Changes to the Corporations Act's whistleblower protection regime will implement a wide-ranging whistleblower protection regime across the private sector. However, these reforms will also impact Government entities incorporated under the Corporations Act 2001 (Cth) and should therefore not be overlooked by the public sector.
The changes to the Federal whistleblower protection regime
From 1 January 2020, the changes to the whistleblower protection regime brought in by the Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019 (Cth) will take effect and will provide whistleblowers with greater protections. These increased protections are facilitated by a range of new measures, including:
- more types of conduct which can be the subject of a disclosure (an eligible disclosure);
- expanding the category of persons who can make eligible disclosures, and to whom an eligible disclosure can be made; and
- ensuring that subject entities have a robust policy to deal with eligible disclosures.
All levels of Government in Australia have incorporated a range of companies under the Corporations Act which are commonly known as Government Business Enterprises, Government Owned Corporations and Local Government Owned Corporations. In addition, public sector entities such as Universities or Departments of State have for a long time incorporated companies to undertake procurement activity for a major project or to carry out a project or other commercial venture.
While these type of Government vehicles will be subject to the expanded whistleblower protection regime under the Corporations Act, a critical challenge for these entities will be incorporating the expanded regime into existing processes and procedures to deal with other integrity regimes – such as State-based anti-corruption and whistleblower regimes – to ensure that all obligations and requirements under each regime are appropriately managed and discharged.
How the Commonwealth regime will interact with State regimes
Under the Corporations Act whistleblower protection regime, the conduct or wrongdoing in question is defined broadly to include conduct, amongst other things, in the form of misconduct or an improper state of affairs in relation to the regulated entity or a related body corporate. The scope of conduct that could be captured by this definition is likely to be expansive and there are no statutory definitions to assist in the interpretation of this phrase.
In addition, under the Corporations Act regime, the scope of persons who can make eligible disclosures will include employees, officers and service providers. Such is the broad nature of this definition, it is likely that conduct that falls within this definition will also trigger State-based conduct based integrity regimes, for example the Crime and Corruption Act 2001 (Qld) as well as the Public Interest Disclosure Act 2010 (Qld).
In this example, this will mean that the entity will be required to assess the subject conduct against all three of these regimes to determine if each has been triggered and from this point whether there is an obligation to refer the conduct to a regulatory body and deal with the various steps and procedures established under each regime in investigating and dealing with the substance of the conduct.
Furthermore, it is usual that these assessment, reporting and management-related obligations will need to be undertaken simultaneously and concurrently with each regime imposing specific requirements and timeframes.
It is therefore not inconceivable that an entity could be dealing with three regulators and three separate statutory processes in dealing with the same conduct which could present a unique range of legal and reputational risks and challenges as in many cases, a failure to properly deal with allegations of wrongdoing can itself be actionable under the relevant integrity regime.
A way forward
Given the potential for multiple regimes to be triggered, it is important that subject entities carefully consider each disclosure on a detailed and careful basis in assessing and dealing with the conduct so that any reporting or procedural steps have been properly and appropriately discharged.
As a first step in dealing the Corporations Act regime, entities must have a policy for dealing with eligible disclosures.
It will then be necessary to review other integrity-based policies and procedures to determine whether any of the other integrity regime requirements are inconsistent with those requirements, and how those inconsistencies can be managed to ensure that all requirements are satisfied. Entities can also consider whether all integrity-based policies and procedures can be dealt with under a single policy.
This could be a complex process and it may be that the scale of any inconsistencies and the ability for these processes to combine will not be known until the Corporations Act regime is more familiar and understood both in legal and practical application.