Whistleblower protection legislation – what do organisations need to know?

This article was originally published 28 October 2019.

Whistleblowers are key to identifying and calling out misconduct within organisations that harm consumers and the community. On 1 July 2019, legislation was passed requiring large proprietary companies and public companies* (including companies limited to guarantee) to have a whistleblowing protection policy in place by 1 January 2020. This legislation provides greater protections for whistleblowers to encourage them to come forward without fear of reprisal.

*Note: Broadly, a company is a ‘large’ proprietary company if it exceeds any two of the three following criteria:

  • Have $25 million in consolidated gross assets at the end of the financial year
  • Generate $50 million in consolidated revenue for the financial year
  • Employ 100+ staff at the end of the financial year.

Not-for-profits with annual revenue less than $1 million are exempt from the requirement to have a whistleblower policy. ASIC has provided guidance to assist companies in meeting their obligation to have a whistleblower policy.

The importance of compliant policies

Organisations that meet the ASIC criteria must have compliant policies in place to address the legislation, which ensure there are protections in place for the whistleblower. These protections relate to any reprisal or detriment to the reputation of the whistleblower or their employment. The legislation provides examples of these detriments.

In addition, there needs to be a necessary internal awareness strategy in place within these organisations that details the creation and implementation of the policy. There should be both a training program for staff administering the policy, as well as an awareness program for employees affected by the policy.

Organisations subject to the legislation should also consider seeking legal advice for the implementation of the policy, as there are significant penalties for non-compliance to the legislation. These non-compliance penalties can become known once a whistleblower has already disclosed their allegations, often to the detriment of the organisation.

Is your compliance policy effective?

Having in place a policy is one thing, but making sure it is effective is another. Organisations must ensure the policy has a mechanism to allow the whistleblower or whistleblower provisions to be effective.

BDO Secure is a hotline that offers a telephone contact or web portal access allowing whistleblowers to make their disclosures independently. These disclosures are then managed through BDO back to the client business. BDO Secure is unique in that it offers a triage process prior to complaints going through the client business and ensures all complaints are managed effectively and with transparency. 

The BDO Forensic services team has the relevant skills and experience to ask the right questions during the triage process, providing informed advice as to what decisions need to be made to address the disclosure. Whether that be doing nothing if the complaint does not meet the criteria, conducting preliminary enquiries to determine the validity of the disclosure, or conducting a full investigation in relation to the disclosure allegations.

If you would like to learn more about the whistleblowing legislation, or are looking for advice in relation to whistleblowing allegations, please contact a member of the BDO Forensic services team.