Legal Insights

Toothless no more: Australia’s new whistleblower protection laws

By Christopher Charalambous

• 20 May 2019 • 6 min read
  • Share

Australia's whistleblower laws have been overhauled.

The Australian laws pertaining to the protection of whistleblowers has long been seen as piecemeal and largely toothless. There was no single law or framework, with the public and private sectors operating under different legislation.

This has now changed with the passing of the Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2018 (Cth) by the Federal Parliament on 19 February 2019. The new legislation, which is currently awaiting Royal Assent, is a significant step forward in protecting whistleblowers by creating a single, enhanced whistleblower protection regime and contains changes that may affect developers' compliance obligations, particularly those that will fall into mandatory whistleblower policy compliance.

The new regime

The new legislation has the effect of:

  • expanding what disclosures are protected
  • expanding who is an ‘eligible whistleblower’
  • expanding range of 'disclosees' – ie. those people to whom a disclosure needs to be made in order to qualify for protection
  • introducing the ability for people to make an anonymous disclosure
  • strengthens the protections given to whistleblowers – ie. in respect of victimisation / not be subjected to or threatened with any detriment
  • introduces a requirement for certain companies to have a Whistleblower Policy.

What disclosures are protected?

A disclosure, to be protected, must be information which the whistleblower has reasonable grounds to suspect:

  • misconduct, or improper state of affairs or circumstances relating to the company. This phrase is intentionally broad. Some examples of conduct include:
    • insider trading
    • insolvent trading
    • fraud
    • money laundering
    • terrorism funding
    • activities that exploit legal loopholes to harm the administration of government programs
  • the entity, officer or employee has engaged in an offence under particular listed legislation, including the ASIC Act and the National Consumer Credit Protection Act
  • an offence under any other law of Commonwealth punishable by imprisonment of 12 months or more, or
  • a representation of a danger to the public or financial system.

Who is an ‘eligible whistleblower’?

Under the new legislation, 'eligible whistleblower' is a much wider category and now includes:

  • an officer of the organisation
  • an employee of the organisation
  • an individual who has a contract to supply goods or services to the organisation
  • an employee of a supplier of a contract of goods or services to the organisation
  • an individual who is an 'associate' of the organisation (as defined in sections 9 and 10-17 of the Corporations Act). Importantly, the new legislation also provides that whistleblower protections also apply to:
    • a relative of any of the above (eg. a spouse, child or dependant)
    • any person or organisation who formerly held any of the above positions — that is, former directors, officers, employees, contractors and closely related persons. The new legislation also provides that there is no requirement for the whistleblower to provide their name when making a disclosure to qualify for protection. This means that the whistleblower can be anonymous and that their the identity of the whistleblower, if disclosed, must be kept confidential.

Protections for whistleblowers

The new legislation strengthens the protections afforded to whistleblowers in the following ways.


  • Information whistleblowers disclose will not be admissible against them.

What constitutes victimisation is both expanded and clarified to include:

  • dismissal of an employee
  • injury of an employee in his/her employment
  • alteration of employee’s position to his/her disadvantage
  • discrimination between an employee and other employees of the same employer
  • harassment or intimidation of a person
  • harm/injury to a person, including psychological harm
  • damage to a person’s property
  • damage to a person’s reputation
  • damage to a person’s business or financial position
  • other damage to a person
  • victimisation may be directed either to the whistleblower, or certain persons associated with them – eg. family member / supporter / etc

Court costs

  • So as not to discourage whistleblowers from bringing proceedings alleging victimisation / breach of the provisions, costs generally will not be able to be ordered against the whistleblower.

Whistleblowers can also seek compensation for loss, damage and/or injury, where the person engages in the conduct that causes them detriment or threatens to cause them detriment because they blew the whistle.

Mandatory Whistleblower Policy – who needs to have one

The new legislation requires that the following organisations need to have a mandatory whistleblower policy within six months of the legislation Royal Assent:

  • public companies
  • proprietary companies that are trustees of a registrable superannuation entity
  • proprietary companies with 2 of the following 3 criteria (including entities they control):
    • Consolidated revenue of at least $25 million
    • Consolidated gross assets of at least $12.5 million
    • At least 50 FTE employees

Failure to have such a policy will be a strict liability offence and attract a penalty of 60 penalty units (currently $12,600 for an individual and $63,000 for a body corporate).

What must your policy include?

A mandatory whistleblower policy must contain the following elements:

  • the protections available to whistleblowers, including the protections available under the legislation
  • how and to whom an individual can make a disclosure
  • how the company will support whistleblowers and protect them from detriment
  • how the company will investigate disclosures that qualify for protection under the legislation
  • how the company will ensure fair treatment of employees who are mentioned in whistleblower disclosures
  • how the policy will be made available to officers and employees.

What should developers do next?

We recommend that all developers consider whether they are required to have a Whistleblower Policy in place. If they already have a policy, we recommend that they review it to ensure that it is compliant with the new legislation.

We can assist developers to understand their obligations under the new whistleblower regime and implement new or update existing whistleblower policies.

Need advice on the implications of this legislation?

Contact the Employment, Remuneration & Benefits team.

Recent articles

Online Access