Protection of whistleblowers has been amended and expanded in the Corporations Act 2001 (Cth) (Corporations Act) which is applicable from 1 July 2019. Certain companies will be required to have a whistleblower policy which adheres to the amended legislation from 1 January 2020.
The requirement for a Whistleblower policy is not applicable to all companies, it applies to:
Given the far reaching impact, we recommend every company should design and implement a whistleblower policy, or at least have a process in place through which whistleblowers can report fraud instances anonymously.
As reported by the Association of Certified Fraud Examiners (ACFE) in its 2018 Report to the Nations, an organisation loses an average of 5% of their annual revenues to fraud and 40% of the reported frauds are detected via whistleblowing .
Most organisations are under a delusion that no fraudulent activity has ever taken place in their organisation because it was never reported/detected. Absence of detection does not necessarily mean that no fraudulent activity has ever taken place, but it may indicate that the organisation’s internal processes are not sufficiently strong to detect a fraud or the people associated with the organisation are not comfortable in reporting a fraud. This could be because of an inherent fear of being targeted or victimised once the fraud is reported. Implementing a whistleblower policy or an anonymous reporting process provides an additional layer of protection and confidence for a whistle blower to come forward and raise concerns without the fear of being targeted or losing their job.
One suggested tactic is for an organisation to form a committee of senior management/board members and designate the committee with an email ID. The organisation may then encourage the employees to anonymously report potential fraud to the committee via the given email. The employees can report potential frauds using anonymous IDs which will give them a level of comfort to report suspected frauds without the fear of being victimised.
In order to ensure that the policy is compliant with section 1317AI of the Corporations Act, the policy must set out the following:
The organisation may also consider including a discussion on whether the whistleblower would like to be identified or to remain anonymous, and the process to be followed in either case. There should also be processes in place to manage situations where the person of interest in regards to the disclosure is also a recipient of the report.
If the company has a whistleblower policy in place, then it is the company’s responsibility to review the existing policy and update it to ensure compliance with the current amendments. Upon review, it is possible that the existing policy may require a complete overhaul and a new policy designed afresh.
If the company does not have a whistleblower policy or has not updated its existing whistleblower policy by 1 January 2020, it may be charged with a penalty up to $12,600.
Designing a policy is only half the job, but it is also important to ensure that the policy is well implemented and meets its objectives. As a better practice, the company should organise training sessions to educate senior management about the changes in the whistleblower policy including anonymity of the complainant, and to also inform the employees about the protection granted under the whistleblower policy.
In case of breach of confidentiality and anonymity, the individual may be charged with a civil penalty up to $1.05 million, while the company may be charged with a penalty up to $10.5 million.
We understand you may have a number of unanswered questions. To have a detailed discussion on how to comply with the amendments or learn how Findex specialists can be of any help, contact your local adviser.
 2018 Report to the Nations | ACFE