Whistleblower protection under Part 9.4AAA of the Corporations Act

What the regime covers

Part 9.4AAA of the Corporations Act 2001 establishes a national whistleblower protection regime for the corporate sector. This regime provides protection for individuals who report suspected wrongdoing.

The regime covers disclosures relating to misconduct, or an improper state of affairs or circumstances. These disclosures must be in relation to a regulated entity, which generally includes most companies and registered trustees.

Personal grievances, such as disputes about an individual’s employment, are not generally considered protected disclosures. However, these grievances may become protected disclosures if they relate to detriment experienced as a result of disclosing protected information.

Eligible whistleblowers and recipients

The legislation recognises a broad range of individuals as eligible whistleblowers. This includes current and former officers, employees, contractors and suppliers. It also extends to associates and relatives of these individuals.

Eligible recipients of disclosures are similarly defined, encompassing a range of individuals and organisations. These include officers and senior managers of the regulated entity, the entity's auditor or actuary, and prescribed bodies such as ASIC, APRA and the Tax Practitioners Board. Disclosures can also be made to a person prescribed in the entity's whistleblower policy.

Protection for disclosures to journalists or parliamentarians is limited. Such disclosures are only afforded protection in narrow circumstances defined as ‘public interest’ or ‘emergency’ situations, and only if certain additional conditions are met.

The protections

Eligible individuals who make a disclosure are afforded civil and criminal immunity for the act of disclosing information. This protection safeguards individuals from legal repercussions arising directly from their decision to report potential wrongdoing.

Reporting a concern can sometimes be followed by negative consequences. The law recognises that detriment, such as dismissal, demotion, harassment, or intimidation, may be experienced as a result of a disclosure. Such actions are unlawful, and individuals who suffer detriment related to a disclosure are entitled to compensation and other remedies. A whistleblower policy builder can assist organisations in fostering a culture of safe reporting.

Maintaining confidentiality is a critical element of the protection regime. Revealing a whistleblower’s identity without their consent is an offence, with limited exceptions to this rule.

Whistleblower policies

Public companies, large proprietary companies, and corporate trustees of registrable superannuation entities are required to have a whistleblower policy. This requirement is established under Part 9.4AAA of the Corporations Act.

ASIC Regulatory Guide 270 provides guidance on the content and operation of these policies. The Guide explains the expectations ASIC has for entities in fulfilling their obligations.

A compliant policy must address specific areas. These include identifying who is protected under the legislation, outlining what types of disclosures are protected, specifying who can receive disclosures, detailing how the entity protects whistleblowers from detrimental treatment, explaining the process for conducting investigations, and ensuring the policy is readily accessible.