Enhanced Whistleblower Protections: What does it mean for your Company?

image description
Naomi Fink Special Counsel Linkedin

As of 1 July 2019, potential whistleblowers across Australia will enjoy an added layer of statutory protections.  The Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Cth) (‘the Amendment’) has expanded the whistleblower protections previously contained in the Corporations Act 2001 (Cth) (‘Corporations Act’), and has inserted new protections into the Taxation Administration Act 1953 (Cth) in relation to breach of tax laws or tax-related misconduct.

In this article we will consider the Corporations Act amendments, although we note that the changes to the Taxation Administration Act are largely similar.  The Amendment will drastically broaden the scope of Australian whistleblower protections in relation to:

  • who may make a disclosure;
  • who disclosures can be made to;
  • what matters are disclosable; and
  • what protections are available to whistleblowers.

Although the protections will apply to all companies registered under the Corporations Act, the new regime will require some companies to also have a whistleblower policy in place which complies with the statutory requirements.

What must a corporate whistleblower policy include?

The Amendment requires public companies, large proprietary companies1, and trustees of a registrable superannuation entity (within the meaning of the Superannuation Industry (Supervision) Act 1993 (Cth)) to have a whistleblower policy that complies with the statutory requirements.  Moreover, these companies must make their whistleblower policy available to all officers and employees.

Whistleblower policies will need to include information about:

  • the protections available to whistleblowers;
  • to whom disclosures may be made, and how they may be made;
  • how the company will support whistleblowers and protect them from detriment;
  • how the company will investigate disclosures that qualify for protection;
  • how the company will ensure fair treatment of employees of the company who are mentioned in disclosures that qualify for protection, or to whom such disclosures relate; and
  • how the policy is to be made available to officers and employees of the company.

Who may make a disclosure?

The Amendment defines those individuals who may be eligible for protection as eligible whistleblowers.  This definition is much more expansive than the previous definition of ‘discloser’, and includes individuals who are currently, or have formerly been:

  • an officer or employee of the regulated entity;
  • an individual who supplies services or goods to the regulated entity (whether paid or unpaid), and/or their employees;
  • an individual who is an associate of the regulated entity; and
  • a relative or dependant of any of the above categories.

These individuals must be eligible whistleblowers in relation to a regulated entity.  The definition of regulated entity includes:

  • companies registered under the Corporations Act;
  • constitutional corporations (under s 51(xx) of the Constitution);
  • authorised deposit-taking institutions;
  • general insurers; and
  • superannuation entities.

The inclusion of individuals who have previously been involved with a regulated entity (e.g. past employees), along with relatives or dependants of any eligible individuals, has drastically widened the class of persons who may be protected.

Importantly, the Amendment also provides that disclosures can be made anonymously, whereas previously a discloser was required to reveal their identity to receive protection.

Who can disclosures be made to?

To qualify for protection under the Amendment, disclosures must be made to a regulated entity, a prescribed regulator, or a legal practitioner for the purpose of obtaining legal advice or representation.  The Amendment specifies both ASIC and APRA as eligible regulators.

As discussed above, the definition of regulated entity includes bodies corporate.  Within regulated entitieseligible recipients of whistleblower disclosures include:

  • an officer, or senior manager of the body corporate (or related body corporate);
  • an auditor, or member of an audit team conducting an audit of the body corporate (or related body corporate);
  • an actuary of the body corporate (or related body corporate); and
  • a person authorised by the body corporate to receive disclosures that may qualify for protection.

What is a disclosable matter?

The Amendment has widened the scope of matters that may justify a whistleblowing disclosure.  Under the current regime, protected disclosures can only be made in relation to suspected contraventions of the Corporation Act.  Following the Amendment, disclosable matters will now include conduct that may:

  • give rise to misconduct, or an improper state of affairs or circumstances in relation to the regulated entity (or a related body corporate);
  • constitute an offence against one of the named Acts (including the Corporations Act, ASIC Act 2001 (Cth)Banking Act 1959 (Cth), and more);
  • constitute an offence against any other Commonwealth law, punishable by imprisonment for a period of 12 months or more; or
  • represent a danger to the public or the financial system.

Finally, the Amendment includes protections for both emergency disclosures and public interest disclosures.  These provisions will, in extreme circumstances, allow whistleblowers to make protected disclosures to a Member of Parliament or a journalist where:

  • the information concerns a substantial and imminent danger to the health or safety of people or the environment; or
  • it would be in the public interest to disclose the information.

Notably, the Amendment has explicitly excluded personal work-related grievances from the protective regime.  Personal grievances are those which relate to the discloser’s employment in a personal capacity, such as an interpersonal conflict between the discloser and another employee.

What protections are available to whistleblowers?


First and foremost, eligible whistleblowers can make anonymous disclosures under the amended legislation.  The Amendment further makes it an offence to breach the confidentiality of a whistleblower by revealing their identity or information that would likely lead to their identification.  The relevant provision is also a civil penalty provision.

However, a person may disclose the identity of a whistleblower to ASIC, APRA, the Australian Federal Police, or a legal practitioner for the purposes of obtaining legal advice or representation.

Detrimental conduct

The Amendment states that an eligible whistleblower will not be subject to any civil, criminal, or administrative liability for making a disclosure.

Moreover, the Amendment provides for a variety of judicial remedies in the event that a person engages in, or threatens to engage in, detrimental conduct towards another person.  For example, a court has discretion to order a person to pay compensation to another person for loss, damage or injury suffered as a result of detrimental conduct.


The Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Cth) will create greater opportunities for whistleblowers to come forward across Australia.  The Amendment has expanded: the class of individuals who may make a disclosure, to whom they can make disclosures, what matters are disclosable, and the protections available to whistleblowers.  It also imposes more onerous statutory obligations in relation to mandatory policy requirements.

Increased protections for whistleblowers may create additional risk for your company.  We have prepared a whistleblower policy template to assist you comply with your obligations.  If you would like help tailoring the policy, or updating or creating an existing whistleblower policy that will comply with the amended legislation, contact our Financial Services Team.

Contact Us Our Expert Team Our Training

Author: Naomi Fink (Special Counsel)

1 To come within the definition of a large proprietary company, the company must satisfy at least 2 of the following paragraphs (for a financial year):

(a) the consolidated revenue for the financial year of the company and the entities it controls (if any) is $50 million or more;
(b) the value of the consolidated gross assets at the end of the financial year of the company and the entities it controls (if any) is $25 million or more;
(c) the company and the entities it controls (if any) have 100 or more employees at the end of the financial year.