A new era has begun: whistleblower protections in Australia

Following extensive debate and consultation, a new whistleblower protection regime commenced in Australia on 1 July 2019. The new laws provide a single, strengthened whistleblower regime that covers the corporate, financial and credit sectors with significant penalties (both civil and criminal) for non-compliance. The effect of the legislation is to extend protection to eligible whistleblowers (referred to in the legislation as ‘disclosers’) from reprisals where they make a qualifying disclosure.

The new laws amend the Corporations Act 2001 (Cth) and the Taxation Administration Act 1953 (Cth) and provide for the following:

  1. an eligible whistleblower is now a person who can be a current or former employee, officer, contractor, or an associate of a company/organisation and includes such person’s spouse, relative or dependent;
  2. to qualify for protection, the eligible whistleblower must make a disclosure about a ‘regulated entity’, which includes a company, a bank, a provider of insurance, a superannuation entity/trustee or an incorporated association or body corporate that is a trading or financial corporation;
  3. the whistleblower must believe, on reasonable grounds, that misconduct has occurred or an improper state of affairs or circumstances exist in relation to a regulated entity. The disclosure can include allegations that the company or an officer or employee of the company has:
  • breached the Corporations Act;
  • breached other financial services, banking or consumer credit protection laws enforced by ASIC[1] or APRA[2];
  • committed an offence against any other Australian law punishable by imprisonment for a period of 12 months; or
  • otherwise undertaken activities that represent a danger to the public or the financial system;
  1. an eligible whistleblower can make their disclosure known to an ‘eligible recipient’ of a company/organisation (which includes an officer, senior manager, a designated person, an approved whistleblower complaints service/hotline or to the external accountant);
  2. an eligible whistleblower can also make a disclosure to ASIC or APRA and in certain circumstances, to a member of parliament or a journalist;
  3. eligible recipients must keep the identity of the whistleblower confidential at all times (except with the whistleblower’s consent or in other limited circumstances);
  4. legal action cannot be taken against whistleblowers for making a protected disclosure nor can any detriment (or threatened detriment) be caused to a whistleblower. A whistleblower can seek redress in the Courts for victimisation (without fear of adverse costs orders); and
  5. importantly, disclosures about workplace grievances or made by competitors and customers (who do not otherwise qualify as eligible disclosers) are excluded by the new laws.

Mandatory whistleblower policy

From 1 January 2020, all Australian public and large proprietary companies must have a whistleblower policy. The content of the policy is prescribed by the legislation and is to include:

  1. the person/organisations to whom protected disclosures may be made, and how they can be made;
  2. how the company will support whistleblowers and protect them from detriment;
  3. how the company will investigate protected disclosures;
  4. how the company will ensure fair treatment of employees of the company or organisation who are mentioned in protected disclosures, or to whom such disclosures relate;
  5. how the policy is to be made available to officers and employees of the company; and
  6. any other matters prescribed by the regulations from time to time.

Way forward

Companies and organisations are strongly encouraged to familiarise themselves with the new regime, update their policy framework, nominate eligible recipients and review information handling processes given the sensitivity about the nature of disclosures and the identity of the whistleblower.



[1] Australian Securities and Investment Commission

[2] Australian Prudential Regulation Authority