The new mandatory whistleblower protection regime imposes rigorous requirements on corporate Australia: from 1 July 2019, Australian companies are required to protect whistleblower employees and must also implement a compliant whistleblower policy by 1 January 2020.

The reforms mean a significant increase to the protections afforded to corporate whistleblowers as well as tough civil and criminal penalties for breaches of the regime, including penalties up to $10.5 million.

Here, senior associate Kristy McCluskey outlines the changes and provides some practical tips on what you need to do.

Does it affect your company?

The new regime applies to public companies and large proprietary companies across all sectors.

A proprietary company is defined as 'large' for a financial year if it satisfies at least two of the following criteria:

• Consolidated revenue of $50 million or more.
• Consolidated gross asset value of $25 million or more.
• 100 or more employees.

In determining whether a company meets these criteria, entities it controls must also be included.

What should the policy include?

On 7 August 2019, ASIC issued Consultation Paper 321 along with draft guidance on the requirements of an entity's whistleblower policy. A policy needs to contain information about—

• the protections available to whistleblowers, including external eligible whistleblowers
• who can provide advice on or receive a disclosure
• how to make disclosures, and disclosable matters to which the policy applies
• how the company will support whistleblowers and protect them from detriment
• how the company will investigate disclosures
• how the company will ensure fair treatment of employees mentioned in disclosures
• how the policy is to be made available to officers and employees of the company
• how the company will monitor and report on the effectiveness of the policy.

What practical steps do you need to take?

There are some fundamental steps companies need to take to ensure a rigorous and transparent process:

• Review and revise your whistleblowing policy so that you have a compliant policy in place by 1 January 2020.
• Ensure your whistleblowing policy enables anonymous reporting in your organisation.
• Ensure your whistleblowing policy sets out the criteria for a discloser to qualify for protection under the Corporations Act.
• Enable an effective and secure reporting procedure which is critical.
• Carefully consider how you store and manage incident reports to maintain confidentiality.
• Make sure your people understand the changes and the correct way to report and manage incidents.

What's next?

ASIC welcomed the reforms and is seeking comments on Consultation Paper 321 and the draft regulatory guidance by 18 September 2019. The final regulatory guide is expected to be released in October 2019.

In the meantime, if you have any questions about whether your company is required to have a whistleblower policy and your compliance requirements, please contact our team.