Australia and New Zealand
A whistleblower is someone who reports misconduct such as illegal, immoral or illegitimate practices by a company to a regulatory body or senior personnel within the company. Actions that can be reported include breaches of law or breaches of company policy, and could relate to things like corruption, harassment, fraud or theft. The protections do not apply to a disclosure from a whistleblower about a personal grievance.
In Australia, ASIC and APRA can receive and investigate whistleblower reports, and a disclosure to either body enables access to the protections. They may also refer a whistleblower report to another regulator or law enforcement agency where appropriate, such as the ATO or other government enforcement bodies. ASIC can initiate formal investigations and take enforcement actions if they consider the matter an area of significant harm. They can do this through criminal proceedings, civil proceeding and/or administrative enforcement action.
There have been advocates in favour of a single independent whistleblower protection authority as a dedicated federal statutory agency to manage and enforce legal protections for whistleblowers. To date, this has not yet occurred.
Under the Corporations Act 2001 whistleblowers have rights and protections such as keeping their identity confidential, protection against certain criminal, civil or administrative action, and making it illegal for someone to cause or threaten detriment to the whistleblower for any actual, proposed or potential whistleblower disclosure.
The scope of whistleblower protections was broadened significantly in 2019[1]; namely:
To receive protection, disclosures need to meet certain requirements[2]:
A company can be liable if it fails to prevent conduct that causes detriment or threatens to cause detriment to a whistleblower[3] by reason of the whistleblowing. ‘Detriment’ can include conduct against a whistleblower to dismiss them from their employment, change their position or duties, discriminate against them, harass or intimidate them, or damage their reputation[4].
The Federal Court of Australia recently made the following observations about the current regime:
Depending on your sector or the subject matter of the protected disclosure, rights and protections can also exist under other existing legislation such as the Taxation Administration Act 1953[5], the Fair Work (Registered Organisations) Act 2009[6] and the Public Interest Disclosure Act 2022[7]. New tabled legislation may also include whistleblower protections[8].
Companies are obliged to comply with the whistleblower protections under the Corporations Act. Public companies[9], large proprietary companies[10] and corporate trustees of registrable superannuation entities[11] are required by law to have a whistleblower policy in place and to make the policy available to officers and employees[12].
The whistleblower protections are available to any discloser who makes a disclosure that qualifies for protection, regardless of whether the entity that is the subject of the disclosure must have a whistleblower policy.
An individual or company can be held liable to pay a penalty or compensation for breaching whistleblower protections[13]. Additionally, compensation may be payable if a whistleblower suffers loss, damage or injury as a result of detrimental conduct in response to a disclosure, including a potential disclosure even if the disclosure was not made.
In addition to direct infringement of whistleblower provisions, directors and officers may also find themselves exposed to allegations of breach of directorial duties.
A current ASIC investigation into the treatment of whistleblowers has been the subject of recent media attention. The whistleblowers are suing their former employer in the Federal Court with allegations of breaches of policies, bullying and victimisation. ASIC is investigating and has requested the production of certain documents from the company. Documents filed in the court case allege that the company’s whistleblower system was compromised and that employee complaints were supressed. One of the whistleblowers alleges their identity was disclosed in contravention of the and that they suffered victimisation causing detriment.
We are seeing whistleblower allegations being made in the context of employment practices liability (EPL) claims, as one element of a broader claim. If you are dealing with a EPL or Fair Work claim, consideration should be given as to whether whistleblower issues could also arise in the claim.
In a recent claim example, a whistleblower alleged the entity and certain individual directors and officers engaged in market misconduct, and that the whistleblower suffered detriment after raising concerns. There was potential for the whistleblower to approach ASIC, but the matter settled before this occurred. The D&O section of the policy covered the individual directors and officers however the entity was not insured. Consequently, a portion of defence costs and the settlement will be covered.
In another example, an employee used the company’s anonymous complaint telephone line system to make an allegation against another employee. The company determined that the complaint met the threshold of an eligible whistleblower disclosure report in accordance with their guidelines, and engaged a third party to carry out an external, independent investigation into the complaint. This is an example of how having the right processes in place can allow for the proper handling of a disclosure, but even where liability is not established, costs can be incurred when an entity is challenged about its conduct.
In New Zealand, the whistleblowing regime is governed by the Protected Disclosure (Protection of Whistleblowers) Act 2022. The primary purpose of the Act is to provide protection for individuals[14] who disclose serious wrongdoing in or by their organisations. The Act strictly prohibits contracting out.[15]
The Act defines the meaning of a discloser as a past or present employee, secondee, contractor, individuals concerned in the management of an organisation, members of the Armed Forces and volunteers working for an organisation.[16]
Serious wrongdoing is defined by the Act[17], ensuring that disclosers have a clear understanding of the types of issues that can be reported under the Act, and includes for example any act, omission or course of conduct, which is an offence, a serious risk to health or safety. A disclosure of serious wrongdoing can be made if the discloser, believes on reasonable grounds that there is or has been serious wrongdoing in or by the discloser’s organisation, discloses in accordance with the Act, and does not disclose in bad faith.
A discloser is afforded protection by the Act if they met the definitions and the disclosure of ‘serious wrongdoing’ is made to their organisation in accordance with internal procedures, or to the head or deputy of the organisation or to appropriate authority (which includes any officer of parliament, membership body of a particular profession or trade, but does not include a Minister or member of Parliament).[18]
The Ombudsman is the primary monitoring body in New Zealand and can assist individuals in making a disclosure and in ensuring their rights are protected. It also provides assistance to companies, particularly within the public sector, in developing internal policies and procedures to comply with the Act. This includes training and support to ensure companies understand their statutory obligations under the Act.
Release of protected information can mean that a complaint can be made to the Privacy Commissioner.
Protected disclosure complaints are on the rise in New Zealand with 220 complaints and enquiries lodged with the Ombudsman during the 2023/24 period, a 159 percent increase on the previous year.
A recent example in the private sector of retaliation against a protected discloser, saw the employee win their case in the Employment Relations Authority proving their employer had made them redundant because they blew the whistle on a colleague.
The Act requires public sector organisations to have internal Protected Discloser procedures and encourages all private and not-for-profit internal procedures to do the same. For public organisations, this includes a requirement to publish their procedures publicly and republish them at regular intervals. Private and not-for-profit organisation are encouraged (but not mandated) to ensure their procedures are well known and accessible.
The risk of not doing so, or breaching the rules contained in the Act could result in fines and penalties, employment relations claims, or legal action by disclosers who face victimisation or retaliation.
Company officers and senior managers need to be aware that they may be eligible recipients to whom whistleblowers can make disclosures. Eligible recipients should be trained on what to do in that situation to ensure they do not breach the whistleblower provisions when handling disclosures. Companies should review their processes and policies to ensure that they are up to date and adhered to.
Comprehensive whistleblower policies are part of good risk management. It is important to ensure your whistleblower policy contains the following:
Several insurance policies may respond to a whistleblower claim depending on the nature of the claim and the wording of the policy.
It’s important to review the specific terms of your policies to understand the extent of coverage. The risk of whistleblower related claims is expected to rise, and it is critical that your insurance program adequately affords protection against such liability.
A whistleblower disclosure may be a company’s first notice of a circumstance that may give rise to a claim under an insurance policy, either relating to the whistleblower or the problem or breach that is the subject matter of the disclosure. Early consideration should be given to what may need to be notified to your insurer as a potential claim, or form part of pre-renewal disclosures.
Speak to our experienced insurance brokers who can help you navigate this increasing risk.
