Whistleblowers-company officeholder obligations

This page is currently under review following the commencement of the new corporate sector whistleblower protection regime on 1 July 2019.

See also INFO 238 Whistleblower rights and protections and INFO 239 How ASIC handles whistleblower reports.

Company officers and other persons have legal obligations under the Corporations Act 2001 (Corporations Act) if they receive a revelation from a whistleblower. Unless those persons handle the revelation correctly they may inadvertently breach the Act if they tell an unauthorised third party, including other officers of the company. Any unauthorised revelation may trigger significant civil and criminal consequences. Before looking closer at the how a company can prepare its officers for a whistleblower’s revelation, it is useful to look at the benefits of protecting whistleblowers.

Corporate cultures of silence, which allow wrong doing to go undetected, are seen as contributing to the recent round of local and international corporate failures. A regime protecting whistleblowers is seen as part of the answer because it encourages reporting of contraventions by employees.

International whistleblower protection

Whistleblower legislation is becoming increasingly common. It has traditionally been more common in the public sector than the private sector. But in the late 1990s it started to become part of the international regulatory response to corporate fraud, particularly covering up fraud in financial reports.

In the USA the Sarbanes-Oxley Act gives whistleblower protection for corporate employees and mandates companies establish procedures to permit anonymous reporting by employees. It places the obligation to establish these on the audit committee.

In the United Kingdom, the Combined Code of Corporate Governance establishes whistleblower protections and recommends audit committees have whistleblower arrangements for financial reporting irregularities.

Australian whistleblower protection

Whistleblower legislation is in place in some States although it has historically been more focused on the public sector than on the private sector.

The Australian Government first signalled its intention to legislate in this area in 2002, in its discussion paper Corporate Disclosure: Strengthening the financial reporting framework.

The Australian Stock Exchange’s Corporate Governance Council issued Principles of Good Corporate Governance and Best Practice Recommendations in 2003. It recommends companies establish a code of conduct for directors and senior executives. The recommendations include fostering and encouraging whistleblower behaviour by staff.

Corporate culture of compliance

The need for good corporate governance policy to foster upward reporting in an environment free from recriminations and victimisation is essential if senior management and the board are to adequately manage risk and cultural issues within their company.

This need was starkly highlighted in the Australian Prudential Regulation Authority’s (APRA) report into currency option trading at the National Australia Bank (NAB), which the bank disclosed to the market in March 2004. The report said:

    NAB’s highly regimented culture acted to impede transparency and mollify the message when it involved acknowledging concerns or difficulties at operational level. (page 72 of the report)

The report identified the close management of information flows as a significant factor that discourages the escalation of issues of concern to the board or to relevant external parties.

The existence or otherwise of the types of policies identified in the NAB report will be a significant factor for you when you are evaluating the reliability of your company’s internal controls.

Under the Criminal Code of the Commonwealth, a company can be convicted of criminal offences which have an ‘intent’ element. This means that a conviction can result if it is established that a company had a culture that directed or encouraged, tolerated or led to non compliance, or that the body failed to maintain a culture that required compliance with relevant legislation. The need to be able to demonstrate a culture fostering compliance with Australian law is of great importance to a board of directors as they seek to set the tone in their company.

Protection of whistleblowers in Australia

A person is protected as a whistleblower if they are:

  • an officer or
    • an employee of a company or
      • a contractor or their employee who has a contract to supply goods or services to the company.

      The Corporations Act restricts any retaliation against a whistleblower and gives them a civil right, including seeking reinstatement of employment. Protection is extensive:

      • providing qualified privilege against defamation and
        • precluding contractual or other remedies being enforced, including civil and criminal liability, for making the disclosure. This means that secrecy provisions in employment contracts and the like will not preclude whistleblowing.

        To qualify for protection a whistleblower’s revelation must be made to:

        • ASIC or
          • the company’s auditor or a member of the audit team or
            • a director secretary or
              • senior manager of the company or
                • another person authorised by the company to receive revelations of this kind. ( e.g. outsourced internal audit functions)

                To trigger the provisions of the Corporations Act the whistleblower must:

                • give their name before making the disclosure and
                  • have reasonable grounds to suspect that their revelation indicates the company or an officer or employee has, or may have, contravened the Corporations legislation (which includes both the Corporations Act and the ASIC Act) and
                    • act in good faith.

                    The commentary on the exposure draft bill said of this requirement: ‘This is considered appropriate given the need to discourage malicious or unfounded disclosures being made to ASIC. Where a person has a malicious or secondary purpose in making a disclosure, it is considered that the good faith requirement would not be met.’

                    The protection only covers whistleblowers reporting breaches of the Corporations Act and the ASIC Act (protected disclosure). However, in many cases contraventions of other legislation will involve secondary offences under these acts because books or records have been falsified or misleading information given to the market or the auditor in an attempt to cover the primary offence.

                    Handling revelations from a whistleblower

                    Under the Corporations Act you can only pass on the revelation and the identity of the whistleblower (or information that may lead to the identity of the whistle blower) under the following circumstances:

                    • You can pass it onto ASIC, APRA or the Australian Federal Police without asking for the whistleblower’s permission.
                      • You can only pass it onto a third party if the whistleblower has given their consent. This means, for example, that a company secretary cannot pass on the revelation to members of the board or the CEO unless the whistleblower has consented to them doing this.

                      Procedures for a company

                      Good practice would suggest the need for you to set up proper internal processes for handling revelations from whistleblowers. This would include training all staff and also periodically checking on the effectiveness of your processes. The Corporations Act does not prescribe any particular procedures. Most listed companies will have already considered instigating whistleblower arrangements relating to financial reports with reporting lines to the board’s audit subcommittee.

                      Ideally your training should focus on the importance of obtaining the whistleblower's consent to pass the information on to necessary third parties so that it can be investigated or its impact assessed. Consideration should be given to ensuring the policy recommends that whistleblowers make their revelations directly to an appropriate person, such as chairman of the audit committee of the Board or some other person as required by another regulator or overseas regulatory requirement relevant to the company.

                      Where a company outsources its internal audit function consideration may need to be given to whether whistleblower revelations to these parties is encouraged by the whistleblower policy.

                      Further information

                      The whistleblower provisions of the Corporations Act are in Part 9.4AAA, which commenced on 1 July 2004.

                      Standards Australia has an Australian Standard (AS 8004-2003) on whistleblowers that will assist implementation of appropriate procedures in companies and other organisations.

                      Read our information sheet Guidance for whistleblowers.


                      ASIC gives guidance on companies’ whistleblower policies and relief to small not-for-profits

                      Media release 19-308MR. 13 November 2019

                      New regime for corporate whistleblower protections commences

                      From 1 July, whistleblowers who report misconduct about companies and company officers can access stronger rights and protections. 19-164MR. 1 July 2019

                      Whistleblower protections for not-for-profit organisations, 29 May 2019

                      ASIC welcomes new whistleblowing laws

                      Media Release 19-038MR. 21 February 2019

                      Whistleblowing - new rules, new policies, new vision

                      A speech by ASIC Commissioner John Price, 16 November 2018

                      Whistleblowers and the Corporations Act

                      Corporations Act Whistleblowing

                      ASIC Executive Director Warren Day talks about whistleblowers and the important role they play in identifying and calling out misconduct and harm to consumers and the community.

                      Read the transcript

                      ASIC and whistleblowers

                      Asic Whistleblower Thmb

                      ASIC Executive Director Warren Day discusses when ASIC will act on whistleblowing information.

                      Read the transcript

                      Fair Work Ombudsman

                      You can contact the Fair Work Ombudsman if you would like to report someone who isn't complying with workplace laws or you need help in resolving a workplace issue.

                      Last updated: 15/10/2014 12:00