Do the new whistleblower laws affect you?


Posted By on 25/03/19 at 5:08 PM

The Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2018 has recently passed both houses of parliament and is now awaiting royal assent.  The Bill was introduced in response to the perceived lack of a protection scheme applicable to whistleblowers in the corporate arena, and the complexities raised by the otherwise “confusing web” of existing whistleblower protection regimes.

In summary, the Bill:

  1. amends the Corporations Act to strengthen and consolidate pre-existing whistleblower protections into a single protection regime;
  2. amends the Taxation Administration Act to create a protection regime for whistleblowers who report breaches of tax law and misconduct; and
  3. otherwise repeals existing financial sector whistleblower protections.

The Bill introduces several obligations affecting corporations, chief among them being the mandatory introduction of whistleblower policies. The Bill has been passed by both houses of parliament and is now awaiting royal assent.

Whistleblower policies

Who: public companies and large proprietary companies. A large proprietary company is one with consolidated yearly revenue (including the entities it controls (if any)) of at least $25 million, consolidated gross assets of $12.5 million, or more than 50 employees.

What: a company’s whistleblower policies must include the following information about:

  • the protection available to whistleblowers
  • the persons to whom disclosure can be made that qualify for protection, and how such disclosures can be made
  • how the company will support whistleblowers and protect them from detriment
  • how the company will investigate disclosures that qualify for protection under the Corporations Act
  • how the company will ensure fair treatment of employees who are mentioned in eligible disclosures
  • how the whistleblower policy is to be made available to officers and employees, and
  • Any other matters prescribed by the Corporations Act in terms of whistleblowing.

By law, there is no longer a requirement for a whistleblower to reveal their identity when making a disclosure, and whistleblowers must instead be permitted to make disclosures anonymously. Whistleblowers can by law make a disclosure directly to the Australian Securities and Investments Commission (ASIC) or the Australian Prudential Regulation Authority (APRA). Companies should consider the circumstances in which they will contact ASIC, APRA, or the Australian Federal Police in respect of a whistleblower’s disclosure.


  • Public companies and proprietary companies that are trustees of a superannuation entity must have a whistleblower policy from 1 January 2020, and
  • Large proprietary companies must have a whistleblower policy from 1 January 2021 if its financial year ends on 30 June 2020. If not, the date for introducing a whistleblower policy is 6 months after the last day of its financial year.

Penalties apply if companies do not have compliant whistleblower policies in place after the respective deadlines above.

Training for eligible recipients

The following persons are ‘eligible recipients’ for the content of a whistleblower’s disclosure:

  • Officers or senior managers of the company, or its related body corporate
  • Auditors or members of an audit team conducting an audit of the company or its related body corporate
  • Actuaries of the company or its related body corporate, and
  • A person authorised by the company to receive whistleblower disclosures.

Eligible recipients should receive training to ensure that they are aware of the procedures to be followed when receiving a whistleblower disclosure, and all aspects of the company’s whistleblower policy.


Penalties apply if the confidentiality of a whistleblower’s identity is breached, or if an employee or officer of the company causes “detriment” (whether through actual actions or through the making of threats) to the whistleblower, and a court has the power to order compensation in respect of the detriment suffered. The financial penalties are a maximum of $200,000 for an individual, or $1 million for a company.

“Detriment” includes:

  • dismissal of an employee
  • injury of an employee in their employment
  • alteration of their position or duties to their disadvantage
  • discrimination between an employee and other employees of the same employer
  • harassment or intimidation of a person
  • harm or injury to a person, including psychological harm
  • damage to a person’s property, reputation, business or financial position, or
  • other damage.

Furthermore, the courts have the power to order a person (whether an individual or a company) to pay the Commonwealth if a declaration of contravention has been made, or if the confidentiality of a whistleblower’s identity has been breached, or if there has been victimisation or threatened victimisation of the whistleblower.

Next steps

The Bill is likely to receive royal assent reasonably soon.  Accordingly, now is the time to ascertain whether the new laws will apply to your company, and have a plan in place to ensure compliance.  If you have any questions in this regard, please do not hesitate to contact us.


Amelia Edwards

Amelia Edwards Special Counsel

Since joining us in 2014, Amelia has developed broad commercial experience and interests working across the firm’s practice areas and on secondment. She holds a Bachelor of Arts (Anthropology)... Read More