Whistleblower Protections, Policy and Practice

21 November 2019

Why Encourage Whistleblowing?

The passing of amendments to strengthen the federal whistleblower protection laws (Part 9.4AAA of the Corporations Act 2001 (Cth)) earlier this year has meant that many schools are looking very closely at the likelihood of undiscovered fraud, illegality, and serious misconduct in their school that could be the subject of whistleblower disclosures requiring the school to comply with the new laws.

Over the past few years there have been many reported instances of schools being defrauded of hundreds of thousands of dollars, often by long standing employees. There have also been numerous examples of teachers and even principals claiming qualifications they did not have, falsifying student assessments including NAPLAN results, and unreported conflicts of interest which allowed funds to be paid to suppliers where it was not in the best interests of the school. Anecdotally, there have also been even more instances where similar matters were settled privately so that trust in the school and its reputation would not be affected.


Whistleblower Protections

The requirement for public companies (including companies limited by guarantee) and large proprietary companies to have and communicate a whistleblower policy, which will apply to many schools from 1 January 2020, is an invitation to employees and directors to report fraud and misconduct. While the whistleblower protections commenced in July this year, it is likely that most schools will not yet have been faced with the reality of how they should be handling these disclosures.

While more schools will be required to comply with the whistleblower protections than will be required to have a whistleblower policy (and schools are recommended to seek legal advice on these points), the same protections apply to both situations: a school should have in place a whistleblower program to ensure that a whistleblower’s identity is not disclosed, and that they are protected from detriment. A whistleblower policy is designed to communicate those protections to employees and directors, and the circumstances in which they apply. For example, while the whistleblower laws previously required a discloser to be acting in good faith for their disclosure to be protected, the discloser’s motivation is no longer relevant. The whistleblower, however, must have reasonable grounds for suspecting the misconduct or an improper state of affairs that they are disclosing.


What does the Whistleblower Regulator Expect?

The Australian Securities and Investments Commission (ASIC) has just released Regulatory guide 270 Whistleblower policies in November 2019. The Regulatory Guide 270 (RG 270) explains how ASIC will exercise its regulatory powers in enforcing the whistleblower laws. RG 270 provides the ‘flesh’ of what must be included in a whistleblower policy and, in addition, details what it believes should be put in a policy and implemented, as a matter of good practice, in managing whistleblower disclosures.

ASIC’s earlier Information Sheet (INFO 238) Whistleblower rights and protections provided some guidance to employers on how they should protect a whistleblower’s identity, but it is only with the release of RG 270 that there is a much clearer understanding of what an organisation is expected to do to protect the identity of the whistleblower.

Just to recap: while the whistleblower laws allow disclosures to be made to ASIC, the Australian Prudential Regulation Authority and “eligible recipients” including an auditor, or external entity authorised by the school , it also includes any “officer” or “senior manager” A regulator or eligible recipient” who receives a disclosure that qualifies for protection from an “eligible whistleblower must then immediately ensure that the whistleblower’s identity is not disclosed (unless the whistleblower gives consent or as specified in the whistleblower laws), and that they are protected from detriment.

An “officer” generally includes a director/governing body member and a company/governing body secretary. Reflecting the definition in the Corporations Act, RG 270 states that a “senior manager” is:

“... generally a senior executive within an entity, other than a director or company secretary, who:

(a) makes or participates in making decisions that affect the whole, or a substantial part, of the business of the entity; or

(b) has the capacity to significantly affect the entity’s financial standing.”


How Would it be Applied in a School?

In most schools the principal will come within the definition of a “senior manager” unless they are a director; also likely to be included are deputy principals, heads of school, and business managers/bursars. Other senior staff members may also fit within the definition of “senior manager” and therefore “eligible recipient”, depending on the roles and responsibilities in the school. A key part of schools’ compliance with the strengthened whistleblower protection laws is identifying their officers and senior managers and ensuring that they are briefed about the processes for managing disclosures.

The “officer” or “senior manager” to whom a disclosure can be made need not be the person nominated by the school to receive whistleblower disclosures, and it may not be immediately obvious that the person making a disclosure is an “eligible whistleblower “or the disclosure is one that qualifies for protection. For example, if the parent making a disclosure does not have any other relationship with the school, their disclosure does not attract the Corporations Act protections. If, however, they are a volunteer at the school as they are supplying unpaid services to the school, they are an “eligible whistleblower”. And is being told about missing out on a promotion just a personal work-related grievance (which on its own will probably not be covered by the protections) or is it a disclosure that reveals that the school’s processes for staff selection and promotion are improper — in which case the disclosure may well qualify for protection?

The list of people who are “eligible whistleblowers” is long: it includes past and present officers, employees, suppliers of goods or services (both paid and unpaid) and their employees, as well as the spouses and families of any of these. The description of what constitutes a “disclosable matter” is even longer and includes broad expressions such as an “improper state of affairs or circumstances.”

If the senior manager or officer decides that all of the eligibility requirements have been met and the whistleblower protections apply, they will then need to determine the following:

  • who should be advised of the disclosure (without revealing the identity of the whistleblower or any identifying information)
  • who should conduct or initiate an investigation
  • what to tell the investigator so that they have enough information to investigate but without revealing the identity of the whistleblower
  • how to communicate any questions the investigator may have to the whistleblower and the whistleblower’s responses without disclosing the identity
  • what steps should be taken to protect the whistleblower from detriment.

Hopefully the school’s whistleblower program will include those procedures to guide as required.

Should a senior manager or governing body member — and consequently the school itself — slip up on these steps, the civil and criminal penalties can be significant. The whistleblower can also be awarded compensation for the effects of the detriment, as well as exemplary damages against the school.

As can be seen, compliance with the whistleblower legislation is complex, significant and fraught with risks.


Reducing the Risks of Breaching Whistleblower Protections

One option to help reduce those risks to a school as well as encouraging individuals to come forward and reveal fraud or misconduct is using an external whistleblower hotline. RG 270 in its Good Practice Tip 6 suggests that an organisation should give consideration to using an independent whistleblowing service to directly receive disclosures. This is provided for in the legislation by including a person authorised to receive disclosures in the list of “eligible recipients”.

ASIC sees the value of an external service for both small and large organisations. From a good governance point of view, this should encourage more disclosures as there would be a much higher level of confidence that the whistleblower’s identity would be kept confidential. From a practical point of view, using an external hotline would make it much simpler for the school to avoid breaching the legislation by revealing the identity of the whistleblower. External services can also assist schools in managing communication with whistleblowers. Furthermore, in RG 270, ASIC encourages entities to undertake investigations jointly with an external investigation firm if need be; for example, when additional specialist skills or expertise are necessary (Good Practice Tip 13).


What Should Schools Do Now?

Whether or not a school is required to have a whistleblower policy or whether it is only required to have all of the underlying protections for whistleblowers without having to communicate this to their employee and officers, all schools should be seriously assessing how to comply with the legislation. It is clear that a school must have procedures to guide its directors and senior managers should they be approached by a possible whistleblower.

Svetlana Pozydajew

Svetlana is a Senior Consultant at CompliSpace. She has over 20 years of experience in strategic and operational human resource management, occupational health and safety, and design and implementation of policies and change management programs. She has held national people management responsibility positions in the public and private sectors. Svetlana holds a LLB, Masters in Management (MBA), Master of Arts in Journalism, and a Certificate in Governance for not-for-profits.