New legislation designed to create a single whistleblower protection regime under the Corporations Act 2001 will extend to the corporate, financial and credit sectors.

When passed, the legislation will apply to protected disclosures made on or after 1 July 2018.

The Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2017 will afford whistleblowers access to compensation and enhanced protection against victimisation after 1 July 2018, irrespective of when the disclosure was made.

The obligations will extend to all public and large proprietary companies who will now have to implement a whistleblower policy by January 2019 (public companies) and December 2019 (large proprietary companies).

Individuals and corporations who fail to set up a compliant whistleblower policy will be subject to penalties, and failure to comply with new confidentiality and victimisation provisions will be considered criminal offences.

The original legislation – Corporations Act 2001 (Cth) under Part 4AAA – had been in place for over ten years.

Recent high-profile examples, including the 7-Eleven underpayments scandal, highlighted deficiencies in the original legislation, including:

  • The Act was silent on how ASIC should handle information from whistleblowers
  • ASIC was not mandated or enabled to ensure the rights of whistleblowers are protected
  • ASIC had difficulty legally resisting requests during litigation for whistleblower information including the whistleblower’s identity.

In addition to harmonising existing protections, the new legislation is aimed at:

  • A broader group of informants who fall within the protection regime, including former officers, employees and suppliers, associates of the entity and family members of employees
  • Introducing new statutory protections for whistleblowers in relation to consumer credit laws and taxation
  • Expanding current protections to take into account disclosures concerning corporate corruption, bribery, fraud, money laundering, terrorist financing or other serious misconduct
  • Abolishing the ‘good faith’ requirement, effectively allowing anonymous disclosures and providing immunities to whistleblowers regarding the type of disclosure made.

Businesses should not only determine whether they are required or should have compliant whistleblower policies, but also consider what risk mitigation actions are required given the increased likelihood in the future of an action by a whistleblower.