also take account of the ASX Corporate Governance Principles and Recommendations, which further recommends that policies:

• link to the company’s values and HR compliance
• identify the types of concerns that may be reported
• provide for the training of employees about the policy and their rights and obligations under it
• provide for the training of managers and others who can receive whistleblower reports about how to respond to them, and
• state they will be periodically reviewed to check that they’re operating effectively and whether any changes are required.

Assessing your current whistleblower procedures

The new regime requires employers and HR departments to analyse and strategise any existing whistleblower procedures they have in place and to rework or replace them where necessary. Further, to protect whistleblowers from harm, ensure any whistleblowers’ information is stored securely in confidentiality and that what you’re doing complies with privacy laws.

Training all your staff in whistleblowing protections

Given these significant changes, we recommend employers provide two types of tailored HR training. The first training program should be for ‘eligible recipients’. This is eligible to members part of the sector such as senior managers, officers, and anyone else authorised to receive disclosures from whistleblowers, including compliance officers. This training should cover the process set out in the company’s whistleblower policy to respond to disclosures. Pay special attention to the importance of protecting the whistleblower’s right to anonymity during the investigation, unless they consent to being identified. Remember you auditors, actuaries, tax agents and BAS agents are also ‘eligible recipients’. Although it isn’t expected fo you to train these people, we recommend you inform them of their new obligations.

The second training program should be for all staff, including all Human Resource employees. This should set out how the whistleblower regime works and how your whistleblower policy provides a process for disclosing and investigating certain matters. It should also be used to provide details of the protections that will be provided to eligible whistleblowers.

What do you need to do right now?

Employers should respond to the new whistleblower regime now to make sure they comply with new laws and that they’re not exposed to the potential of exceptionally high fines. After all, a fine of 10% of annual turnover is high enough to cripple most companies. Don’t have HR issues, have HR solutions. If you’d like to know more about your own company’s circumstances, introducing these policies into your organisation or what practical steps you can take, get in touch.