Navigating the New Whistleblower Laws – Part 2

Published 22 November 2019

In our recent newsletter, we examined some of the key changes of the expanded corporate whistleblowing scheme that has been in force since 1 July 2019.

This week, in part 2 of our newsletter, we will take a look at who is required to have a whistleblower policy under the expanded corporate whistleblower scheme and what is required for the whistleblower policy to be compliant with the legislation.

Who needs a whistleblower policy?

Public companies and large proprietary companies are required to have a compliant whistleblower policy in place by 1 January 2020. A large proprietary company is one which has any two of the following apply:

  • The company (including any entities it controls) has 100 or more employees;
  • The consolidated revenue of the company (including any entities it controls) for the financial year is $50 million or more; or
  • The value of the consolidated gross assets of the company (including any entities it controls) at the end of the financial year is $25 million or more.

Although not all companies are required by the legislation to have a policy, given the substantial changes to the legislation and the significant consequences for non-compliance, we recommend that all companies covered by the expanded corporate whistleblower scheme implement or update their whistleblower policy.

Requirements for a whistleblower policy

To be compliant with the new whistleblower legislation, a whistleblower policy is required to set out the following information:

Protections available to whistleblowers

As outlined in part 1 of our newsletter, whistleblowers are protected under the legislation from any detrimental conduct against them. Whistleblowers are also entitled to make an anonymous report, and have their identity kept individual. A whistleblower policy will need to address these protections.

Who disclosures can be made to and how they can be made

Under the legislation, disclosures can be made to ‘eligible recipients’ which include officers of the company and senior managers. However, companies can also choose to designate who disclosures should be made to. This could include nominating a specific ‘Whistleblower Officer’ to receive disclosures, or could also include reference to an external whistleblowing service. Whoever the company chooses to receive a disclosure  should be outlined in the policy.

How the company will support whistleblowers and the protections that whistleblowers have

Under the legislation, companies are required to ensure that the whistleblower’s identity remains confidential (unless they consent otherwise), and to take reasonable steps to ensure the whistleblower does not suffer any detrimental conduct.

Companies should also consider how else the whistleblower can be supported. This may involve designating a staff member as the ‘Whistleblower Protection Officer’ whose role it will be to protect the interests of the whistleblower. It may also involve making available to whistleblowers an external counselling service or employee assistance program. Whatever support is decided upon should be referenced in the policy.

How protected disclosures will be investigated by the company

It is essential that any whistleblower policy sets out the investigation process that will take place. Key steps in the investigation process that will need to be set out in the policy include who will be conducting the investigation, who will be kept informed of the progress of the investigation, how confidentiality of the whistleblower will be handled throughout the process and what will happen after the investigation has occurred. We recommend that the policy allows for both internal and external investigations.

How the company will ensure the fair treatment of people against whom an allegation is made in relation to a protected disclosure

It is important that if an allegation has been made against any person as part of a whistleblower disclosure, that such a person have an opportunity to respond to the allegation. Further to this, to ensure the person against whom an allegation has been made receives fair treatment, any investigator appointed should be independent of both the accused and accuser. The whistleblower policy will need to outline how your company will ensure the fair treatment of any person accused of misconduct as part of a whistleblower disclosure.

How the policy will be made available to employees and officers of the company

This will vary from company to company, but commonly whistleblower policies are made available on a company intranet, emailed out to staff, or made available on the company’s website.

Consequences of not having a compliant policy

It is a strict liability offence for public companies or large proprietary companies to fail to implement a compliant whistleblower policy by 1 January 2020. In the event of non-compliance, companies may face fines of up to $126,000.

Howe we can help

Having a compliant whistleblower policy is vital for all companies to ensure that the obligations of the expanded corporate whistleblower scheme are met. Olexo Workplace Law is able to assist with preparing a compliant whistleblower policy, as well as being able to assist with staff training in relation to their obligations.

Contact us today on 02 8436 2500 or via email to to get started.

This content is general in nature and provides a summary of the issues covered. It is not intended to be, nor should it be relied upon, as legal or professional advice for specific employment situations.

Olexo Workplace Law recommends that specialist legal advice should be sought about specific legal issues.