New Whistleblower Protection regime to start 1 July

Kott Gunning Partner Tom Darbyshire discusses the new Whistleblower Protection regime under the Corporations Act, which comes into force on 1 July. Companies must actively comply with the new laws because the ramifications of getting it wrong are serious, he writes. Tom Darbyshire


Previously we wrote in the article Businesses Take Note about important changes to the laws protecting corporate whistleblowers in Australia. For many years the Corporations Act contained provisions making it an offence to victimise certain people who disclose wrongdoing by corporations. But the protections were so limited and heavily qualified that they were practically meaningless. The much needed reforms we wrote about last year were delayed by many months, but have finally become law and will come into effect on 1 July 2019. Whistleblower protection under the Corporations Act now has some teeth, and companies need to take active steps to comply with the new laws. The consequences of getting it wrong are serious.


The new whistleblower protection laws were introduced in Parliament with some fanfare in December 2017. After being approved by a Senate Committee in March 2018,  they were meant to commence from 1 July 2018.

1 July 2018 came and went without a whisper on the subject. But just when we thought corporate whistleblowing reform had been kicked down the road to a less preoccupied future government, Federal Parliament has passed the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2018, which contains some significant changes to the Bill we wrote about last year.  The Act received Royal Assent on 12 March 2019, which means most parts of it will become operative from 1 July 2019.

How the New Laws Work

Whistleblower protection can apply when a person discloses information about wrongdoing by “regulated entities”.  These include companies, banks, insurers and superannuation trustees. If the discloser meets the criteria set out in the new laws, they are entitled to various protections. For example, they can’t be charged or sued for making their disclosure, and it can be an offence for another person to reveal their identity or to victimise them for the disclosure.

It is very important to understand the criteria that attracts whistleblower protection. A discloser who gets it wrong loses the protection against being sued, sacked or victimised.  A company that goes after a protected whistleblower, or that fails to prevent one of its employees or agents from doing so, could be liable for a range of substantial new penalties.

Who does it apply to?

These new laws don’t apply to everyone, although the categories of people who can get protection has been considerably expanded. Prior to these reforms, the only people who qualified for protection from detrimental action were current officers, employees and contractors of the regulated entity. This has been expanded to include past officers, employees and contractors; suppliers to and associates of the regulated entity; and the relatives and dependents of those people (referred to in the new Act as “Eligible Whistleblowers”).

What does it apply to?

Whistleblower protection will only be relevant if the information is about a “disclosable matter”, ie “misconduct, or an improper state of affairs or circumstances” relating to a regulated entity, or a related party to the regulated entity. It is not uncommon to see whistleblower protection invoked to address matters that are essentially workplace disputes, rather than matters of public interest. A disclosable matter that constitutes only a “personal work-related grievance” won’t attract protection.

Disclosable matters that will attract protection include: –

  1. breaches of particular legislation in the corporate, financial and credit sectors, including (but no longer limited to) the Corporations Act and ASIC Act;
  2. any breaches of any Commonwealth legislation punishable by imprisonment of 12 months or more; or
  3. behaviour which represents a danger to the public, or to the financial system.

When does it apply? 

The Eligible Whistleblower must make the disclosure to ASIC, APRA or an “Eligible Recipient”, which is now an officer, senior manager, auditor or actuary of the regulated entity, or a related company. Although the new protection regime will commence on 1 July, disclosures can be about matters which occurred before that date.

How Whistleblowers are Protected

If all the boxes are ticked, i.e. an Eligible Whistleblower reports a Disclosable Matter about a Regulated Entity to an Eligible Recipient, affected companies have to be very careful.

The whistleblower can’t be subjected to any criminal, civil or administrative liability for making the disclosure. Even if the protected disclosure constitutes a flagrant breach of contract by a company’s employee, the employee can’t be disciplined or sacked if the new laws apply.

It is an offence to reveal the identity of the whistleblower to anyone other than regulators and your lawyer, without the whistleblower’s consent. And it is an offence to threaten or cause “detriment” to a whistleblower because of the disclosure. The definition of detriment includes most of the behaviors that whistleblowers are often subjected to because of their actions – dismissal, harassment, discrimination and disadvantage in employment, physical and psychological harm, to name a few. A company can be liable to pecuniary penalties of up to $1 million for breaching these provisions.

Companies can also be liable to compensate the whistleblower for the losses they have suffered as a result of the detrimental behaviour. The remedies available to whistleblowers are much better defined under the new laws than was previously the case. A court can now order injunctions, reinstatement and apologies as well as compensation.  And, in order to encourage the use of the new laws, whistleblowers will not be liable for the costs of legal proceedings for compensation or any other remedy, unless the whistleblower sues vexatiously or without reasonable cause.

How Companies are Affected 

A company obviously faces substantial potential liability if it fails to realise that it is dealing with an Eligible Whistleblower who is entitled to protection under the new laws. Any attempts to discipline them or take other action against them because of their disclosure will be void, and may well constitute victimisation.

The problem is particularly acute if the victimisation occurs in the workplace. Employers can be ordered to pay compensation for victimisation carried out by an employee. In the earlier version of the Bill, a company could defend such a claim on the basis that it had exercised reasonable precautions to avoid the victimising conduct, but this didn’t make it into the Act. A court can take such reasonable precautions into account when deciding whether to make an order against an employer. A court can also take into account whether a company had a whistleblower protection policy in place, and whether it was complying with that policy. But these things will not prevent a court making such an order against a company if it wants to do so.

Companies also need to be aware that Eligible Whistleblowers who don’t get satisfaction can now take it further. In some circumstances, where the disclosure involves matters of public interest which haven’t been addressed, or imminent dangers to personal health or the environment is involved, the whistleblower can take the matter to the press or their local MP. All the whistleblower protections will continue to apply.

You Need a Whistleblower Protection Policy

Whistleblower protection has been recognised as an important feature of open and transparent governance for a long time. But most businesses, if they have considered it at all, have treated it as a low level compliance exercise of marginal significance.

Clearly that needs to change. It has always been the case that people closest to a company are usually in the best position to see that something is going wrong. Therefore, having systems in place to allow those people to report wrongdoing without reprisal is an important tool for correcting that wrongdoing.  Whether or not a company’s board believes this, companies will now need systems in place to recognise and deal with Eligible Whistleblowers and protected disclosures. Otherwise, lawful disciplinary action could turn out to be illegal victimisation, and a company may have no recourse when its internal problems are being splashed all over the front page of a newspaper or website.

But the best reason for having a whistleblower protection policy in place, for public and large private companies, is that they won’t have a choice. It will be an offence for these companies not to have a policy in place which sets out information about various matters, including:

  • The protections available to whistleblowers;
  • to whom disclosures can be made;
  • how the company will support and protect whistleblowers, and people named by them;
  • how the company will investigate disclosures;
  • how the policy will be made available to officers and employees of the company.


The Act which has now been passed goes further than the Bill. The original Bill received fairly lukewarm endorsement from the Senate’s Economic Legislation Committee in March last year, so further changes were not unexpected.  Public Interest disclosures to journalists, the exclusion of personal workplace grievances, and the removal of the reasonable precautions defence for employers, are all examples of amendments that found their way into the new law in the latter part of last year.

Even in its amended form, the new Act does not attempt to make the sweeping changes recommended by a Parliamentary Committee in late 2017, which called for a central whistleblowing authority, and bounties for whistleblowers. Although it isn’t at all clear how these ideas would work in Australia, they have received a lot of support in recent months from the ALP. In the event of a change of government in May, further reforms in this area are not out of the question.

But in the meantime, Australian companies have plenty to be getting on with to ensure that they are ready for a new era in Whistleblower Protection.


Disclaimer: The information published in this paper is of a general nature and should not be construed as legal advice. Whilst we aim to provide timely, relevant and accurate information, the law may change and circumstances may differ. You should not therefore act in reliance on it without first obtaining specific legal advice.


Partner Tom Darbyshire joined Kott Gunning in 1997 and became a partner in 2002.  Between 2008 and 2012 he was Managing Partner, and he resumed that role between October 2014 and March 2016. Tom has extensive experience as a litigator and has appeared as Counsel in all State and Federal Courts, with the exception of the High Court. He specialises in matters arising out of the Corporations Act, particularly in relation to directors’ duties, corporate governance and insolvency. He regularly advises individuals, directors of SMEs and large organisations on directors’ duties, governance issues, compliance and risk arising not only from the Corporations Act, but also in relation to the Privacy Act, Personal Property and Securities Act and the Australian Consumer Law. And more recently, the legal aspects of cyber security including managing personal and company reputation under new mandatory reporting laws. Tom advises individuals, directors, liquidators, secured and unsecured creditors and businesses on all aspects of insolvency and reconstruction.  Tom is a professional member of the Australian Reconstruction and Insolvency and Turnaround Association. Contact Tom at or connect via LinkedIn

You can also connect with Kott Gunning via LinkedIn or Twitter