Businesses Take Note – Whistleblower Protection Reform is Imminent

Whistleblowers are not often loved by the organisations who are exposed by their revelations. For that reason, there are laws that are meant to protect certain categories of whistleblower from reprisals when they disclose information that reveals wrongdoing.

Whistleblower protection laws applying to the private sector in Australia are undergoing substantial changes. These changes are likely to come into effect in a few weeks. The new laws will impose significant new compliance requirements on public and large private companies, which will be required to demonstrate that they have whistleblower protection procedures in place.

The laws will offer broader remedies and protection for people who disclose misconduct by any company to which the Corporations Act applies. Banks, insurers and superannuation trustees will also be affected. So companies need to be aware of these reforms because if they are implemented, the risk of breaching these laws, and the penalties for breach, will be much greater after 1 July 2018.


As we reported in our article last year in the Update Whistleblower Protection Reform Takes a Step Forward, whistleblower protection laws in Australia are a patchwork of inconsistent State and Commonwealth legislation. The weakest of these is Part 9.4AAA of the Corporations Act, which imposes a very sketchily described whistleblower protection regime on all private and public companies in Australia.

In theory Part 9.4AAA makes it unlawful to reveal a whistleblower’s identity, or to take detrimental action against them for disclosing information, but it is ineffective to the point that it is difficult to find any reported court case where it has been used at all, let alone used successfully.

Our previous article reported on the findings last year of a Parliamentary Joint Committee on whistleblower reform, which recommended some radical changes to the whistleblower protection regime in Australia.

A lot has happened since then. Late last year an exposure draft of legislation entitled the Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2017 (Bill) was introduced. The Bill proposed significant amendments to the whistleblower protection laws in the Corporations Act. In March the Senate Economics Committee recommended that the Bill be passed. It contemplates that the changes will become effective from 1 July 2018.

Notwithstanding that this is only 2 months away, the final shape of the new laws is not yet certain. Whatever the end result, it is clear that the reforms will require many Australian businesses to either reconsider how they deal with whistleblowers, or to start thinking about the issue for the first time.

What is going to change? 

Most of the reforms, while important, are not unexpected and simply address some of the more glaring shortcomings of the current legislation.

For example, the only people who qualify for protection from detrimental action under the Corporations Act at the moment are current officers, employees and contractors of a company. This will be expanded to include past officers, employees and contractors, associates of the company, and the relatives of those people (referred to in the Bill as “Eligible Whistleblowers”).

The heavily criticised requirement that disclosures by whistleblowers must be made “in good faith” will be removed.

The range of matters about which disclosures can be made has also been substantially increased. The existing laws only cover breaches by companies of the Corporations Act and the ASIC Act. The proposed reforms will give Eligible Whistleblowers protection generally for disclosures relating to “misconduct, or an improper state of affairs or circumstances” (currently these terms are not defined). But specific protection is given for disclosures that point to –

  1. breaches of particular legislation in the corporate, financial and credit sectors;
  2. any breaches of Commonwealth legislation punishable by imprisonment of 12 months or more; or
  3. behaviour which represents a danger to the public, or to the financial system.

The Corporations Act currently requires whistleblowers to identify themselves to the person to whom they disclose information. This is a huge disincentive to many potential whistleblowers, and the requirement will be removed if the Bill is passed in its current form, thereby allowing the protection of anonymous whistleblowers. Penalties for the unauthorised disclosure of the identity of whistleblowers, and for victimisation of whistleblowers, are much more clearly defined – $200,000 for individuals and $1 million for companies.

The new laws will be more “whistleblower friendly” in other ways. Compensation for detrimental action against them is better defined, and easier to get, and whistleblowers will not be liable for the costs of unsuccessful claims for compensation unless they are brought vexatiously.

Where is your whistleblower policy? 

The Bill requires public companies and large proprietary companies[1] to have a whistleblower protection policy in place. It must be available to officers and employees of the company. The policy must set out the legal protections available to whistleblowers, and provide information about how the company will protect and support them, and investigate their disclosures.

This requirement will need to be carefully considered by the companies to which it applies. Failure to have a policy will be an offence. At the moment the letter of the (proposed) law may be largely satisfied by the passive provision of information; but the spirit of the law requires the active implementation of procedures to deal with whistleblowers and their disclosures.

Businesses which must implement a whistleblower protection policy would be well served by treating it as something other than a tiresome compliance exercise. It will be important to make sure that the appropriate management of whistleblowers is understood at a cultural level throughout an organisation. Fortunately, it looks like most companies will have until the beginning of 2019 to comply with this aspect of the Bill.

What is not changing? 

The Bill does not say anything about the more radical recommendations of the Parliamentary Joint Committee last year, in particular the establishment of a central Whistleblower Protection Agency and the idea of monetary rewards for whistleblowers. These would be radical changes and would be hard to implement, but we may not have heard the last of them. The Bill still has to get through the Senate where the remaining members of the Nick Xenophon Team, which instigated this reform process in late 2016, may want to see revolutionary rather than evolutionary changes.

The Bill also does little to change the fragmentary nature of whistleblower protection in this country. Companies will still operate under a completely different regime to that which applies in the public sector; and within the public sector, the laws that apply at a Commonwealth and State level will remain quite different, with the Not For Profit sector still being largely unregulated.


Reform to whistleblower protection laws in Australia have gathered a lot of momentum in the last six months. The final version of the legislation is likely to be determined in the next few weeks in the Senate, during the exposure by the Royal Commission of some of the most serious corporate misconduct this country has seen for a generation. Owners and managers of private businesses need to watch this space.

[1] A private company with at least 2 of the following attributes; revenue greater than $25 million, 50 or more employees, or gross assets of $12.5 million

The information published in this paper is of a general nature and should not be construed as legal advice. Whilst we aim to provide timely, relevant and accurate information, the law may change and circumstances may differ. You should not therefore act in reliance on it without first obtaining specific legal advice.