Please change your location to view this page.
This page contains content that does not match your current location
Whistleblower protection laws under the Corporations Act 2001 (Cth) (Corporations Act):
- encourage whistleblowers to come forward with their concerns about misconduct or breaches of the law and protect them when they make a disclosure
- promote good risk management and corporate governance, and
- promote ethical behaviour by organisations and encourage them to deal with disclosures of misconduct seriously
If whistleblower protection laws apply to your organisation, your organisation will need to comply with the protection requirements including:
- keeping a whistleblower’s identity and information confidential, unless the organisation has the person’s consent to disclose the whistleblower’s information, and
- preventing the organisation or an officer or employee of the organisation, causing detriment to or victimising a whistleblower
Who do the whistleblower protection laws apply to?
Entities that the whistleblower protection laws under the Corporations Act apply to include:
- companies registered under the Corporations Act (including unincorporated registrable bodies), and
- corporations which meet the definition of a ‘trading or financial corporation’ under the Australian Constitution (these may include incorporated associations and other structures not incorporated under the Corporations Act if they are a ‘trading or financial corporation’)
If you are not sure whether your organisation is a trading or financial corporation, refer to ASIC’s guide on this.
Depending on how your organisation is registered and the organisation's size, it may also need to put a whistleblower policy in place.
Who must have a whistleblower policy?
Your organisation must have a whistleblower policy if it is a public company (including a public company limited by guarantee), a large proprietary company or a proprietary company that is the trustee of a registrable superannuation entity.
However, there is an exemption for not-for profit public companies limited by guarantee with annual consolidated revenue of less than $1 million.
While not-for-profit companies limited by guarantee with an annual consolidated revenue of less than $1 million are not required to have a whistleblower policy, they must still comply with the whistleblower protection provisions in the Corporations Act. The best way to demonstrate compliance may still be to have a whistleblower policy.
How do I prepare a whistleblower policy?
A whistleblower policy must include information about:
- protections available to whistleblowers
- how and to who the whistleblower may make the disclosure
- who may make a disclosure ('eligible whistleblowers')
- how the company will support whistleblowers and protect them from detriment
- the types of wrongdoing that can be reported under the policy (and examples of disclosable matters)
- the matters that are not disclosable matters covered by the policy
- how the company will investigate disclosures
- how the company will make sure employees mentioned in disclosures, or related to disclosures, will be fairly treated, and
- how the policy will be made available to officers and employees
ASIC has published a guide (Regulatory Guide 270) to help organisations prepare a whistleblower policy that complies with the Corporations Act.
For more guidance on whistleblower protection laws, see our fact sheet ' Whistleblower protection laws and not-for-profit organisations’ below.
This fact sheet covers:
- what is whistleblowing?
- why do we have whistleblower protection laws?
- who is protected as a whistleblower?
- an overview of the whistleblower protection laws
- do the whistleblower protection laws apply to your organisation?
- key responsibilities of not-for-profit organisations and their officers under whistleblower protection laws
- when is a whistleblower policy required?
- offences and penalties for failing to comply with whistleblower protection laws