House of Representatives

Revised Explanatory Memorandum

(Circulated by authority of the Assistant Treasurer, the Hon. Stuart Robert MP)

Chapter 2 Improving protection for whistleblowers in the corporate and financial sectors

Outline of chapter

2.1 This Chapter describes the amendments to the Corporations Act set out in Part 1 of Schedule 1 to this Bill.

2.2 The amendments create a consolidated whistleblower protection regime for the corporate and financial sectors.

Context of amendments

Existing laws

2.3 The existing Part 9.4AAA of the Corporations Act confers protections and remedies on corporate whistleblowers in respect of any disclosures about actual or potential contraventions of Corporations legislation.

2.4 These protections and remedies include:

•

limited protection from civil or criminal liability for making the disclosure (for example, for defamation);

•

constraints upon employer rights to seek contractual remedies against the whistleblower (including any contractual right to terminate employment) arising as a result of the disclosure;

•

prohibitions upon victimisation of the whistleblower;

•

a right of the whistleblower to seek compensation if damage is suffered as a result of victimisation; and

•

prohibitions against the revelation of the whistleblower's identity or the information disclosed by the whistleblower, with limited exceptions.

2.5 These protections have been criticised as being limited and overly complex. Specifically, to qualify for protection a whistleblower must:

•

be a current officer or employee of the company in question or a current contractor:

-

this has meant that past employees, contractors for example, who may have ceased their association with the company in question for a variety of reasons cannot make a protected disclosure;

•

make the disclosure in good faith:

-

this requirement undermines whistleblower protections, as whistleblowers often have other grievances or motivations against a company, so may not be protected. The motivation for making a disclosure is not relevant to the policy reasons for protecting whistleblowers;

•

have reasonable grounds to suspect that either the company, or some of its officers or staff, have breached (or might have breached) a provision of the Corporations legislation (that is, the protections are not available for disclosures relating to breaches of any other statute);

•

this limited coverage means that actual and potential whistleblowers in the corporate and financial sectors would need to consult a number of Acts to know whether they are protected; and

•

provide their names before making the disclosure:

-

this requirement has meant that anonymous disclosures are not protected.

2.6 Whistleblower protection regimes are contained in the statutes administered by APRA (or those where administration is shared with ASIC), namely:

•

the Banking Act;

•

the Insurance Act;

•

the Life Insurance Act; and

•

the Superannuation Industry (Supervision) Act.

2.7 While these are similar to the protections and remedies set out in the Corporations Act, there are important differences. Each of the whistleblower regimes in the above Acts (the financial sector whistleblower regimes) protects a disclosure of information concerning misconduct or an improper state of affairs or circumstances in relation to entities regulated under it.

2.8 Protections apply if the whistleblower considers the information disclosed may assist the recipient of the information to perform duties or functions in relation to the regulated entity. The regulated entities are:

•

ADIs, authorised NOHCs and subsidiaries of authorised NOHCs;

•

general insurers and authorised NOHCs;

•

life companies and registered NOHCs; and

•

superannuation entities.

2.9 Under the Banking Act for instance, a person may qualify for protection if the disclosure:

•

relates to misconduct, or an improper state of affairs or circumstances in relation to an ADI, authorised NOHCs and subsidiaries of authorised NOHCs; and

•

the person considers that the information may assist the recipient of the disclosure to perform his or her functions or duties.

2.10 Similar requirements are set out for insurers and superannuation entities in the Life Insurance Act, the Insurance Act and the Superannuation Industry Supervision Act, with some minor differences to reflect the role of actuaries for insurers and superannuation entities as well as the role of superannuation trustees.

2.11 Currently, there are no whistleblower protections for disclosures relating to misconduct in relation to the National Consumer Credit Protection Act or the Data Collection Act.

Summary of new law

2.12 Part 1 of Schedule 1 to this Bill consolidates the existing whistleblower protections and remedies for corporate and financial sector whistleblowers while strengthening and broadening these protections in a substantial way. Broadly the amendments fall into four categories:

•

the conduct that may be the subject of a disclosure that qualifies for protection and entities that can be the subject of such a disclosure;

•

individuals who can make a qualifying disclosure;

•

persons to whom a qualifying disclosure can be made; and

•

remedies and processes available for whistleblowers.

2.13 The Minister must cause a review of the amended Corporations Act whistleblower regime, and the new tax whistleblower regime, as soon as practicable after the end of five years after the amendments in the Bill commence.

Entities and conduct about which a qualifying disclosure may be made

2.14 The type of entity and the conduct that may be the subject of a disclosure that qualifies for protection (described hereunder as a 'qualifying disclosure') have been expanded.

2.15 Entities that may be the subject of a qualifying disclosure now include all corporations to which paragraph 51(xx) of the Constitution applies. These entities are defined in the new law as regulated entities.

2.16 The conduct that may be the subject of a qualifying disclosure includes actual or suspected conduct by a regulated entity that is:

•

misconduct, or an improper state of affairs or circumstances in relation to a regulated entity;

•

contravention of any law administered by ASIC and/or APRA;

•

conduct that represents a danger to the public or the financial system; or

•

an offence against any other law of the Commonwealth that is punishable by imprisonment for a period of 12 months or more.

2.17 Disclosures that concern personal employment grievances of the discloser only, and do not have significant implications for a regulated entity, have limited protection.

Who can make a qualifying disclosure?

2.18 A qualifying disclosure can be made by an individual who is or has been in a relationship, such as employee, with the regulated entity about which the disclosure is made. These individuals are defined in the new law as eligible whistleblowers.

2.19 The motivation of the eligible whistleblower is no longer relevant, nor is the currency of the relationship.

Eligible recipients of a disclosure

2.20 Persons to whom a qualifying disclosure may be made are defined in the new law as 'eligible recipients'.

2.21 In certain public interest or emergency circumstances a disclosure made to a Member of Parliament or journalist may qualify for protection.

Protections and remedies for whistleblowers

2.22 The level of protection provided for whistleblowers by the new law has been increased by:

•

strengthening the requirement of confidentiality of a whistleblower's identity, including:

-

no longer requiring whistleblowers to identify themselves when making a disclosure;

-

ensuring that persons, including regulators, cannot be required to disclose the identity of a whistleblower to a court or tribunal without a court order;

•

strengthening the immunities provided to whistleblowers and ensuring that information they disclose is not admissible in evidence against them in a prosecution;

•

broadening and clarifying the prohibition against victimisation of whistleblowers and other individuals who suffer victimisation in relation to a disclosure, including:

-

adding a civil penalty option for prosecution for victimisation; and

-

adding a broad inclusive definition of 'detriment';

•

providing that generally a court may not make a cost order against a whistleblower or other individual seeking remedies for victimisation, to ensure that such individuals are not deterred from bringing proceedings by potential adverse costs orders; and

•

requiring public companies, large proprietary companies and registerable superannuation entities to have whistleblower policies, and to make the policies available to their officers and employees.

2.23 The remedies and protections available to whistleblowers and other individuals who suffer detriment or a threat of detriment in relation to a qualifying disclosure have been expanded to include:

•

making it easier for individuals who suffer detriment in relation to a protected disclosure to claim compensation;

•

ensuring bodies corporate that are or were employers of a whistleblower or other individual who suffer detriment in relation to a protected disclosure, are liable if they contributed by act or omission to detrimental conduct;

•

extending the range of orders a court may make in respect of whistleblowers and other individuals who suffer detriment in relation to the making of a protected disclosure, including injunctions and apologies;

•

clarifying that a court may order reinstatement of a person whose employment is terminated, or purported to be terminated, in relation to the making of a protected disclosure;

•

providing that a court may order exemplary damages if it thinks appropriate; and

•

reversing the burden of proof in compensation claims once the claimant has adduced or pointed to evidence that suggests a reasonable possibility that a defendant has engaged in conduct that caused detriment or threatened to do so.

Comparison of key features of new law and current law

Detailed explanation of new law

Expanding the scope of disclosures qualifying for protection

2.24 The new law broadens the subject matter of disclosures that qualify for protection, to encompass and enhance those covered under the existing corporate and financial sector whistleblower regimes. [Schedule 1, item 2 section 1317AA]

2.25 Disclosures may qualify for protection if made by an individual (whistleblower) who is an eligible whistleblower in relation to the regulated entity in relation to which the disclosure is made. The entities that are regulated entities are discussed below. [Schedule 1, items 1 and 2, section 9 and subsection 1317AA(1)]

2.26 A disclosure may qualify for protection if made to:

•

ASIC or APRA (or other Commonwealth body that is prescribed by regulations) [Schedule 1, item 2 paragraph 1317AA(1)(b)];

•

an eligible recipient (the categories of eligible recipient are discussed below) [Schedule 1, item 2, subsection 1317AA (2)]; or

•

a lawyer for the purposes of obtaining legal advice or representation on the operation of the new whistleblower regime [Schedule 1, item 2, subsection 1317AA(3)].

2.27 The matters that may be the subject of a qualifying disclosure, and the individuals who are eligible whistleblowers in relation to an entity are discussed below.

Disclosures to ASIC, APRA or prescribed body

2.28 A disclosure by an eligible whistleblower to ASIC, APRA, or other Commonwealth body prescribed by regulation, qualifies for protection if it is of information about a disclosable matter. The subject matters that can be disclosable matters are described below. [Schedule 1, item 2, paragraph 1317AA(1)(c)]

Disclosures to eligible recipients

2.29 A disclosure by an eligible whistleblower to an eligible recipient qualifies for protection if it is of information about a disclosable matter. The categories of eligible recipients in relation to a regulated entity are discussed below. [Schedule 1, item 2, subsection 1317AA(2)]

Disclosure to a legal practitioner

2.30 A disclosure to a legal practitioner for the purposes of obtaining legal advice or representation on the operation of the whistleblower regime qualifies for protection under the new law. [Schedule 1, item 2, subsection 1317AA(3)]

2.31 The disclosure does not have to be about a disclosable matter to be protected, and the individual does not have to be an eligible whistleblower in relation to a regulated entity that is the subject of the disclosure. This ensures that a whistleblower or potential whistleblower can safely seek legal advice as to whether and what protections may apply to them.

Disclosable matters

2.32 A disclosable matter is information the whistleblower has reasonable grounds to suspect:

•

concerns misconduct, or an improper state of affairs or circumstances in relation to the regulated entity (or if the regulated entity is a body corporate) a related body corporate; or [Schedule 1, item 2, subsection 1317AA(4)]

•

indicates:

-

that the regulated entity (or related body corporate) or its officer or employee has engaged in conduct that constitutes an offence against, or a contravention of, the Corporations Act, the ASIC Act, the Banking Act, the Data Collection Act, the Insurance Act, the Life Insurance Act, the National Consumer Credit Protection Act, or the Superannuation Industry (Supervision) Act, or regulations made under those laws;

-

that an offence against any other law of the Commonwealth that is punishable by imprisonment for a period of 12 months or more;

-

that represents a danger to the public or the financial system; or

-

as prescribed by regulation.

[Schedule 1, item 2, subsection 1317AA(5)]

2.33 The more specific categories of conduct set out in new subsection 1317AA(5) are not intended to limit the range of misconduct covered by new subsection 1317AA(4). Rather, they are set out to make clear that certain forms of conduct, including breaches of the Acts administered by ASIC and APRA, and serious offences against other Commonwealth laws, are clearly within the scope of the protections.

2.34 The broad categories of disclosable conduct are also intended to include conduct that may not be in contravention of particular laws. For example misconduct, or an improper state of affairs or circumstances in relation to a regulated entity, may not involve unlawful conduct but may indicate a systemic issue that would assist the relevant regulator in performing its functions.

2.35 Information that indicates a danger to the public or a danger to the financial system is also a disclosable matter. This is intended to cover a broad range of conduct that poses significant risk to public safety or the stability of, or confidence in, the financial system, whether or not it is in breach of any law.

2.36 The amendments give the Minister a power to prescribe other conduct as disclosable conduct in regulations. The regulations are subject to Parliamentary scrutiny through the disallowance procedure in section 42 of the Legislation Act. This power ensures that the law can respond promptly to protect disclosures of emerging categories of wrongdoing.

Personal work-related grievances

2.37 The amendments limit protection for disclosures about solely personal employment related matters, while preserving protection for disclosures about systematic issues or reprisals against a whistleblower. This implements Recommendation 5.1 of the Parliamentary Committee, following recommendations of the Moss Report in relation to the PID Act.

2.38 A disclosure of a personal work-related grievance will remain protected if it concerns detriment to the discloser in contravention, or alleged contravention, of section 1317AC (whistleblower-related victimisation). [Schedule 1, item 2, paragraph 1317AADA(1)(b)]

2.39 A disclosure of a personal work-related grievance will also remain protected if it is made to a legal practitioner for the purposes of obtaining legal advice or legal representation in relation to the operation of the whistleblower provisions. [Schedule 1, item 2, sections 1317AA(3) and 1317AADA(1)]

2.40 The amendments define a disclosure concerning a personal work-related grievance as a disclosure of information that 'concerns a grievance about any matter in relation to the discloser's employment, or former employment, having (or tending to have) implications for the discloser personally'. [Schedule 1, item 2, paragraphs 1317AADA(1)(a) and (2)(a)]

2.41 However, a disclosure is not a personal work-related grievance if it:

•

has significant implications for the regulated entity to which it relates, or another regulated entity, that do not relate to the discloser;

•

concerns conduct, or alleged conduct, in contravention of specified corporate and financial services laws, or that constitutes an offence punishable by 12 months or more imprisonment under any other Commonwealth laws;

•

concerns conduct that represents a danger to the public or the financial system; or

•

concerns conduct prescribed by regulation.

[Schedule 1, item 2, paragraphs 1317AA(5)(c), (d), (e) and (f), and 1317AADA(2)(b)]

Subjective requirement replaced by objective 'reasonableness'

2.42 The new law addresses conclusions of recent reviews that the requirement that a whistleblower makes a qualifying disclosure 'in good faith' creates uncertainty and risk for whistleblowers. It is common for companies accused of wrongdoing to allege subjective or collateral motivation of the whistleblower that may defeat a 'good faith' requirement in whistleblower protection laws.

2.43 The 'good faith' requirement is also inconsistent with the approach taken in the PID Act and Registered Organisations Act, as well as with best practice legislative approaches in other countries including the United Kingdom.

2.44 The amendments remove the concept from the requirements for making a qualifying disclosure, and ensure the protections and remedies are based on the objective reasonableness of the whistleblower's grounds to suspect that information disclosed indicates misconduct or other disclosable matters. [Schedule 1, item 2, subsections 1317AA(4) and (5)]

Expanding the individuals qualifying for protection

Eligible whistleblowers

2.45 The new law expands the categories of individual who can make a qualifying disclosure.

2.46 The amendments create a new concept of 'eligible whistleblower' to define individuals whose relationship with a 'regulated entity' may place them in a position to identify wrongdoing by that entity. Eligible whistleblowers include the categories of person identified above, as well as whistleblowers covered by the existing Banking Act, Life Insurance Act, Insurance Act and Superannuation Industry (Supervision) Act. [Schedule 1, item 2, section 1317AAA]

2.47 Under the new law, an 'eligible whistleblower' is an individual who is, or has been, in a relationship with an entity (the regulated entity) about which a disclosure is made. The listed relationships are intended to cover individuals likely to have information about misconduct or other disclosable matters in relation to the entity.

2.48 The following are eligible whistleblowers:

•

an officer of the regulated entity;

•

an employee of the regulated entity;

•

an individual who supplies services or goods to the regulated entity (whether paid or unpaid);

•

an employee of a person who supplies services or goods to the regulated entity (whether paid or unpaid);

•

an individual who is an associate of the regulated entity;

•

for a regulated entity that is a superannuation entity

-

an individual who is a trustee (within the meaning of the Superannuation Industry (Supervision) Act), custodian (within the meaning of that Act), or investment manager (within the meaning of that Act) of the superannuation entity;

-

an officer of a body corporate that is a trustee, custodian or investment manager of the superannuation entity;

-

an employee of any of the above;

-

an individual who supplies services or goods (whether paid or unpaid) to an individual who is a trustee, custodian or investment manager of the superannuation entity or to an officer of a body corporate that is a trustee custodian or investment manager of a superannuation entity;

-

an employee of a person that supplies services or goods (whether paid or unpaid) to an individual who is a trustee, custodian or investment manager of the superannuation entity or to an officer of a body corporate that is a trustee custodian or investment manager of a superannuation entity to a trustee, custodian or investment manager or a body corporate (whether paid or unpaid);

•

a relative or dependent of any of the above (this includes a spouse, parent or other linear ancestor, child or grandchild, and sibling); or

•

an individual prescribed by the regulations in relation to a type of regulated entity.

2.49 Where a superannuation entity is a body corporate, then the eligible whistleblowers include all of those that are eligible in respect of any other body corporate. [Schedule 1, item 2, section 1317AAA]

2.50 The categories of eligible whistleblowers are intended to ensure that the regime targets those individuals that are most likely to have reliable information about conduct of a regulated entity.

2.51 The Minister is provided with the power to prescribe new categories of whistleblower in relation to particular types of regulated entity to protect new categories of whistleblower who may become apparent. Regulations are subject to Parliamentary scrutiny through the disallowance procedure in section 42 of the Legislation Act. This power ensures that the law can respond promptly to protect disclosures of emerging categories of wrongdoing. [Schedule 1, item 2, section 1317AAA]

Individuals formerly in a relationship with the body corporate or superannuation entity

2.52 Existing corporate and financial sector whistleblower protections apply to person in a current relationship with the company or entity about which the disclosure is made. This presents a gap in current protections, as it precludes former directors, officers and employees, contractors and closely related persons from making protected disclosures.

2.53 The amendments described above expand the categories of protected persons to include a person who was formerly in an eligible whistleblower relationship with a regulated entity. [Schedule 1, item 2, section 1317AAA)]

Expanding the entities about which a protected disclosure may be made

Regulated entities

2.54 The consolidated regime created by the amendments cover disclosures previously covered by the whistleblower protection provisions in:

•

the existing Part 9.4AAA of the Corporations Act;

•

Part 6A, Division 1 of the Banking Act;

•

Part 7, Division 5(A) of the Life Insurance Act;

•

Part IIIA, Division 4(A) of the Insurance Act; and

•

Part 29A, Division 1 of the Superannuation Industry (Supervision) Act.

2.55 This means that disclosures concerning companies, banks, life insurers, general insurers, superannuation entities and trustees of superannuation entities are all covered by the Corporations Act whistleblower regime. [Schedule 1, item 2, section 1317AAB]

2.56 The new consolidated regime does not alter the regulatory responsibilities of the regulators administering each of the Corporations Act, the ASIC Act, the Banking Act, the Life Insurance Act, the Insurance Act and the Superannuation Industry (Supervision) Act.

Persons and entities to which a qualifying disclosure may be made

2.57 As discussed above, a disclosure may qualify for protection if made by an eligible whistleblower to an eligible recipient.

Eligible recipient

2.58 The existing corporate and financial sector whistleblower regimes have differing definitions of the persons to whom a qualifying disclosure may be made, as appropriate to the entities they regulate. The new consolidated provisions introduce a new concept of 'eligible recipient' to describe these persons. [Schedule 1, item 2, section 1317AAC]

2.59 An eligible recipient is generally a person inside the entity about which a disclosure is made, but may also include an appointed auditor or a person authorised by the entity.

2.60 Each of the following is an eligible recipient for a regulated entity that is a body corporate:

•

an officer or senior manager of the body corporate or related body corporate;

•

an auditor, or a member of an audit team conducting an audit, of the body corporate or a related body corporate. A reference to an auditor in the Bill includes both internal and external auditors;

•

the actuary of the body corporate or a related body corporate; and

•

a person authorised by the body corporate to receive disclosures that may qualify for protection.

[Schedule 1, item 2, subsection 1317AAC(1)]

2.61 For a disclosure concerning a superannuation entity, each of the following is an eligible recipient for the superannuation entity:

•

an officer of the superannuation entity;

•

an auditor, or a member of an audit team conducting an audit, of the superannuation entity;

•

an actuary of the superannuation entity;

•

an individual who is a trustee (within the meaning of the Superannuation Industry (Supervision) Act) of the superannuation entity;

•

a director of a body corporate that is the trustee (within the meaning of the Superannuation Industry (Supervision) Act) of the superannuation entity; and

•

a person authorised by the trustee or trustees (within the meaning of the Superannuation Industry (Supervision) Act) that may qualify for protection.

2.62 Where a superannuation entity is a body corporate, then the eligible recipients include all of those that are eligible in respect of any other body corporate. [Schedule 1, item 2, subsection 1317AAC(2)]

Power to prescribe additional eligible recipients

2.63 The amendments give the Minister the power to prescribe additional persons or bodies as eligible recipients in regulations. The regulations are subject to Parliamentary scrutiny through the disallowance procedure in section 42 of the Legislation Act. This power ensures flexibility to respond to emerging trends in disclosure of wrongdoing and to changes in the regulatory environment. It will also ensure that qualifying disclosures may be made to any new body or statutory officer created or tasked to administer or investigate whistleblower disclosures in the future. [Schedule 1, item 2, paragraph 1317AAC(3)]

Public interest and emergency disclosure

2.64 The amendments create the new concepts of public interest disclosure and emergency disclosure, which may be protected in certain circumstances. [Schedule 1, item 2, section 1317AAD]

2.65 The provisions are adapted from the external disclosure provisions in the PID Act, and recognise that in some situations disclosure of information to a journalist or a parliamentarian may be in the public interest.

2.66 A public interest disclosure to a journalist or parliamentarian qualifies for protection if:

•

the whistleblower has previously disclosed the information to ASIC, APRA or other prescribed Commonwealth authority (the previous disclosure) and that previous disclosure qualified for protection;

•

at least 90 days has passed since the previous disclosure was made;

•

the whistleblower does not have reasonable grounds to believe that action is being, or has been, taken to address the matters to which the previous disclosure related;

•

the whistleblower has reasonable grounds to believe that making a further disclosure of the information to a journalist or Member of Parliament would be in the public interest;

•

the whistleblower has given written notification, including sufficient information to identify the previous disclosure, to the authority to which the previous disclosure was made that they intend to make a public interest disclosure of the information previously disclosed; and

•

the extent of the information disclosed is no greater than is necessary to inform the recipient of the misconduct or improper state of affairs to which the previous disclosure related.

[Schedule 1, item 2, subsection 1317AAD(1)]

2.67 An emergency disclosure to a journalist or parliamentarian qualifies for protection if:

•

the whistleblower has previously disclosed the information to ASIC, APRA or other prescribed Commonwealth authority and that previous disclosure qualified for protection;

•

the whistleblower has reasonable grounds to believe that the information concerns a substantial and imminent danger the health or safety of one or more persons, or to the natural environment; and

•

the whistleblower has given written notification, including sufficient information to identify the previous disclosure, to the authority to which the previous disclosure was made that they intend to make a public interest disclosure of the information previously disclosed; and

•

no more information is disclosed than is reasonably necessary to inform the recipient of the substantial and imminent danger.

[Schedule 1, item 2, subsection 1317AAD(2)]

2.68 Public interest and emergency disclosures can be made only to:

•

a Member of the Parliament of the Commonwealth or of a State or Territory parliament; or

•

a journalist, defined to mean a person who is working in a professional capacity as a journalist for a newspaper, magazine, or radio or television broadcasting service, or an electronic service that is operated on a commercial basis, or by a body that provides a national broadcasting service, and is similar to a newspaper, magazine or television broadcast. [Schedule 1, item 2, subsection 1317AAD(3)]

2.69 In some circumstances a disclosure to a Member of Parliament may be protected by Parliamentary privilege. The amendments are not intended to affect the operation of Parliamentary privilege.

2.70 In providing protection to disclosures to a journalist working in professional capacity, the amendments make clear that disclosure to any 'journalistic' or 'media' enterprise is not sufficient. This is intended to ensure that public disclosures on social media or through the provision of material to self-defined journalists are not covered by the protection.

Enhancing protection of a whistleblower's identity

Allowing anonymous disclosure

2.71 The existing corporate and financial sector whistleblower protection regimes require that a whistleblower provides his or her name when making a disclosure in order to qualify for protection. This contrasts with the Registered Organisations Act and the PID Act, which allow anonymous disclosures. Internationally, UK and US whistleblower laws provide for anonymous disclosures.

2.72 Most submitters supported the Discussion Paper's proposal to extend the Corporations Act protections to anonymous disclosures, and the Parliamentary Committee recommended that the law explicitly allow, and provide protections for, anonymous disclosures.

2.73 The amendments remove the requirement that the discloser provide his or her name when making a protected disclosure. This allows for anonymous disclosures. A note is included to ensure this is clear [Schedule 1, item note to, section 1317AAE]

Prohibitions on on-disclosure of whistleblower identity, and clarifying that disclosure between regulatory agencies is allowed

2.74 The existing corporate and financial sector whistleblower protection regimes provide for confidentiality of a whistleblower's identity. They provide that it is an offence for the person to whom a qualifying disclosure is made to disclose a protected disclosure, the identity of the discloser, or information that is likely to lead to the identification of the discloser.

2.75 The existing Corporations Act, Life Insurance Act, Banking Act, Superannuation Industry (Supervision) Act, and Insurance Act whistleblower regimes provide an exception to the offence of revealing a whistleblower's identity if the disclosure is made to:

•

ASIC (Corporations Act);

•

APRA (Banking Act, Life Insurance Act; Insurance Act, Superannuation Industry (Supervision) Act);

•

the AFP (Corporations Act; Banking Act, Life Insurance Act, Insurance Act, Superannuation Industry (Supervision) Act); or

•

someone else with the consent of the whistleblower (Corporations Act, Banking Act, Life Insurance Act; Insurance Act, Superannuation Industry (Supervision) Act) (authorised disclosures).

2.76 Weaknesses and some lack of clarity in the existing protections have been identified by various reviews. They are:

•

The existing offence of disclosing a whistleblower's identity applies if the offender discloses the information regarding the suspected or actual primary wrongdoing without necessarily revealing the identity of a whistleblower (existing paragraph 1317AE(1)(e)). This has inhibited sharing and investigation of disclosed wrongdoing by regulators and law enforcement authorities.

•

Existing subsection 1317AE(2) creates an exception to the offence by authorising disclosures to ASIC, APRA or the AFP. However, it is unclear whether this information can be shared between these authorities for the purposes of investigating that offence.

•

There is currently no express provision ensuring that a recipient of disclosure is not required to disclose information identifying a whistleblower to a court or tribunal. This contrasts with the PID Act as well as international whistleblower regimes.

•

Consultation on the Exposure Draft version of this Bill revealed cases in which an internal whistleblower disclosure of misconduct was not investigated by a regulated entity, on the basis that such investigation may lead to the identification of the whistleblower.

2.77 The amendments ensure that:

•

it is not an offence, of itself, to disclose the information regarding the suspected or actual wrongdoing disclosed without revealing the whistleblower's identity; [Schedule 1, item 2, paragraph 1317AAE(1)(b)]

•

it is not an offence to disclose the identity of a whistleblower, or information likely to lead to his or her identification to (or between) ASIC, APRA and the AFP; [Schedule 1, item 2, paragraphs 1317AAE(2)(a),(b) and (c)]

•

it is not an offence to disclose the identity of a whistleblower, or information likely to lead to his or her identification to a legal practitioner for the purposes of obtaining legal advice or representation. [Schedule 1, item 2, paragraph 1317AAE(2)(d)]

2.78 The new law allows for additional persons or bodies to be prescribed by regulation, to allow for disclosure of the identity of a whistleblower to ensure that investigation of wrongdoing disclosed by whistleblowers is not impeded by the confidentiality requirement in future. Regulations are subject to Parliamentary scrutiny through the disallowance procedure in section 42 of the Legislation Act. This would allow, for prescribing a body such as whistleblower protection authority, for the purposes of assisting a whistleblower or prosecuting victimisation. [Schedule 1, item 2, paragraph 1317AAE(2)(e)]

2.79 As in the existing law, it is not an offence to disclose the identity of a whistleblower, or information likely to lead to his or her identification with the consent of the whistleblower. [Schedule 1, item 2, paragraph 1317AAE(2)(f)]

2.80 The amendments also ensure that ASIC, APRA and the AFP can share information, including the identity of the whistleblower, with other Commonwealth, State or Territory authorities with functions or duties relevant to the wrongdoing disclosed. This ensures that wrongdoing disclosed by whistleblowers under the new regime can be properly investigated or otherwise addressed. [Schedule 1, item 2, subsection 1317AAE(3)]

2.81 With the exception of disclosures to or between regulators, the prohibition on disclosure of a whistleblower's identity (and the exceptions there to) applies equally to any person or body that receives the information following the original disclosure.

2.82 To ensure that regulated entities that receive a qualifying disclosure can investigate misconduct disclosed, the new law provides a further exception to the offence breach of confidentiality of a whistleblower's identity where:

•

information that might lead to the identity of the whistleblower (the confidential information) is disclosed; and;

•

the disclosure of the confidential information is reasonably necessary for the purposes of investigating the conduct disclosed by the whistleblower; and

•

all reasonable steps are taken to reduce the risk of the whistleblower being identified.

[Schedule 1, item 2, subsection 1317AAE(4)]

2.83 The exception does not apply where the actual identity of a whistleblower is disclosed. [Schedule 1, item 2, subparagraph 1317AAE(4)(a)(i))]

Extending immunities for whistleblowers

2.84 The existing financial sector whistleblower protection regimes, other than that in the Corporations Act, provide that information disclosed by a whistleblower is not admissible evidence against him or her other than in proceedings concerning the falsity of the information.

2.85 These provisions encourage disclosure of wrongdoing by removing the prospect of whistleblowers themselves being subject to prosecution for their involvement in that wrongdoing.

2.86 The amendments introduce a provision ensuring that information that is part of a protected disclosure is not admissible in evidence against a whistleblower in criminal proceedings or in proceedings for the imposition of a penalty, other than in proceedings concerning the falsity of the information. [Schedule 1, item 3, paragraph 1317AB(1)(c)]

Expanding protection from victimisation

Victimisation under the existing law

2.87 The existing Corporations Act provisions prohibit conduct that intentionally causes detriment to a whistleblower because he or she makes a protected disclosure. However, few, if any, prosecutions have been brought for this offence.

2.88 The existing requirement that the victimiser intended to cause detriment is inconsistent with the equivalent provisions in the PID Act and the Registered Organisations Act, which cover conduct engaged in in the belief or suspicion that the whistleblower proposes to make, or could make, a protected disclosure. The PID Act and the Registered Organisations Act do not include a requirement that the victimiser intended to cause detriment in order to commit the offence.

2.89 The existing offence of threatening to cause detriment applies if the victimiser intends the victim to fear that the threat will be carried out, or is reckless as to causing that fear. However the offence of actually causing detriment, applies only to intentional conduct. That is, it does not apply if the victimiser did not know, but should have known, that they were causing detriment.

2.90 The existing offence of actually causing detriment only applies where the victimiser knows that a disclosure qualifying for protection has actually been made. It does not apply to victimisation engaged in because of a belief or suspicion that a person has made or may in the future make such a disclosure.

2.91 These deficiencies have posed obstacles to charges being laid under the victimisation provisions of the existing Corporations Act regime.

2.92 In addition, both the Registered Organisations Act and the PID Act include a non-exclusive list of situations that are included in the meaning of 'detriment'. The Registered Organisations Act (see subsection 337BA(2) of the Registered Organisations Act; section 13(2) of the PID Act) defines 'detriment' as including (without limitation) any of the following:

•

dismissal of an employee;

•

injury of an employee in his or her employment;

•

alteration of an employee's position to his or her detriment;

•

discrimination between an employee and other employees of the same employer;

•

harassment or intimidation of a person;

•

harm or injury to a person, including psychological harm;

•

damage to a person's property; or

•

damage to a person's reputation.

The offence of victimisation under the new law

2.93 The amendments create a civil penalty provision to address victimisation of a person in relation to a qualifying disclosure. A civil penalty is a punishment for contravention in a civil court under the civil rules of procedure for the court, and the civil standard of proof applies. [Schedule 1, item 10, subsection 1317E(1) (after table item 45)]

2.94 The amendments also allow for criminal prosecution of victimisation. This ensures that the regulator can choose to prosecute contravention as an offence or as a civil penalty, as appropriate in the particular circumstances. [Schedule 1, item 6, note at the end of subsections 1317AC(1), (2) and(3)]

2.95 The amendments make clear that the offence applies where a person (the victimiser, described in the law as the 'first person') engages in conduct that causes any detriment to any other person in the belief or suspicion that a person has made, may make, proposes to make, or could make, a protected disclosure. [Schedule 1, item 5, paragraph 1317AC(1)(c)]

2.96 This clarifies that the offence of victimisation does not require:

•

that a disclosure has actually been made,

•

that the victimiser has actual knowledge that a disclosure or such a disclosure. The belief or suspicion that the whistleblower proposes to make, or could make, a disclosure is sufficient; or

•

that the victimiser intends that the conduct cause detriment.

2.97 The amendments also confirm that the belief or suspicion that a disclosure may have been made or going to be made does not have to be the only reason the victimiser engaged in the proscribed conduct. [Schedule 1, item 5, paragraph 1317AC(1)(d)]

2.98 As is the case under the existing law, the victim may be the whistleblower or another person who suffers damage because of the conduct. This may be, for example, a person involved in receiving or investigating the disclosure, or a colleague, supporter, friend or family member of the whistleblower.

2.99 The amendments ensure that in civil penalty proceedings, as well as in proceedings for an offence, for threatening to cause detriment in relation to a qualifying disclosure, it is not necessary to prove that the person threatened actually feared that the threat would be carried out. [Schedule 1, item 7, section 1317AC(5)]

Detriment

2.100 The amendments introduce an inclusive definition of 'detriment' into the victimisation provision in the existing law. This follows the equivalent definition in the Registered Organisations Act but adds the additional items of damage to a person's business or financial position any other damage to a person.

2.101 Under the new law, detriment includes, but is not limited to, any of the following:

•

dismissal of an employee;

•

injury of an employee in his or her employment;

•

alteration of an employee's position to his or her disadvantage;

•

discrimination between an employee and other employees of the same employer;

•

harassment or intimidation of a person;

•

harm or injury to a person, including psychological harm;

•

damage to a person's property;

•

damage to a person's reputation;

•

damage to a person's business or financial position; and

•

other damage to a person.

[Schedule 1, item 9, section 1317ADA]

Penalties

2.102 The penalty for this offence is imprisonment for two years or 120 penalty units, or both. Following the commencement of the Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Bill 2018, this penalty will increase to 240 penalty units or imprisonment for two years, or both. [Schedule 1, items 13, 34 and 35, section 1644A and Schedule 3]

2.103 The maximum civil penalty is $200,000 for an individual and $1 million for a corporation. Following the commencement of the Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Bill 2018, these penalties will increase to:

•

for an individual - 5,000 penalty units or three times the benefit derived or detriment avoided; or

•

for a body corporate - 50,000 penalty units, three times the benefit derived or detriment avoided, or 10 per cent of the body corporate's annual turnover (up to 1 million penalty units).

[Schedule 1, items 10, 11, 34 and 35, subsections 1317E(1), 1317E(3) and 1317G(1G), and section 1644A]

2.104 These penalties reflect the seriousness of conduct that victimises a whistleblower.

Compensation

Compensation under the existing law

2.105 The right to compensation under the existing law has also suffered from deficiencies. In particular, it is arguably necessary to prove that the offence of victimisation has been committed before a victim of such conduct can seek compensation. As the standard of proof required to establish the offence of victimisation is the criminal standard (beyond a reasonable doubt), on one interpretation a person seeking compensation must prove his or her case on this standard.

2.106 An order could be made under the existing law for reinstatement of a whistleblower whose employment was terminated on the basis of a disclosure under the existing law. However this did not apply to other individuals whose employment may have been terminated because of a belief or suspicion that a disclosure had been made.

2.107 Remedies that can be sought by a person who suffered damage as a result of victimisation in relation to a qualifying disclosure under the existing law are limited.

Compensation and other remedies under the new law

2.108 The new law makes it easier for a whistleblower or other individual who is victimised in relation to a qualifying disclosure to seek compensation and introduces a range of other remedies.

2.109 Under the new law, a person can seek compensation for loss, damage or injury suffered because of the conduct of a person (the victimiser, described as the first person ), where the first person engages in conduct that causes any detriment to another person or threatens to cause detriment to another person:

•

believing or suspecting that a person made, may have made, proposes to make, or could make a qualifying disclosure; and

•

the belief or suspicion is the reason, or part of the reason, for the conduct.

[Schedule 1, item 9, subsection 1317AD(1)]

2.110 This removes obstacles under the existing law to victims seeking compensation by removing the apparent requirement to prove that the offence has been committed.

2.111 The first person under this subsection may be an individual or a body corporate.

2.112 As for the offence of victimisation discussed above, the victim may be the whistleblower or another person who suffers damage because of the conduct. [Schedule 1, item 9, paragraph 1317AD(1)(b)]

2.113 This Bill removes the requirement under the current law that the victimiser had actual knowledge of a disclosure. A belief or suspicion that a person has made, may have made, proposes to make, or could make a qualifying disclosure is sufficient. This is justified by the need to ensure that the provisions not only address victimisation of actual whistleblowing, but conduct which victimises a person because of the perception of involvement in whistleblowing. [Schedule 1, item 2, paragraphs 1317AD(1)(b) and (c)]

2.114 If a body corporate is liable for detrimental conduct under the new subsection 1317AD(1), and an officer or employee of the body corporate is involved in the detrimental conduct, the body corporate can be liable for conduct that has:

•

aided, abetted, counselled or procured the conduct or the making of the threat;

•

induced, whether by threats or promises or otherwise, the detrimental conduct;

•

was in any way, by act or omission, directly or indirectly, knowingly concerned in, or party to, the detrimental conduct; or

•

conspired with others to effect the detrimental conduct.

[Schedule 1, item 9, subsection 1317AD(2)]

2.115 A body corporate may also be liable if it is under a duty to prevent, or to take reasonable steps to prevent, a third person from engaging in conduct that causes any detriment to an actual or suspected whistleblower.

2.116 A court may make an order against the body corporate if:

•

the third person engages in conduct that does cause detriment or constitutes the making of a threat to cause detriment to a whistleblower;

•

any part of the reason for engaging in the conduct was a belief or suspicion that a whistleblower has made, may have made, or proposes to make a protected disclosure;

•

the body corporate was under a duty to prevent the third person from engaging in the detrimental conduct or to take reasonable steps to ensure that person does not do so; and

•

the body corporate fails in part or whole to fulfil that duty.

[Schedule 1, item 9, subsection 1317AD(2A)]

2.117 For example, the third person may be an officer or manager of the body corporate, who engages in conduct that victimises and causes detriment to an actual or suspected whistleblower. If the body corporate is under a duty to prevent this conduct, and fails to fulfil that duty, it may be subject to a court order.

2.118 The new law also clarifies that a threat to cause detriment need not be express or unconditional, but may also be implied, or conditional. [Schedule 1, item 9, subsection 1317AD(3)]

2.119 In addition, it is not necessary for a person seeking an order to prove that he or she actually feared that the threat will be carried out. [Schedule 1, item 9, subsection 1317AD(4)]

Orders that may be made

2.120 The new law expands the orders that may be made in favour of a person who has suffered loss, damage, or injury as a result of detrimental conduct. Where a court is satisfied that a person (the first person) has engaged in detrimental conduct and another person has suffered loss, damage or injury as a result of the detrimental conduct, it may make:

•

an order requiring the first person to compensate the person who has suffered the detrimental conduct;

•

an order, where the first person engaged in the detrimental conduct in connection with his or her position, as an employee:

-

requiring the first person and the first person's employer each to compensate the person who has suffered the detrimental conduct or any other person for loss, damage or injury for part of that loss, damage or injury; or

-

requiring the first person and the first person's employer jointly to compensate the person who has suffered the detrimental conduct or any other person; or

-

requiring the first person's employer to compensate the person who has suffered the detrimental conduct or any other person for loss, damage or injury for part of that loss, damage or injury;

•

an order granting an injunction to prevent, stop or remedy the effects of the detrimental conduct;

•

an order requiring the first person to apologise for engaging in the detrimental conduct;

•

where the detrimental conduct wholly or partly consists of termination of employment, an order that a person be reinstated in his or her position or a position at a comparable level;

•

an order requiring the first person to pay exemplary damages; and/or

•

any other order that the court thinks appropriate.

[Schedule 1, item 9, subsection 1317AE(1)]

2.121 The amendments repeal the existing provision for reinstatement of a whistleblower's employment. The new provision is broader, covering individuals other than the whistleblower. The new law also covers situations where there may not have been a disclosure but the individual is dismissed because of a belief or suspicion that a disclosure, may have been made, is proposed to be made, or could be made. [Schedule 1, item 9, paragraph 1317AE(1)(e)]

2.122 If the detrimental conduct involved terminating a person's employment (including detrimental conduct that forces or forced the person to resign), the court ordering compensation must consider the period, if any, the person is likely to be without employment. This is a standard consideration a court would be required to make in these circumstances. This amendment does not limit the matters the court can consider when making an order. [Schedule 1, item 14, subsection 1317AE(2)].

Onus of proof in compensation proceedings

2.123 Generally, in any proceeding where a person (the claimant) seeks an order under section 1317AE in relation to another person (the other person):

•

the claimant bears the onus of pointing to evidence that suggests a reasonable possibility that other person has engaged in conduct that has caused detriment or constitutes a threat of detriment; and

•

if the claimant discharges that onus, the other person bears the onus of proving that the claim is not made out.

[Schedule 1, item 9, subsection 1317AD(2B)]

2.124 For example, a defendant may seek to establish that any detrimental conduct (or threatens such conduct) was not in any way a result of a belief or suspicion that the alleged victim was an actual or potential protected whistleblower. In evaluating these claims, a court may, for example, consider whether:

•

any protected disclosure or potential protected disclosure was in any way a factor in the causation of the detriment;

•

the same acts or omissions as caused the detriment would have been taken for independent and legitimate reasons in the absence of the any protected disclosure ever having been made or any issue about a potential protected disclosure ever arising; and

•

if the actions are alleged to be taken for independent and legitimate reasons, a significant step in those actions had been taken prior to the disclosure issue arising.

2.125 If the claim is based on a failure of a body corporate to fulfil a duty to prevent the detrimental conduct, or a duty to take reasonable steps to ensure another person does not engage in it, the claimant also needs to point to evidence that suggests a reasonable possibility that the body corporate is under that duty. [Schedule 1, item 9, subparagraph 1317AD(2B)(a)(iii)]

2.126 If the existence of a duty to take reasonable steps to prevent a person engaging in detrimental conduct is established, a body corporate may seek to establish that there were no reasonable steps that could have been taken to avoid the detrimental conduct that occurred. The court will consider whether any of the detriment could have been prevented or avoided by the reasonable fulfilment of the duty. A body corporate may also seek to establish the claim is not made out more generally (see paragraph 2.124).

2.127 This reversal of the onus of proof recognises the well documented propensity of organisations that are the subject of a disclosure of wrongdoing to accuse and victimise the whistleblower, citing reasons other than the disclosure for their actions. It also recognises the actual knowledge of the reasons for, and conduct of, any detrimental conduct will lie exclusively with the defendant in these cases.

2.128 The amendments mean an entity that engages in such conduct, rather than the victim, will bear the onus of proving that the disclosure was not in any part a reason for their conduct.

2.129 In deciding whether to make an order in relation to an employer because of the conduct of their employee, the court may have regard to:

•

whether the employer took reasonable precautions and exercised due diligence to avoid the detrimental conduct;

•

if the employer has a whistleblower policy (see paragraphs 2.139 to 2.150), the extent to which the employer gave effect to the policy; and

•

any duty the employer was under to prevent the detrimental conduct, or to take reasonable steps to ensure the detrimental conduct was not engaged in.

[Schedule 1, item 9, subsection 1317AE(3)]

2.130 These matters are not intended to limit the matters the court may take into account in deciding whether to make an order. For example, in considering whether an employer took reasonable precautions and exercised due diligence to avoid the detrimental conduct, the following matters may be relevant:

•

any applicable industry standard, guidelines or policies relating to whistleblower support and protection;

•

any relevant International Organization for Standardization or Australian Standard dealing with the protection of whistleblowers;

•

any guidance published by ASIC or other relevant regulatory agencies.

2.131 This reflects the broad nature of a court's inquiry into claims of victimisation and detriment generally. The relevance of any particular factor will depend on the circumstances of a specific case.

2.132 If the court makes an order requiring a person and the person's employer jointly to pay compensation, the person and the person's employer are jointly and severally liable to pay the compensation. [Schedule 1, item 9, subsection 1317AE(4)]

Interaction between civil proceedings, civil penalties and criminal offences

2.133 For the avoidance of doubt, a person may bring civil proceedings for compensation or other remedial order, or for a breach of the victimisation provisions, even if no prosecution for victimisation has been brought or if such a prosecution cannot be brought. [Schedule 1, item 9, section 1317AF]

Protecting the identity of whistleblowers and other victims in court proceedings

Identifying information not to be disclosed to courts

2.134 The amendments ensure that a person is not to be required to:

•

disclose to a court or tribunal the identity of a whistleblower, or information that is likely to lead to the identification of the discloser; or

•

produce to a court or tribunal a document containing the identity of a whistleblower or information likely to lead to the identification of the discloser;

except where it is necessary to do so for the purposes of giving effect to this whistleblower regime, or where the court thinks it necessary in the interests of justice to do so. [Schedule 1, item 9, section 1317AG]

2.135 Under the common law and the Evidence Act, the general starting position concerning evidence is that relevant evidence should be admissible. The purpose of the exception to this principle is to ensure that the protection of a whistleblower's identity afforded by the law cannot be extinguished by discovery of documents or other processes in the context of court proceedings.

2.136 This provision reflects the protection of whistleblower identity in court proceedings in section 21 of the PID Act, and ensures that the identity of corporate and financial sector whistleblowers is aligned with those for public sector whistleblowers.

Costs

2.137 Legal costs can be prohibitive to any person seeking compensation for damage, and the risk of being ordered to pay the costs of other parties to the proceedings may deter whistleblowers and other victims of victimisation from bringing the matter to court.

2.138 The new law addresses this by protecting victims from an award of costs against them in court proceedings seeking compensation except in limited circumstances. The limited circumstances where the court may make such an order are where it is satisfied that:

•

the victim instituted the proceedings vexatiously or without reasonable cause; or

•

the victim's unreasonable act or omission caused the other party to incur the costs.

[Schedule 1, item 9, section 1317AH]

Requirement to have a whistleblower policy

2.139 The existing whistleblower provisions in the Corporations Act do not require companies to have or to implement internal systems to deal with whistleblower disclosures.

2.140 The amendments require public companies, large proprietary companies and proprietary companies that are trustees of registrable superannuation entities to have a policy with information about:

•

the protections available to whistleblowers;

•

how and to whom an individual can make a disclosure;

•

how the company will support and protect whistleblowers;

•

how investigations into a disclosure will proceed;

•

how the company will ensure fair treatment of employees who are mentioned in whistleblower disclosures;

•

how the policy will be made available; and

•

any matters prescribed by regulation.

[Schedule 1, item 9, subsection 1317AI(5)]

2.141 Transparent internal whistleblower policies are essential to good corporate culture and governance.

2.142 The requirement applies to all public companies and proprietary companies that have become large proprietary companies that are trustees of registerable superannuation entities for any financial year on any day in any later financial year that is at least six months after the last day of the first financial year. [Schedule 1, item 9, subsection 1317AI(1)]

2.143 Failure to comply with the requirement to have and make available a whistleblower policy is an offence of strict liability with a penalty of 60 penalty units (currently $12,600 for an individual) which will be enforced by ASIC. [Schedule 1, item 9, section 1317AI(4); Schedule 1, item 13, insert to Schedule 3]

2.144 The requirement to have a whistleblower and to make it available to officers and employees, and the penalty that may be imposed for non-compliance, is designed to improve culture and transparency in relation to disclosures of wrongdoing in the workplace. Whistleblower policies are also intended to deter wrongdoing. The maximum penalty reflects the need to show the importance of the need for whistleblower policies and is proportional to the seriousness of a failure to implement a whistleblower policy.

2.145 Whistleblower policies are required to include information about protections that may be available to whistleblowers. They should also include those protections provided in the tax whistleblower regime inserted into the taxation law by Part 2 of Schedule 1 to this Bill. As public companies, large proprietary companies and registrable superannuation entities are required under the enhanced Corporations Act provisions to have whistleblower policies, no such requirement is included in the tax whistleblower provisions.

2.146 The requirement that a proprietary company that is the trustee of a registerable superannuation entity must have a whistleblower policy does not refer to public companies because all public companies, including any public companies that are also superannuation trustees, are already covered by the requirement in subsection 1317AI(1).

2.147 Additional matters to be included in a whistleblower policy may be prescribed by regulation. This ensures that the whistleblower policies can adapt to developments in whistleblower protections and remedies in the future. Regulations are subject to Parliamentary scrutiny through the disallowance procedure in section 42 of the Legislation Act.

Whistleblower policy exemption orders - class order for companies

2.148 The amendments provide a power to ASIC to make an order by legislative instrument in respect of a specified class of company, relieving companies in the class from the requirement to have a whistleblower policy. [Schedule 1, item 9, section 1317AJ]

2.149 Only large or public entities are required to have a whistleblower policy. This is intended to minimise the risk of any disproportionate regulatory burden that would result from making it a universal company requirement irrespective of company or business size.

2.150 The rationale for providing ASIC with a power to relieve certain classes of companies from this requirement is to provide it with flexibility in making a determination whether in some limited circumstances, the benefits of this requirement in encouraging good corporate culture and governance could be outweighed by reduced flexibility and unnecessarily high compliance costs.

Penalties for Contravention of Whistleblower Protections

2.151 Under the existing law it is an offence to disclose the identity of a whistleblower under most circumstances (section 1317AE). However, the prosecuting agency must prove the elements of the offence on the criminal standard, beyond a reasonable doubt. While evidence may indicate that a contravention of the law has occurred, this may not be sufficient to mount a prosecution.

2.152 The amendments make it a civil penalty contravention to disclose a whistleblower's identity, allowing for proceedings to be brought against an offender under the civil rules of procedure for the court, and applying the civil standard of proof. [Schedule 1, item 10, section 1317E(1) table items 45A and 45B]

2.153 Contravention of the new section remains an offence. This ensures that the regulator can choose to prosecute contravention as an offence or as a civil penalty, as appropriate in the particular circumstances. The penalty for this offence is imprisonment for 6 months or 30 penalty units, or both. Following the commencement of the Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Bill 2018, this penalty will increase to 60 penalty units or imprisonment for 6 months, or both. These maximum penalties reflect the seriousness of such disclosures, given the potential risk to which the whistleblower could be exposed. The penalties are intended to deter unauthorised disclosure of the identity of individuals who disclose wrongdoing. [Schedule 1, items 13, 34 and 35, section 1644A and Schedule 3]

2.154 The maximum civil penalty is $200,000 for an individual and $1 million for a corporation. Following the commencement of the Treasury Laws Amendment (Strengthening Corporate and Financial Sector Penalties) Bill 2018, these penalties will increase to:

•

for an individual - 5,000 penalty units or three times the benefit derived or detriment avoided; or

•

for a body corporate - 50,000 penalty units, three times the benefit derived or detriment avoided, or 10 per cent of the body corporate's annual turnover (up to 1 million penalty units).

[Schedule 1, items 10, 11, 34 and 35, subsections 1317E(1), 1317E(3) and 1317G(1G), and section 1644A]

2.155 These maximum penalties reflect the seriousness of such disclosures, given the potential risk and detriment to which the whistleblower could be exposed. The penalties are intended to deter unauthorised disclosure of the identity of individuals who disclose wrongdoing.

Review of operation of whistleblower protections

2.156 The Minister must cause a review to be undertaken of the operation of the Corporations Act whistleblower regime, as amended, and the new tax whistleblower regime (see Chapter 3), as soon as practicable after five years after commencement of the amendments. [Schedule 1, item 12, subsections 1317AK(1) and (2)]

2.157 The Minister must cause a written report about the review to be prepared, and must cause a copy to be laid before each House of the Parliament within 15 sitting days of that House after the Minister receives the report. [Schedule 1, item 12, subsections 1317AK(3) and (4)]

2.158 This follows a recommendation of the Senate Economics Legislation Committee and will allow for the examination of the effectiveness of the new regimes and whether any further changes should be made to protect and promote whistleblowing.

2.159 The review will also identify any unexpected regulatory burden and the extent to which the reforms have levelled the playing field for businesses. As the Senate Economics Legislation Committee noted: while whistleblower protections may appear to increase the regulatory burden on business, if implemented carefully, it would only be a significant burden to businesses with significant misconduct problems and poor reporting cultures. Businesses that have no misconduct and already facilitate good reporting and disclosure will have no burden from whistleblower protections and will be more competitive with those businesses that were previously gaining an unfair advantage through misconduct.

Application and transitional provisions

2.160 The amendments commence on the first day of the second quarter following Royal Assent. [Clause 2 to the Bill]

2.161 The amendments will apply in relation to whistleblower disclosures made on or after commencement, including disclosures about events occurring before this date. [Schedule 1, item 12, subsection 1644(1)]

2.162 The amendments will also apply to victimisation of whistleblowers after commencement, and to a whistleblower's right to compensation and other remedies, in relation to disclosures that have been made prior to this date. [Schedule 1, item 12, subsection 1644(2)]

2.163 To allow sufficient time for public companies, large proprietary companies and registerable superannuation entities to comply with the requirement to have a whistleblowing policy, it will apply on and after the day six months after commencement, and no later than six months after a proprietary company first becomes a large proprietary company. A court may consider the extent to which an employer gives effect to a policy prior to this date if the employer has a policy. [Schedule 1, item 12, subsections 1644(3) and (4) and item 9, section 1317AI]

REGULATION IMPACT STATEMENT

Background

2.164 The importance of protecting whistleblowers has been recognised for many years as a means of improving the compliance culture of corporations and improving detection of corporate crime. However, whilst legislative protections have formed part of the Corporations Act since 2004, they have been sparingly used and are increasingly perceived as inadequate given recent advances in whistleblower protections in the public sector and overseas.

2.165 Independent reviews of corporate sector whistleblowing provisions in Australia have found that they lag those of the public sector and those of comparable overseas jurisdictions. An independent evaluation of G20 countries' whistleblowing laws in 2014, and a separate assessment of the same laws were undertaken by the Senate Economics References Committee (the Committee) as part of its Inquiry into the Performance of ASIC in 2014. They both found that the current corporate whistleblower protections are overly narrow and make it unnecessarily difficult for those with information to qualify for protections. The Committee recommended a comprehensive review of Australia's corporate whistleblower framework to bring it closer to Australia's public sector whistleblower framework under the PIDA. Refer to further details in section 1.

2.166 To remedy these inadequacies, the Government committed in December 2016, as part of the Open Government National Action Plan (OGNAP) ^[1] , to ensuring appropriate protections are in place for people who report corruption, fraud, tax evasion or avoidance, and misconduct within the corporate sector. In order to achieve this, the Government committed to improving whistle-blower protections for people who disclose information about tax misconduct to the ATO. It also committed to pursuing reforms to whistleblower protections in in other parts of the corporate sector, with consultation on options to strengthen and harmonise these protections with those in the public sector available under the PID Act.

2.167 The commitment in the OGNAP reaffirms the Government's announcement in the 2016-17 Budget to introduce greater protections for tax whistleblowers to further strengthen the integrity of Australia's tax system. Currently, there are no specific protections for tax whistleblowers, and the range of secrecy and privacy provisions relied upon are incapable of guaranteeing absolute protection.

2.168 Given the lack of protections for tax whistleblowers and the need to strengthen protections for other whistleblowers in the corporate sector the Government is progressing these reforms in parallel, including introducing them as part of the same legislation. This will ensure consistency in protections, where it makes sense to do so. Whilst the proposed protections for tax and other whistleblowers are largely consistent, there are some differences and so this regulatory impact analysis focuses on the corporate whistleblower protections only.

2.169 Separately, following the passage of amendments enhancing whistleblower protections in the Fair Work (Registered Organisations) Act 2014 (RO Act), the Government referred to the Joint Parliamentary Committee on Corporations and Financial Services an inquiry into whistleblower protections in the corporate, public and not-for-profit sectors (Parliamentary Inquiry). This Parliamentary Inquiry examined the RO Act whistleblower amendments with an objective of implementing the substance and detail of those amendments to achieve an equal or better whistleblower protection and compensation regime in the corporate and public sectors.

Corporate whistleblower protections available under the Corporations Act and the ASIC Act

2.170 The protections currently offered to corporate whistleblowers under Part 9.4AAA of the Corporations Act in respect of any disclosure about an actual or potential contravention of corporations legislation:

•

confer statutory immunity on the whistleblower from civil or criminal liability for making the disclosure;

•

constrain employer rights to enforce a contract remedy against the whistleblower (including any contractual right to terminate employment) arising as a result of the disclosure;

•

prohibit victimisation of the whistleblower;

•

confer a right on the whistleblower to seek compensation if damage is suffered as a result of victimisation; and

•

prohibit revelation of the whistleblower's identity or the information disclosed by the whistleblower with limited exceptions.

2.171 These protections have been widely criticised as being limited and overly complex. Specifically, to qualify for protection a whistleblower must:

•

be either a current officer or employee of the company in question or a current contractor (that is, protections do not apply to former employees or contractors);

•

make the disclosure in good faith to ASIC, the company's auditor, or nominated persons within the company (that is, protections rely on a whistleblower's motivation in making the disclosure);

•

have reasonable grounds to suspect that either the company, or some of its officers or staff, have breached (or might have breached) a provision of the Corporations Act or the Australian Securities and Investments Commission Act 2001 (ASIC Act) (that is, the protections do not apply for disclosures relating to breaches of any other act); and

•

provide their names before making the disclosure (that is, the disclosure cannot be made anonymously).

Corporate whistleblower protections available under statues within the remit of ASIC and APRA

2.172 Currently, there are no whistleblower protections under the National Consumer Credit Protection Act 2009 (NCCP Act) or the Financial Services (Collection of Data) Act 2001.

2.173 Similar whistleblower protections to those set out in the Corporations Act are contained in the statutes within APRA's remit such as:

•

the Banking Act 1959;

•

the Insurance Act 1973;

•

the Life Insurance Act 1995; and

•

the Superannuation Industry (Supervision) Act 1993.

2.174 Whistleblower protections are available under these Acts if the disclosures concern misconduct or an improper state of affairs or circumstances affecting the institutions supervised by APRA (authorised deposit-taking institutions (ADIs), insurers and superannuation entities). Under the Banking Act for instance, a person may qualify for protection if the disclosure:

•

relates to misconduct, or an improper state of affairs or circumstances in relation to the ADI; and

•

the whistleblower considers that the information may assist the recipient of the disclosure to perform his or her functions or duties.

2.175 Similar requirements are set out for insurers and superannuation entities in the Life Insurance Act, the Insurance Act and the Superannuation Industry Act respectively, with some minor differences to reflect the roles of the actuary for insurers and superannuation entities as well as the role of the trustee of the superannuation entity.

What is the policy problem?

2.176 Combating corporate crime is a longstanding law enforcement and public policy challenge. Corporate crime is estimated to cost Australia more than $8.5 billion a year and account for approximately 40 per cent of the total cost of crime in Australia. ^[2]

2.177 Whistleblowing plays a critical role in uncovering corporate crime. It is a significant means of combating poor compliance cultures, as it ensures that companies, officers, and staff know that misconduct can be reported. Furthermore, the opaque and complex nature of corporate crime makes it difficult for law enforcement to detect misconduct. In many cases, corporate crime is only detected because individuals come forward, sometimes at significant personal and financial risk.

2.178 To reduce these risks and encourage disclosures, whistleblowers are often afforded legal protections in relation to their disclosure. If the protections are inadequate or unclear, a whistleblower may be discouraged from sharing information due to fears of personal or professional reprisal.

2.179 Organisational behaviour research tends to show that rates of reporting and/or other action on wrongdoing go up where organisations are forced or induced to introduce stronger ethics policies or programs, including reporting policies, in which employees have confidence, or employees believe they are subject to legislative protections in which they have some confidence. This second point is illustrated in Whistling While They Work 1 ^[3] where it was found that employee confidence in whistleblower protection legislation correlated strongly with lower 'inaction' in the face of perceived wrongdoing across 83 public sector organisations.

2.180 Further, in Whistling While They Work 2 ^[4] it was confirmed that employee reporting is the single most important way of wrongdoing being brought to light especially on the part of managers and governance professionals. This is relative to other means, for example audits, management observation and internal controls. This is based on a sample of over 11,000 respondents from all employee classes from 38 organisations, public and private.

National and international evaluations of corporate whistleblower protections

2.181 The assessment of Australia's corporate whistleblower protections, undertaken by the Senate Economics References Committee as part of its Inquiry into the Performance of ASIC in 2014, concluded that "a strong case exists for a comprehensive review of Australia's corporate whistleblower framework, and ASIC's role therein." ^[5]

2.182 Witnesses to the Inquiry expressed concern over the Corporations Act's narrow definitions of who might be considered a whistleblower and the type of disclosures that could attract whistleblower protections; the absence of any requirement in the Act for internal whistleblowing processes within companies; and the fact that the Act does not mandate a role for ASIC in protecting whistleblowers.

2.183 The Committee recommended a review of Australia's corporate whistleblower framework to bring it closer to Australia's public sector whistleblower framework under the PIDA and introduce a number of amendments to the Corporations Act focusing on:

•

extending the definition of whistleblowers expand the definition of a whistleblower to include a company's former employees, financial services providers, accountants and auditors, unpaid workers and business partners;

•

expand the scope of information protected by the whistleblower protections to cover any misconduct that ASIC may investigate;

•

allowing anonymous disclosures;

•

remove the requirement that a whistleblower must be acting in 'good faith' in disclosing information. Consistent with PIDA, replace with a requirement that a disclosure is based on an honest belief, on reasonable grounds, that the information disclosed shows or tends to show wrongdoing regardless of what the whistleblower believes;

•

strengthening protections by strengthening the victimisation provisions to match the level of protections provided by the PIDA and including provisions in the Corporations Act that would ensure ASIC and APRA cannot be required to reveal a whistleblower's identity without a court order.

2.184 Similarly, in 2014 an independent evaluation of G20 countries' whistleblowing laws ^[6] concluded that that although Australia's whistleblower protections were comprehensive for the public sector, they lagged international best practice for the private sector. It identified the following areas for potential reform:

•

broadening definition of whistleblowers and the scope of wrongdoing covered;

•

introducing protections for anonymous complaints;

•

introducing external reporting channels and requirements for internal company procedures;

•

improving compensation arrangements and protections against retaliation;

•

establishing an oversight agency responsible for whistleblower protections; and

•

improving the transparency of the legislation.

2.185 In November 2016, the Parliamentary Inquiry was established to review the whistleblower protections in the corporate, public and not-for-profit sectors with the objective of recommending that the new whistleblower protections in the RO Act are implemented in the corporate and public sectors. In many respects the new whistleblower protections in the RO Act represented the new standard for whistleblower protections in Australia.

2.186 Using the whistleblower protections in the RO Act as the standard, the committee made 35 recommendations to improve whistleblower protections in the public and private sectors. ^[7] Some of the key recommendations address inadequacies identified with the existing whistleblower protections in the following areas:

•

protecting whistleblowers from reprisals and holding those responsible for reprisals to account;

•

effectively investigating alleged reprisals;

•

whistleblowers being able to seek redress for reprisals; and

•

the fragmented and inconsistent nature of whistleblower legislation. It was found that significant inconsistencies exist not only between various pieces of Commonwealth public and private sector whistleblower legislation, but also across the various pieces of legislation that apply to different parts of the private sector.

2.187 The reforms described in this regulatory impact statement have been developed having regard to the recommendations made by the above national and international evaluations of Australia's corporate whistleblowing regime.

Why is government action needed?

2.188 Shifting technologies and the global nature of business are contributing to the increasing complexity and sophistication of corporate misconduct. In this evolving setting, the knowledge of those working within an organisation provides an important, and in some cases the only, route to detection and prosecution of corporate crime.

2.189 As a result of the inadequacies detailed above, the current legal settings give whistleblowers in the corporate sector little incentive to come forward with their information.

2.190 In addition, because whistleblower protections are spread across multiple statutes, their application is complicated and their coverage is fragmented. To be certain of protection, a whistleblower is required to possess sophisticated knowledge of Australia's legal system, specifically, the precise Act which the organisation has contravened. This potential for uncertainty is compounded by the fact that, under the current protections, the whistleblower is unable to seek legal advice while retaining their statutory protections, as lawyers are not included in the list of persons to whom a whistleblower can make a protected disclosure. Additionally, there are categories of people with potentially valuable knowledge who are excluded from protection; for example, former employees or an organisation's accountant.

2.191 Government action is needed to ensure that the legislative settings:

•

actively protect whistleblowers;

•

encourage them to make disclosures;

•

provide an early warning system for regulators;

•

facilitate investigation of the disclosures made; and

•

afford procedural fairness to those who may be subject of a disclosure.

2.192 The main objective of this proposal is to remedy these shortcomings of the current legislation and meet Government's commitment made as part of the OGNAP to ensure appropriate protections are in place for people who report corruption, fraud, tax evasion or avoidance, and misconduct within the corporate sector. ^[8]

2.193 Public consultation (held in line with the OGNAP commitment) seeking stakeholders views on the adequacy of the current protections for whistleblowers in the corporate sector highlighted an urgent need for a Government action in this area and overwhelming support for the reforms proposed (see for more on consultation section 5).

Policy options

2.194 There are three policy options available to the Government.

•

Option 1 - Maintain the status quo.

•

Option 2 - Reform whistleblower protections in the Corporations Act only.

•

Option 3 - Reform and consolidate into the Corporations Act whistleblower protections currently available to whistleblowers across the financial system under legislation within the remit of ASIC and APRA and expand protections to disclosures of corporate misconduct more generally.

Option 1 - Maintain status quo

2.195 This policy option does not involve a legislative change.

Option 2 - Reform whistleblower protections in the Corporations Act only

2.196 This policy option involves strengthening protections available to whistleblowers under the Corporations Act only. The Corporations Act is amended to:

•

expand the categories of whistleblowers qualifying for protection to include former officers, employees and suppliers as well as associates of the entity in relation to which the disclosure is made, and specified family members of employees, officers and others of a regulated entity;

•

eliminating the 'good faith' requirement for disclosures so that generally the motivation of whistleblowers cannot be taken into account in determining whether a disclosure ought to qualify for be protection or not;

•

allow anonymous disclosures;

•

enhance requirements designed to protect a whistleblower's identity;

•

expanding the range of persons or entities to which a whistleblower may make a protected disclosure including to lawyers for the purpose of obtaining legal advice;

•

expand the protections and redress for whistleblowers who suffer reprisal or retaliation in relation to a disclosure;

•

improve access to compensation for whistleblowers who are the subject of such reprisals; and

•

introduce a requirement that public companies, large proprietary companies and superannuation trustees have a whistleblower policy, which will include company-specific information about the protections available to whistleblowers, as well as how the company will ensure fair treatment of employees who are mentioned in whistleblower disclosures.

-

Transparent internal whistleblower policies are essential to good corporate culture and governance. It will encourage whistleblowers to come forward as they will have confidence that they will be protected for making the disclosure. It encourages companies to take action to investigate and resolve reports of misconduct. This change also aligns the Corporations Act with the PIDA and the RO Act pursuant to which the development of such procedures is mandatory.

Option 3 - Reform and consolidate into the Corporations Act whistleblower protections currently available to whistleblowers across the financial system under legislation within the remit of ASIC and APRA and expand protections to disclosures of corporate misconduct more generally.

2.197 This policy option involves strengthening the Corporations Act provisions (as in Option 2) and also extending the proposed Corporations Act protections to other specified statutes falling within the remit of ASIC and APRA including:

•

the Australian Investments and Securities Commission Act 2001;

•

the National Consumer Credit Protection Act 2009;

•

the Banking Act 1959;

•

the Insurance Act 1973;

•

the Life Insurance Act 1995;

•

the Superannuation Industry (Supervision) Act 1993; and

•

the Financial Sector (Collection of Data) Act 2001.

2.198 In addition, the scope of protected disclosures is expanded to include information that the discloser has reasonable grounds to suspect:

•

indicates misconduct, or an improper state of affairs or circumstances, by a whistleblower regulated entity or related body corporate of a whistleblower regulated entity;

•

is an offence against any other law of the Commonwealth that is punishable by imprisonment for a period of 12 months or more; or

•

represents a danger to the public or the financial system.

2.199 The amendments make it clear that disclosures about the broad set of serious wrongdoing in a corporation or a financial sector entity are within the scope of the protection. This could include serious breaches of any Commonwealth, State or Territory law that are not criminal offences.

Cost benefit analysis of each option and impact analysis

Option 1 - Maintain status quo

2.200 Making no legislative change would result in Australia continuing to lag behind both domestic and international best practice.

2.201 If protections for corporate whistleblowers remain unchanged, there are no additional compliance costs for the businesses affected. However, the current corporate whistleblower protections remain sparingly used and there remains little to no incentive for insiders to share vital information with regulators and law enforcement agencies. With very few insiders stepping forward, the investigation and prosecution of corporate crime in Australia remains difficult, costing Australia approximately $8.5 billion a year.

Option 2 - Reform whistleblower protections in the Corporations Act

2.202 This policy option involves strengthening protections available to whistleblowers under the Corporations Act, aligning them with the PIDA and the RO Act and with what is considered to be international best practice. The reforms are designed to encourage whistleblowers to come forward by ensuring protections are in place for people who report such activities in corporations covered by the Corporations Act. This would in turn be expected to reduce misconduct over time (see further discussion below).

2.203 However, by amending the Corporations Act only (in isolation of other statutes which relate to banking, insurance and superannuation) the reforms have very limited scope as they guarantee protections for whistleblowers making the disclosures in relation to breaches of the Corporations Act only. Disclosures related to the breaches of the NCCP Act continue to lack protections. Also, the protections for whistleblowers available under legislation within APRA's remit remain unchanged. They would also not cover broader types of misconduct that a regulated entity may engage in.

2.204 This fragmented legislative setting continues to result in inconsistent approaches to handling disclosures between different statutes and regulators and requires whistleblowers to consult a number of statutes or seek legal advice in order to understand their eligibility for protection.

2.205 Possible outcomes from the implementation of Option 2 include the following.

•

Whistleblowers: will benefit from increased protections and better access to compensation, but may need to consult a number of statutes or seek legal advice in order to understand their eligibility for protection.

•

Companies: will bear the costs of developing whistleblower policies (if they don't already have one) and potentially dealing with greater whistleblowing activity. However, companies may benefit from being made aware of inappropriate behaviour within the company so that they can take action to investigate and remedy. Also, by better supporting whistleblowers the company will be able to demonstrate its commitment to good corporate practices and improved culture.

•

Regulators: will, through a potential increase of valuable disclosures, be able to more effectively take early action to investigate and prosecute corporate misconduct.

•

Public: may, as investors and customers, face slight increases in the costs of products and services, if the costs to companies of developing whistleblower policies are passed on. However, this is considered unlikely as the estimated costs calculated in this regulatory impact assessment for an average company are relatively small. Customers may also benefit from higher standards of behaviour by companies. Furthermore, the public would be expected to benefit from potential decreased levels of corporate misconduct over time and overall increase in confidence in the financial system.

2.206 Most of the proposed reforms (discussed in detail in Section 3 - Option 2) do not result in any additional compliance cost, as they build on the existing legislation and correct existing deficiencies. An exception to this is a requirement for public companies, large proprietary companies and superannuation trustees to have a whistleblower policy.

2.207 There are approximately 33,000 of these companies in Australia. We estimate that the whistleblower policy requirement will impose certain one-off implementation costs on these companies as well as annual training costs.

2.208 As there is a range in size and complexity of the companies to whom this will apply, the estimated costs are based on an expected average. Also it is expected that the average company already has a base structure in place for compliance and ethics policies and training and so development of a whistleblower policy in accordance with the proposed reforms will leverage this base.

2.209 Based on the average company, the estimated costs include the administrative time required to developing the policy (20 hours), legal advice in developing the policy (five hours), and the production of informative materials for staff members (four hours). In addition, it is estimated that each company with the whistleblower policy requirement will devote ongoing time to familiarising themselves with this legal requirement (four hours per year). Following these time estimates and a standardised labour cost, it is estimated that Option 2 will result in an overall compliance cost of $15.6 million per year over ten years.

Table 2.1 : Average annual regulatory costs (from business as usual)

2.210 Given the proposed reforms significantly strengthen the protections for whistleblowers in the corporate sector, it is not unreasonable to suggest that there could be a corresponding reduction in the cost of corporate crime as detection and prosecution of the corporate crime improves over time. This is due to whistleblowers being more willing to report misconduct because they feel better protected and are better informed about a company's whistleblowing policies.

2.211 Overseas evidence suggests that whistleblowing is important in uncovering corporate crime. A recent European Commission study ^[9] outlined the economic case for whistleblower protection in the European Union. It focused on the public procurement sector, a major component of the economy and an attractive hotspot for corruption. In this context, whistleblower protection can encourage the reporting of corrupt practices, resulting in less misuse of public funds. It found that the overall costs for setting up and maintaining whistleblower protection are quite low in comparison with the potential benefits.

2.212 This study referenced the 2016/17 Global Fraud Report ^[10] which is based on a survey and in-depth interviews with senior executives worldwide about their experience with fraud. It reports that the percentage of fraud uncovered, thanks to whistleblowers, was equal to 44 per cent in Canada, 49 per cent in the US, 53 per cent in Italy and 50 per cent in the UK, against a global average of 44 per cent.

2.213 Using the results of these studies as a guide, and considering that corporate crime is estimated to cost Australia more than $8.5 billion a year, it is reasonable to suggest that these reforms to significantly strengthen the protections for whistleblowers could have a large impact on combatting corporate crime.

Option 3 - Reform and consolidate into the Corporations Act whistleblower protections currently available to whistleblowers across the financial system under legislation within the remit of ASIC and APRA and expand protections to disclosures of corporate misconduct more generally.

2.214 This policy option extends the proposed expanded Corporations Act protections to other specified statutes falling within the remit of ASIC and APRA as well as corporate misconduct more broadly (as described by Section 3 - Option 3). The corporate whistleblower protections for disclosures made with respect to breaches of financial system legislation within the remit of ASIC and APRA are consolidated into one statue: the Corporations Act. In addition, the Corporations Act whistleblower protections will be extended to disclosures that relate to misconduct, or an improper state of affairs or circumstances, contraventions of any law of the Commonwealth that is punishable by imprisonment for a period of 12 months or more, or represents a danger to the public or the financial system. These reforms will reduce the gaps and inconsistencies that currently exist in the corporate whistleblower protection regime.

2.215 This regime is designed to work for the whistleblower and address the previously identified issues by creating a less fragmented whistleblower protection regime with broader protections for disclosures. In addition to all of the benefits of Option 2, Option 3 ensures a consistent approach to whistleblower protections in the financial system and more broadly, and greater certainty of protection for whistleblowers who are guided now by a single statue when inquiring about their protections. This reduces the risk of a whistleblower having no statutory protection if he/she discloses misconduct that is not captured by the existing, fragmented regime.

2.216 It simplifies the existing legislative regime by combining in one statute (the Corporations Act) the whistleblower protections currently spread across the statutes listed above. This approach:

•

eliminates the gaps in protections in the existing law which result from this piecemeal approach;

•

removes confusion as to which law applies;

•

reduces compliance costs for industry; and

•

ensures consistency of approach in the financial system as a whole.

2.217 Possible outcomes from the implementation of Option 3 include the following.

•

Whistleblowers: will benefit, not only from increased protections and improved access to compensation but also a greater certainty about their legal position.

•

Companies: will bear the costs of developing whistleblower policies (if they don't already have one) and potentially dealing with greater whistleblowing activity. However, those costs may be reduced by the decrease in complexity of whistleblower protections across the corporate sector.

•

Regulators: will, through a potential increase of valuable disclosures, be able to more effectively take early action to investigate and prosecute corporate misconduct. ASIC and APRA may need to process a greater number of disclosures as they receive disclosures on a broader range of misconduct from across the corporate and financial sectors. However, the reforms allow for an increased cohesion in approach to sharing information about disclosures across regulators.

•

Public: may, as customers, face slight increases in the costs of products and services, if the costs to companies of developing whistleblower policies are passed on. However, this is considered unlikely as the estimated costs calculated in this regulatory impact assessment for an average company are relatively small. Compared to Option 2, more customers will benefit from higher standards of behaviour by companies, as whistleblowers can now also make protected disclosures relevant to the National Consumer Credit Protection Act (which currently does not provide for protections) as well as any corporate misconduct more generally. Furthermore, the public is expected to benefit from decreased levels of corporate misconduct.

2.218 Similar to Option 2, with an exception of a requirement for public companies, large proprietary companies and superannuation trustees to have whistleblower policies, the proposed amendments do not result in any compliance cost, as they build on the existing legislation and correct existing deficiencies.

2.219 The compliance cost calculation for Option 3 largely follows Option 2. However, there is one key difference. Under Option 2, corporate whistleblower provisions are spread across multiple statutes relating separately to banking, insurance and superannuation. Option 3 simplifies this regime by consolidating whistleblower protections across the financial system and corporate activities more generally. Therefore, for the 33,000 eligible companies, the regime under Option 3 will be easier to interpret and it is assumed that, compared to Option 2, fewer legal services will be purchased by companies when developing their policy (four hours of legal advice in developing the policy compared to five hours). Apart from the differences in legal services costs, regulatory cost calculations for Option 3 are identical to Option 2. The estimated overall compliance cost is $15.4 million per year over ten years.

Table 2.2 : Average annual regulatory costs (from business as usual)

2.220 The slightly lower compliance cost is likely to be accompanied by a further decline in corporate crime (compared to Option 2), as this policy option extends the proposed expanded Corporations Act protections to all financial sector statutes falling within the remit of ASIC and APRA as well as corporate misconduct more broadly. This is because the simplified legislative regime which combines whistleblower protections that are currently spread across the number of statutes, as well as providing for protections for disclosures of corporate misconduct more generally, gives whistleblowers greater certainty and removes confusion as to which law applies. As a result, more whistleblowers may make protected disclosures. Therefore, it is likely that Option 3 will improve the prospects of prosecution and will potentially further reduce the incidence and cost of corporate crime.

Consultation plan

2.221 Treasury consulted extensively on this proposal publically and with each of the key regulatory agencies.

2.222 On 20 December 2016, the Minister for Revenue and Financial Services released the Review of tax and corporate whistleblower protections in Australia consultation paper. The paper sought public comment to assist the Government with the introduction of appropriate protections for tax whistleblowers and in assessing the adequacy of existing whistleblower protections in the corporate sector. Thirty-six submissions were received in response to this consultation; all were generally supportive of the proposals.

2.223 In addition, the Parliamentary Joint Committee on Corporations and Financial Services undertook an inquiry into whistleblower protections in the corporate, public and not-for-profit sectors. A vast majority of seventy-five submissions responding to the Inquiry supported reforms strengthening the whistleblower regime in Australia.

2.224 In its final report, tabled on 13 September 2017, the Inquiry concluded that existing whistleblower protections are ineffective and made 35 recommendations to strengthen them. Amongst others, the Parliamentary Inquiry recommended a single statute for Commonwealth private sector whistleblowing legislation (including tax).

2.225 The proposed reforms have regard to submissions made to both consultation processes as well recommendations made by the Parliamentary Inquiry. They also take into account recommendations made by the national and international evaluations of Australia's corporate whistleblowing regime.

2.226 Option 3, in particular, goes a significant way to address the concern of the Parliamentary Inquiry of the fragmented and inconsistent nature of whistleblower legislation including across the various pieces of legislation that apply to different parts of the private sector. The tax whistleblower reforms mentioned earlier this statement are being progressed in parallel to these corporate and financial sector reforms to ensure consistency in protections, where it makes sense to do so.

2.227 On 23 October 2017, the proposed reforms were released for public consultation as the Treasury Laws Amendment (Whistleblowers) Bill 2017. The Bill contains provisions related to both corporate and financial sector whistleblowers (consistent with Option 3), and tax whistleblowers. Thirty-nine submissions were received. Submissions were received from a broad range of stakeholders, including professional and industry bodies, legal and accounting firms, civil society groups, academics and individuals.

2.228 Feedback to the draft Bill was supportive overall and it was recognised that strengthened legislative protections for whistleblowers play an important role in reinforcing corporate accountability and encouraging whistleblower disclosures. In particular there was support for:

•

Streamlining the existing various whistleblower rules contained in legislation administered by ASIC and APRA into a single regime contained within the Corporations Act. Feedback indicated that this would address the issue that existing whistleblower legislation is disjointed and unnecessarily complex, rendering it ineffective in encouraging whistleblowers to come forward and report misconduct and wrongdoing. For example:

-

It was broadly noted that regulated entities are currently required to observe whistleblower rules under multiple pieces of legislation, and streamlining the rules will facilitate ease of compliance and consistency of application.

•

The inclusion of provisions which recognise the need for an individual to consult with a lawyer and the enforcement of the anonymity of whistleblowers.

•

Introducing a whistleblower policy requirement. Some comments included:

-

A number of stakeholders, including an academic, a law firm and a large listed company asserted that the introduction of the mandatory requirement for large companies to have a whistleblower policy is a positive reform. This requirement will assist entities in developing robust corporate governance systems while also providing a mechanism and useful guidance to individuals who may wish to report suspected or actual illegal activity.

-

A law firm noted that there is presently no requirement for corporations to have an internal policy for dealing with whistleblowers. Therefore, it is likely that in many cases, better internal procedures for dealing with whistleblowers could allow for a more mutually-beneficial outcome for the whistleblower and the organisation. At the very least, the requirement to have a whistleblower policy will ensure that employees are made aware of the protections available to whistleblowers under the Whistleblowers Bill.

-

One professional body asserted that as a matter of good practice, all companies should have sound internal whistleblowing policies and procedures that aim to detect, address and ultimately prevent corporate wrongdoing. One of the central goals of the whistleblowing framework should be to encourage companies to make internal disclosure easy and safe for whistleblowers. This will help to ensure that misconduct is addressed as early as possible, ideally before it becomes the subject of regulatory intervention. Although it is not necessary to include a statutory requirement for a whistleblower policy, the components in the draft legislation are not unreasonable.

-

Another professional body agreed that it is appropriate for large companies to have a whistleblower policy. However, extending the requirement to all public companies is not necessary, given that some public companies may be very small.

2.229 There was broad support for the draft Bill in expanding the scope of eligible whistleblowers and of disclosees, as well as improving access to compensation.

2.230 However, some stakeholders expressed uncertainty regarding how the new law may be interpreted and how regulated entities would be expected to handle disclosures. For example, a number of stakeholders expressed a concern that employees' workplace grievances appeared to be captured in the draft legislation. This feedback was addressed in the Explanatory Memorandum by making it clear that workplace grievances are not within the scope of protected whistleblower disclosures.

2.231 Other feedback sought clarification as to how large companies will satisfy the requirement of making their whistleblower policy available to all eligible whistleblowers. In response to this, the legislation was amended to require that whistleblower policies are to be made available to employees and officers only.

2.232 In addition, Treasury conducted targeted consultation with an experienced industry stakeholder on the regulatory impact of the whistleblower policy requirement. The regulatory cost estimates were refined in this statement following these discussions as follows:

•

Increase to the estimated average time for staff to familiarise themselves with the new policy from three hours to four hours each year; and

•

Decrease the estimated average hours to produce materials to inform employees about the whistleblower policy from five hours to four hours.

Option selection and conclusion

Preferred option

2.233 Having considered:

•

recommendations made by the national and international evaluations of Australia's corporate whistleblowing regime,

•

national and international best practice,

•

evidence received and recommendations made by the Parliamentary Inquiry, and

•

results of the Treasury and Parliamentary Inquiry consultation processes,

2.234 Treasury's preferred option is Option 3.

2.235 This option:

•

strengthens protections for whistleblowers and provides them with greater legal certainty;

•

simplifies the existing legislative regime as it combines in one statute the financial system legislation within the remit of ASIC and APRA, as well as expanding protections to corporate misconduct more generally; and

•

meets commitments made publically by the Government.

2.236 Option 3 also results in expected lower compliance costs to industry compared to Option 2 and is more likely to improve the detection of corporate crime in Australia.

Implementation, evaluation and review

2.237 Legislation is required to implement this proposal. The reforms will be introduced as part of the Treasury Laws Amendment (Whistleblowers) Bill 2017.

2.238 These reforms will address recommendations made by the Parliamentary Inquiry to strengthen whistleblower protections.

2.239 Prior to introduction of legislation into Parliament in December 2017, the exposure draft legislation was released for public consultation. Also, the Government established an Expert Advisory Panel to review and provide feedback on the draft legislation.

2.240 There was broad support for these reforms to strengthen whistleblower protections. There was a minority view that not all public companies needed to have a whistleblower policy. However given the broad support on the requirement to have whistleblower policy, no amendments were made to reduce the companies in scope. A small amendment was made to ensure that all superannuation trustees were captured. This did not materially alter the number of companies in scope upon which the estimated costings are based.

2.241 The draft legislation was amended to require that whistleblower policies are to be made available to employees and officers only. No other amendments were identified as being needed to ensure that the implementation of the reforms will not impose undue compliance costs for industry.

2.242 The success of the whistleblower protection reforms will be identified by:

•

an increase in protected whistleblower disclosures which instigate or materially assist investigation and prosecution of corporate crime; and

•

better protections for whistleblowers including access to compensation if they are the subject of reprisal action due to their disclosure.