It's time to give your whistleblowing program a COVID-19 refresh

By Amanda Lyras and Grace Paton
17 Aug 2020
The COVID-19 pandemic has given whistleblowers greater scope to make complaints, while at the same time creating practical impediments to the effectiveness of whistleblower programs, so you should review your policies and processes – or risk a mismanaged whistleblower issue snowballing into reputational and financial damage.

Many organisations will have already implemented whistleblowing-specific policies and processes, with all public companies and large proprietary companies being required to have a whistleblowing policy in place from 1 January 2020 that complies with the Corporations Act 2001 (Cth).

Those policies and processes, along with so many others in our society designed in simpler times, are being put under considerable strain by the COVID-19 pandemic, which has created a perfect storm for increased whistleblowing complaints arising from situations specific to the pandemic, such as:

  • inadequate management of workplace health and safety measures;
  • non-compliance with JobKeeper legislation, new regulations or various public health directions; and
  • business and supply chain disruptions.

Add in economic turmoil and a harsh job market, and some individuals will have a greater incentive to raise allegations against a company in the hope of generous pay-offs. And with the 24-hour media cycle focused on the pandemic, COVID-19 related whistleblower allegations can generate significant reputational harm as well as material legal risk.

It may be tempting to put reviewing whistleblowing policies and processes on hold while other pressing business-critical matters are dealt with, but this could lead to serious issues going unaddressed, and/or frustrated whistleblowers escalating their concerns to third parties, including regulators and the media.

What challenges has COVID-19 presented for whistleblowing programs?

Alongside the increased risks COVID-19 presents in a whistleblowing context, the pandemic has real potential to hinder the practical effectiveness of an organisation's whistleblowing program.

The first challenge comes from remote working arrangements, which can impair management's visibility of employee issues and disputes, and hinder the effectiveness and accessibility of normal channels of reporting for staff to flag issues.

Secondly, even if a report is made, there may be delays or a failure to respond to it in the face of other pressing business priorities, particularly where the individuals involved in a whistleblowing program have other important strategic responsibilities.

A third challenge comes from organisation restructures and any associated redundancies, which may mean that roles and responsibilities under an organisation's whistleblowing policy have shifted and need to be reconfigured.

Finally, third parties involved in a whistleblowing program (such as an anonymous hotline operator) may be experiencing significant impacts on their operations, which can have adverse flow-on effects to the organisations they support.

A flexible, adaptive whistleblowing policy that reflects current business operations is key to managing and responding to increases in whistleblowing disclosures brought on during COVID-19. This may require amendments to any current policies and processes, for example, to reflect changes in personnel or reporting arrangements. The importance of making appropriate amendments is also underscored by the fact that, under the whistleblowing provisions in the Corporations Act, a Court may have regard to the extent to which an organisation has given effect to its whistleblowing policy when determining if it is vicariously liable for victimising conduct on the part of one of its employees. Thus, it is important that what is reflected in a whistleblowing policy is actually being lived by the organisation.

Ensuring that any updates to whistleblowing policies and processes are effectively communicated to staff is also key, so that they know how and where to make complaints or disclosures about serious issues despite any workplace changes. Even where updates are not required, it is still prudent to remind staff about the avenues available to them to report concerns, particularly in an environment where they may be feeling more dislocated and there is a greater potential for issues of a serious nature to arise in light of the business and regulatory impacts of the pandemic.

How are Government priorities shaping the importance of having an effective whistleblowing program?

Employers should also be wary of enhanced government and regulatory focus on investigating and punishing COVID-19-related misconduct, as well as other corporate misconduct, as new laws are introduced and regulatory scrutiny intensifies.

For example, in the Australian context:

  • the Fair Work Ombudsman in publishing its strategic priorities for 2020-21 has stated it will be focused on allegations of "serious non-compliance with workplace laws" including complaints about JobKeeper. While the Fair Work Ombudsman conceded it will support workplaces through the pandemic and seek to reduce the regulatory burden on those sectors hit hardest by COVID-19, its priorities for 2020-21 include pursuing large corporate underpayments, fast food, restaurants and cafes, horticulture, sham contracting and franchise arrangements; and
  • the Australian Taxation Office has also announced its plans to zero in on fraud and other schemes designated to take advantage of the various government stimulus packages, including establishing a confidential tip-off line.

Engaging in the types of misconduct set out above can fall within the ambit of reportable conduct under the whistleblowing provisions in the Corporations Act and the Taxation Administration Act respectively, which extend to "misconduct and an improper state of affairs or circumstances" in relation to an entity, including its tax affairs. This means, if allegations of this nature are raised, you must carefully consider the application of whistleblowing laws and protections.

More broadly, organisations must stay on top of legal and regulatory changes for their business operations and any additional enforcement measures as they are introduced to ensure compliance. As part of this, it is critical to have a robust response plan that can be activated when compliance concerns are raised by whistleblowers, which includes dealing with any related governmental inquiries, investigations or litigation.

What should organisations be doing?

In the current environment, it is critical to have an effective, robust and up-to-date whistleblower program in place to deal with whistleblowing complaints, including where they concern COVID-19-related issues.

Some key things for organisations to consider in this context include:

  • Update whistleblower policies and processes to address any workplace changes: whistleblowing policies and processes should be carefully reviewed to determine whether the roles, responsibilities and reporting channels set out in them need to be updated to account for any workplace changes necessitated by COVID-19 – for example, in light of any corporate restructures and associated redundancies, bandwidth challenges of staff involved in the program, or operational constraints faced by third party service providers. Investigation protocols may also need to be updated to address remote working arrangements and provide appropriate support to whistleblowers, witnesses and respondents;
  • Keep lines of communication open: with more staff working remotely than ever before, some employees may feel increasingly disconnected or isolated. Consider ways to keep communication and reporting channels accessible, so that staff are encouraged to raise any identified or suspected issues internally. This may include reminding staff of the avenues available to them to raise concerns, and encouraging managers or supervisors to check in regularly with their teams about any issues they are encountering.
  • Adapt confidentiality measures: with remote working arrangements necessitating greater reliance on electronic data storage and communication, security protocols should incorporate the use of appropriate information barriers in relation to document storage, and limit access to communications that may contain confidential whistleblowing information. This is necessary to support compliance with the strict confidential requirements that apply under the Corporations Act to protected whistleblowing disclosures, the breach of which is a criminal offence; and
  • Ensure you are abreast of whistleblower laws, regulations and guidance: late last year, ASIC introduced the "Regulatory Guide 270 – Whistleblower policies" which prescribed an extensive list of fairly onerous and mandatory matters which, in ASIC's view, ought be included in a whistleblowing policy that is compliant with the Corporations Act. If this hasn’t already been done, captured entities (being public companies and large proprietary companies) should ensure their policy is up to date and compliant with the Guide.


Get in touch

Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this communication. Persons listed may not be admitted in all States and Territories.