Chapter 14

Chapter 14

Corporate whistleblowing: ASIC's performance and issues with the current protections

14.1      Paragraph (e) of the terms of reference for this inquiry provides that the committee should consider the performance of ASIC with regard to the 'protections afforded by ASIC to corporate and private whistleblowers'. The importance of this aspect of the inquiry has been underlined by suggestions that ASIC was slow and ineffective in responding to information provided by whistleblowers at Commonwealth Financial Planning Limited (CFPL) about alleged misconduct within the organisation.[1]

14.2      This chapter provides:

Why is whistleblowing important?

14.3      In his submission, Professor AJ Brown provided the following definition of 'whistleblowing':

[W]histleblowing means the 'disclosure by organisation members (former or current) of illegal, immoral or illegitimate practices under the control of their employers, to persons or organisations that may be able to effect action'...In other words, whistleblowers are organisational employees, officers and other insiders—as distinct from customers, members of the public or others who may have evidence or complain of organisational wrongdoing.[2]

14.4      There was broad agreement from witnesses that effective and appropriately broad corporate whistleblower protections were of fundamental importance in ensuring good regulatory and corporate governance outcomes. For instance, ASIC wrote that whistleblower reports provided it with 'important information about the activities and the culture of the companies and other entities we regulate'. It further noted that whistleblowers 'are often particularly well placed to provide direct information about corporate wrongdoing by virtue of their relationships or position'.[3]

14.5      Systems that encourage would-be whistleblowers to make disclosures, and that in turn protect whistleblowers from retribution, are important because whistleblowers play a key role in preventing and detecting corporate wrongdoing. Dr Bowden pointed to a 2009 PricewaterhouseCoopers survey on economic crime (along with similar surveys and studies) to demonstrate this point, noting that the survey found 'whistleblowers were the highest source for identification of internal wrongdoing'.[4]

14.6      Dr Bowden, also suggested that effective corporate whistleblower protection regimes provide substantial financial and economic benefits, not least because trusted organisations are more profitable and their costs of compliance lower.[5]

14.7      The Blueprint for Free Speech reported findings from surveys suggesting the Australian public recognises the value of measures that protect and encourage whistleblowing:

81% of Australians believe that people should be supported for revealing serious wrongdoing, even if it means revealing inside information. 87% of those surveyed in Australia, agreed that if someone in an organisation has inside information about serious wrongdoing, they should be able to use a journalist, the media, or the internet to draw attention to it.[6]

14.8      CPA Australia, meanwhile, noted that whistleblowing was 'an effective mechanism for the identification and rectification of wrongdoing'. At the same time, CPA Australia stressed that the positive benefits of corporate whistleblowing in Australia were contingent on the trust would-be whistleblowers had in ASIC to act on the information they provided. That is, would-be whistleblowers would be far more likely to actually make a report to ASIC if they were confident that the information they provided was going be taken seriously and addressed.[7]

14.9      Dr Bowden made a related if broader point in an article he supplied to the committee. In that article, Dr Bowden argued that the exposure of wrongdoing by whistleblowers was not, by itself, sufficient to ensure that the wrongdoing would cease. In his view, it was also necessary for a whistleblowing support system to 'ensure that the allegation will be investigated, and that, if found to be true, it will be stopped, and if a crime has been committed, the perpetrator will be punished'.[8]

Whistleblower protections in the Corporations Act

14.10           Since 1 July 2004, the Corporations Act has provided certain protections to whistleblower activities. These protections are intended, as ASIC notes on its website, 'to encourage people within companies, or with special connections to companies, to alert ASIC and other authorities to illegal behaviours'.[9] The protections were introduced by the Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Act 2004 (CLERP 9).

14.11         The protections in Part 9.4AAA of the Corporations Act were summarised by ASIC in its main submission to this inquiry. They include:

...protection from any civil liability, criminal liability or the enforcement of any contractual right that arises from the disclosure that the whistleblower has made. Part 9.4AAA also includes a prohibition against the victimisation of the whistleblower, and provides a right to seek compensation if damage is suffered as a result of that victimisation. For example, under Pt 9.4AAA, a whistleblower whose employment is terminated, or who suffers victimisation as a result of their disclosure, may commence court proceedings to be:

  1. reinstated to their job or to a job at a comparable level; and
  2. compensated for any victimisation or threatened victimisation.[10]

14.12         The Corporations Act also includes a confidentiality protection for the whistleblower, making it an offence for a company, the company's auditors, or an officer or employee of that company to reveal the whistleblowers' disclosed information or identity.[11]

14.13         Part 9.4AAA outlines the types of information disclosures that attract whistleblower protections under the Act; who can qualify as a whistleblower; who the disclosure of information should be made to; and the conditions in which such a disclosure must be made. In order to receive protection under the Corporations Act as a whistleblower, the person disclosing misconduct within a company must be:

14.14         In order to be protected, the whistleblower must make the disclosure of misconduct to ASIC, the company's auditor, or certain persons within that company.[13]

14.15         The Corporations Act also provides that, in order to qualify for whistleblower protection, the person making a disclosure cannot do so anonymously. The discloser must make the disclosure in good faith and have reasonable grounds to suspect that:

ASIC's role in relation to whistleblowers

14.16         ASIC has a central role in relation to whistleblowing in the Australian corporate sector. As noted above, the Corporations Act prescribes that other than internal disclosures and disclosures to a company's auditor, only disclosures made to ASIC are covered by the whistleblower protections within the Act.

14.17         It appears that ASIC receives a substantial amount of information from whistleblowers. Demonstrating this point, in its main submission ASIC noted that it received 845 reports of misconduct in 2012–13 from people who could potentially be considered whistleblowers under the Corporations Act. Table 20 in the submission provided a breakdown of the outcome for these reports—for example, 129 were referred internally for further action, 105 were resolved and 115 were not within ASIC's jurisdiction.[15]

14.18         While the Corporations Act establishes an explicit role for ASIC as a receiver of whistleblower disclosures, a number of witnesses pointed to the fact that the Act is silent on how the regulator should actually handle the information it receives from whistleblowers. ASIC itself noted that the protections:

...operate to protect and provide remedies for whistleblowers against third parties rather than mandating any particular conduct of ASIC. These protections do not deal with how ASIC is to treat whistleblowers and documents relating to whistleblowers.[16]

14.19         Similarly, while the Corporations Act establishes protections available to whistleblowers, it does not mandate or enable ASIC to act on behalf of whistleblowers to ensure their rights as whistleblowers are protected. Indeed, as ASIC noted in its submission, where a whistleblower:

...seeks to rely on the statutory protections against third parties, they will generally have to enforce their own rights or bring their own proceedings under the relevant legislation to access any remedy. The legislation does not provide ASIC with a direct power to commence court proceedings on a whistleblower’s behalf.[17]

14.20         While the Part 9.4AAA whistleblower protections do not mandate any particular conduct by ASIC in relation to whistleblowers, ASIC noted that the ASIC Act nonetheless requires it to:

...protect any information provided to us in confidence, from all reports of misconduct, whether or not the confidential information is received from a whistleblower or any other person.[18]

14.21         However, ASIC also points out that while it seeks to prevent the unauthorised use or disclosure of information provided to it by whistleblowers, current legislation does not provide additional protections for documents that contain whistleblower information, including information that might reveal a whistleblower's identity. Moreover, ASIC has had past difficulties 'resisting applications for the production of such documents during litigation'.[19] This is a cause for concern for ASIC, and as such one of its recommendations for regulatory change (as noted below) is to amend the legislation so that ASIC cannot be required to produce a document revealing a whistleblower's identity unless ordered to do so by a court or tribunal.

The need for whistleblower reform

14.22         Overwhelmingly, those witnesses who addressed the issue of Australia's corporate whistleblower framework were of the view that reform was needed in the area. ASIC itself, as discussed in the next section, argued for modest reforms to enhance whistleblower protections.

14.23         Admittedly, not all submissions received by the committee supported the case for whistleblower reform. Most notably, the Corporations Committee of the Law Council of Australia's Business Law Section maintained that there was 'no serious defect in [the Part 9.4AAA] provisions or the way they have operated in practice'.[20] This view, however, proved an exception, with most witnesses regarding the current whistleblower regime as, in varying degrees, out-of-date and inadequate. Areas of particular concern included: the Corporations Act's overly narrow definitions of who might be considered a whistleblower and the type of disclosures that could attract whistleblower protections; the absence of any requirement in the Act for internal whistleblowing processes within companies; and the fact that the Act does not mandate a role for ASIC in protecting whistleblowers.

14.24         In making the case for reform, several witnesses suggested that the current legislation had proven ineffective in protecting the interests of whistleblowers. The Rule of Law Institute focused its criticism on ASIC specifically, contending that it had failed to protect whistleblowers from reprisals.[21] CPA Australia, meanwhile, wrote that 'recent high profile cases appear to have undermined ASIC's reputation in regards to managing whistleblowing disclosures'.[22] In the CFPL matter, the decision of Mr Morris and the other CFPL whistleblowers to blow the whistle on the misconduct at CFPL ultimately proved very costly for each of them on a personal level. Professor Brown told the committee that stories like Mr Morris's:

...are not unusual, and they have not been unusual for quite a long period of time. People have been going to regulators with information; it is just that they then become quiet collateral damage and walk away from it, much as often happens in the public sector.[23]

14.25          Professor Brown suggested there was a lack of empirical evidence 'regarding the incidence, significance, value and current needs and challenges' with respect to the management of whistleblowing in Australia. While acknowledging this 'knowledge gap', Professor Brown also argued that 'Australia's legal regimes for facilitating, recognising, and responding appropriately to public interest whistleblowing in the corporate and private sectors are patchy, limited and far from international best‑practice'. He added that given the deficiencies in the primary national private sector statutory provisions on whistleblowing, 'it is not surprising that ASIC's track record as a key agency responsible for whistleblowing is generally regarded as poor'.[24]

14.26         In addition to the need to make specific improvements to the Corporations Act, Professor Brown also identified a need for a comprehensive approach to corporate whistleblower protections across jurisdictions in Australia:

As pressure builds for more effective whistleblower protection in the corporate and private sector, failure to take a comprehensive approach may well result in a proliferation of separate whistleblowing requirements on business in different areas of regulation, leading to heightened complexities, confusion and cost for Australian businesses and regulators alike.[25]

14.27         Dr Bowden made a similar point, arguing that Australia should avoid adopting a whistleblower protection scheme for each industry, as the United States has done. The complexity of the US approach, he argued, served to discourage would-be whistleblowers from reporting misconduct, as it often was not even clear who they should make a disclosure to or which legislation covered their disclosure.[26]

14.28         The Governance Institute of Australia argued that there appeared to be a 'disconnect between the regulatory framework in place for protecting corporate and private whistleblowers and the way in which it operates in practice'.[27] The Governance Institute, therefore, recommended a targeted review of:

...the regulatory framework for corporate and private whistleblowing which recognises the involvement of multiple regulators in the process of investigating and prosecuting corporate and private whistleblowing.[28]

14.29         The Governance Institute pointed to what it regarded as the technical and narrow operation of the Corporation Act's whistleblower protections. The Institute suggested that while ASIC is 'doing its best' within the constraints of the legislation, a need remains for:

...a much broader whistleblowing protection that applies to all people who bring complaints in good faith to the attention of all regulators, whether they are the ACCC, ASIC, the ATO, the Federal Police or state based authorities.[29]

The 2004 parliamentary committee report on CLERP 9

14.30         Even when the current corporate whistleblower protections were added to the Corporations Act in 2004, observers suggested that it was likely that further reform would be needed. Indeed, the Parliamentary Joint Committee on Corporations and Financial Services' (PJCCFS) report on the Corporate Law Economic Reform Program (Audit Reform and Corporate Disclosure) Bill 2003 (the CLERP 9 Bill), characterised the whistleblower protections in the Bill as 'sketchy in detail', even if their intention was clear. The committee concluded that the whistleblower protections would ultimately require 'further refinement'.[30]

14.31         Specific concerns raised by the PJCCFS included the limited scope of the definition of protected disclosures, the lack of any requirement that companies establish internal processes to facilitate whistleblowing, and the fact the proposed protections were silent on what role, if any, ASIC had in preventing reprisals against whistleblowers or acting to protect whistleblowers when reprisals took place. The PJCCFS also criticised the fact that the whistleblower protections did not extend to cover anonymous disclosures, and recommended removing the requirement that a whistleblower be acting in 'good faith'. The PJCCFS concluded that the proposed whistleblowing provisions were a step in the right direction, but 'only a first step' and 'not ambitious' at that.[31] Tellingly, the PJCCFS foreshadowed the future need for a comprehensive review of Australia's whistleblower framework:

Once the proposed whistleblower provisions come into operation, answers to the questions that it poses may become clearer. Indeed the longer term solution may be found in the development of a more comprehensive body of whistleblower protection law that would constitute a distinct and separate piece of legislation standing outside the Corporations Act and consistent with the public interest disclosure legislation enacted in the various states.[32]

Is Australia lagging behind the world on whistleblower reform?

14.32         Highlighting the lack of progress on whistleblower reform since 2004, a number of experts on whistleblowing suggested that Australia's corporate whistleblower framework had fallen behind those in other parts of the world.

14.33         Several submitters noted that high profile corporate failures had driven moves in other countries to improve systems to encourage and protect corporate whistleblowers. For example, Professor AJ Brown noted that the United States had been progressively developing and strengthening its corporate whistleblowing regime since several high-profile corporate collapses in 2000 and 2001, which led to a strengthening of the corporate whistleblower regime by the Sarbanes-Oxley Act of 2002. The global financial crisis prompted a second wave of reform of the US whistleblower framework, with the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 including provision for a whistleblower bounty program. Professor Brown noted that while the Australian reforms of 2004 were a 'partial response' to the first of the two waves of reform, Australia had made no further reforms since.[33]

14.34         Other witnesses tended to agree that Australia's corporate whistleblower protections compared poorly to those in other countries. Dr Bowden was unequivocal on this point:

We are behind the rest of the world—simple—and it is a shame that we are. As I said, I am looking for this committee to change it and bring us into the 20th century—not the 21st century, just the 20th century.[34]

Treasury's 2009 review of corporate whistleblower protections

14.35         The current corporate whistleblower protections were the subject of a 2009 Treasury options paper, Improving protections for corporate whistleblowers. In a foreword to the paper, the then Minister for Financial Services, Superannuation and Corporate Law, the Hon Chris Bowen MP, acknowledged that the current corporate whistleblower regime did not appear to be working as intended:

The importance of protecting corporate whistleblowers has been recognised for many years. However, while legislative protections have been provided under the Corporations Act 2001 since 2004, they appear to have been poorly regarded and rarely used. At the time this paper was written, only four whistleblowers had ever used these protections to provide information to ASIC.[35]

14.36         Despite the Minister's criticisms of existing protections, the review process stalled in early 2010 after a brief series of consultations on the issues raised in the options paper. In its submission, Treasury reported that the comment received on the option's paper 'provided no strong consensus on reforming protections for whistleblowers, and the issue was not taken further by the previous government'.[36]

Public Interest Disclosure Act 2013

14.37         In contrast to the lack of reform in relation to corporate whistleblowing, Australia's public sector whistleblower framework recently underwent a major reform process. These reforms were given effect by the Public Interest Disclosure Act 2013 (PIDA). Several witnesses suggested that PIDA represented a best-practice approach to whistleblower legislation, and recommended that it be used as a template for corporate whistleblower reform. For example, the Blueprint for Free Speech wrote that PIDA was a 'world-leading protection regime for whistleblowers' in the public sector.[37] The Blueprint for Free Speech argued that key elements of the protection regime for public sector whistleblowers that might be considered in some form for the private sector regime included:

14.38         Dr Sulette Lombard made the point that whereas PIDA provided some guidance to whistleblowers and others as to what happens with information provided by whistleblowers, the Corporations Act was silent on this.[39]

14.39         While by no means rejecting the value of PIDA-like arrangements in the private sector, Professor AJ Brown cautioned that 'detailed consideration' would need to be given to how such arrangements may need to be adjusted so that they operated effectively in the private sector.[40]

14.40         ASIC made a similar point. It suggested, on the one hand, that there might be 'some elements' of the public sector reforms that could be considered in a review of the corporate whistleblower protections. However, ASIC added that:

...there may also be some different considerations applying to disclosures about private institutions than public institutions, including the greater need to balance privacy and confidentiality considerations.[41]

Committee view

14.41         The committee believes a strong case exists for a comprehensive review of Australia's corporate whistleblower framework, and ASIC's role therein.

14.42         The fact that momentum appears to have been lost following the release of the 2009 Treasury options paper is unfortunate. In that paper, the then Minister for Financial Services, Superannuation and Corporate Law described the corporate whistleblower protections in the Corporations Act as 'poorly regarded and rarely used'. The committee has heard from a number of whistleblowers in the course of this inquiry, including one of the CFPL whistleblowers, whose experiences suggest that this very much remains the case. The committee notes that progress on the issue stalled in early 2010 because, as Treasury puts it, there was 'no strong consensus on reforming protections for whistleblowers'. Even if this were the case, the committee believes reform remains necessary. A comprehensive review process would help build the consensus necessary to deliver this reform.

14.43         The committee notes that PIDA includes whistleblower protections that are widely regarded as world's best-practice. As such, the committee believes a comprehensive review of Australia's corporate whistleblower should have regard to the provisions in PIDA and give detailed consideration to whether these provisions might have valuable application in the private sector.  

ASIC's revised approach to handling whistleblower disclosures

14.44         At various points during the inquiry, ASIC acknowledged that one of the key learnings from the CFPL matter was that it needed to improve its communication with whistleblowers and better utilise whistleblower information. Specifically, ASIC acknowledged that it:

...could have and should have spoken to the whistleblowers earlier, sought more information from them and, within the limitations [imposed by ASIC's confidentiality obligations or the need to ensure the appropriate administration of justice], provided them with some assurance that ASIC was interested and active in the matter, that their report was being dealt with seriously and that something was being done.[42]

14.45         ASIC informed the committee that as a result of these learnings, it had enhanced the way it identifies and communicates with potential whistleblowers. ASIC explained in its main submission that this approach seeks to ensure that ASIC:

  1. has appropriate training and expertise in all stakeholder and enforcement teams for the handling of whistleblower reports;
  2. maintains a coordinated, centralised procedure for the tracking and monitoring of all whistleblower reports;
  3. gives appropriate weight to the inside nature of the information provided by whistleblowers in our assessment and ongoing handling of the matter;
  4. provides prompt, clear and regular communication to whistleblowers to the extent possible and appropriate during our investigations; and
  5. maintains the confidentiality of whistleblowers within the applicable legal framework.[43]

14.46         In his submission, Professor AJ Brown noted that ASIC has only put in place 'operational systems to support its limited role in whistleblowing in very recent times, despite [the whistleblower provisions in Part 9.4AAA of the Corporations Act] having been in place for almost 10 years'.[44] However, during his appearance before the committee, Professor Brown acknowledged that the recent changes ASIC had implemented to improve its interactions with whistleblowers and how it handles the information they provide represents a substantial step forward. In this sense, he implied that ASIC's handling of its interactions with the CFPL whistleblowers could be viewed as historical rather than current problems. Professor Brown suggested:

...we already know that ASIC's performance on the question of managing whistleblowers has changed enormously since some of the circumstances which contributed to the inquiry and the circumstances as they stand today. So, to the extent that there might be justifiable criticism of ASIC's performance in relation to whistleblowers in 2008 or 2009, we already know that we are dealing with a completely different landscape now, because of the fact that ASIC, as the major corporate regulator, has clearly woken up to and is responding to whistleblowing as an issue in its jurisdiction in very distinct and clear ways, from which other regulators and other agencies probably can already start to learn.[45]

14.47         For its part, the Governance Institute welcomed 'the steps that ASIC is taking to improve its handling of whistleblowers', but reiterated that 'ASIC can only do so much in the narrow legislative regime that it has at the moment'. As such, the Governance Institute emphasised the need for:

...a more extensive regime giving much, much better protection not only to the regulator, which I think is what ASIC is focused on, but also to the whistleblower concerned.[46]

Committee view

14.48         The committee welcomes the steps ASIC has recently taken to improve how it interacts with whistleblowers and handles the information they provide. At the same time, the committee believes that more substantive legislative and regulatory changes will likely be required to improve Australia's corporate whistleblower framework. 

ASIC's recommended options for legislative and regulatory change

14.49         In addition to reporting on the steps ASIC has taken to improve its handling of whistleblowers and the information they provide, ASIC's main submission also provided three recommendations for regulatory and legislative change in relation to whistleblowers. These recommendations, reproduced below in Table 14.1, relate to the definition of 'whistleblower', the scope of disclosures covered by whistleblower protections and clarifying when ASIC may resist orders for the production of information that might reveal a whistleblower's identity.

Table 14.1: ASIC's options for change regarding whistleblowers

Issue

Regulatory change options for consideration by government

The definition of 'whistleblower' does not cover all of the people who may require whistleblower protections

Expanding the definition—expanding the definition of whistleblower in Pt 9.4AAA of the Corporations Act to include a company's former employees, financial services providers, accountants and auditors, unpaid workers and business partners

The whistleblower protections do not cover information relating to all of the types of misconduct ASIC may investigate

Expanding the scope—expanding the scope of information protected by the whistleblower protections to cover any misconduct that ASIC may investigate

The whistleblower protections are not sufficiently clear as to when ASIC may resist the production of documents that could reveal a whistleblower's identity

Protecting whistleblower information—amending the legislation so that ASIC cannot be required to produce a document revealing a whistleblower's identity unless ordered by a court or tribunal, following certain criteria

Source: ASIC, Submission 45.2, p. 13.

14.50         ASIC's recommendations did not prove contentious. To the extent that witnesses commented on the recommendations, it was simply to suggest that they were a good starting point for reform. For instance, Professor AJ Brown supported ASIC's recommendation that the protections in Part 9.4AAA be extended to information indicating a contravention of any legislation that ASIC can investigate, including breaches of relevant criminal law, rather than simply the corporations legislation. However, he also suggested that the extension and clarification of the definitions should be done in a way that not only aligns with ASIC's investigate jurisdiction, but also achieves the purpose of encouraging and protecting disclosures.[47]

Committee view

14.51         The committee believes ASIC's recommendations in relation to whistleblowers are a sensible and measured response to broadly recognised deficiencies in the current whistleblower protections. The committee recognises that the definition of 'whistleblower' in the Corporations Act is currently too restrictive, as is the scope of information that can attract whistleblower protections. The committee also agrees that there would be value in clarifying when ASIC can resist the production of documents which might reveal a whistleblower's identity.

14.52         While the committee believes the changes suggested by ASIC would be of benefit, it views the proposed changes as first steps in a broader reform process.

Other potential areas for reform

14.53         As noted earlier, most witnesses who addressed the issue of Australia's corporate whistleblower framework argued that there was a need to strengthen current arrangements. Ideas for reform suggested by one or more of these witnesses included:

14.54         Each of these ideas is set out below. Several of these ideas were addressed in the PJCCFS's 2004 report on the CLERP 9 Bill; where this is the case, it is noted to provide policy context.

Protecting anonymous disclosures

14.55         The PJCCFS's 2004 report on the CLERP 9 Bill recommended that the government consider extending whistleblower protections to cover anonymous disclosures. It argued that a requirement that a person making a disclosure must have 'an honest and reasonable belief' that an offence has or will be committed (the PJCCFS's preferred alternative to the 'good faith' test that was ultimately legislated) would provide a safeguard against vexatious anonymous disclosures.[48]

14.56         The government of the day rejected the PJCCFS's recommendation, arguing that extending the whistleblower protections to cover anonymous disclosures:

...may encourage the making of frivolous reports, and would generally constrain the effective investigation of complaints. Allowing anonymity would also make it more difficult to extend the statutory protections to the relevant whistleblower.[49]

14.57         Professor AJ Brown argued for the extension of whistleblower protections to anonymous whistleblowers, suggesting this would not:

...raise practical difficulties, since the protections and other obligations are only triggered if or when the identity of the whistleblower is subsequently revealed, and confirmed to be within the statutory definition above.[50]

14.58         Mr Jeffrey Morris explained to the committee that part of the reason the CFPL whistleblowers elected to make an anonymous report was that they lacked confidence in ASIC's 'ability to keep a secret'.[51] Interestingly, when asked if the lack of protections in Part 9.4AAA for anonymous disclosures gave him and his fellow whistleblowers cause to reconsider making their disclosure to ASIC, Mr Morris said it did not, because:

...if ASIC had acted on the information we had given them, the whole matter would have been resolved and we would never have needed to have broken cover.[52]

14.59         Asked if whistleblower protections should be extended to cover anonymous disclosures, ASIC responded:

We understand that potential whistleblowers may wish to remain anonymous for fear of reprisal, reputational damage or other negative consequences of their whistleblowing. Nevertheless, it can be important for ASIC to know the identity of a whistleblower for practical purposes, including to substantiate their claims and progress the investigation. However, ensuring that whistleblowers' identities can be protected from disclosure to third parties is a different and significant issue. In our submission to the Senate inquiry, we suggested providing ASIC with greater scope to resist the production of documents revealing a whistleblower's identity, in order to better ensure the protection of this information.[53]

The 'good faith' requirement

14.60         As noted earlier, in order to qualify for the whistleblower protections in the Corporations Act, a discloser must make the disclosure in good faith. In the course of the inquiry, a number of witnesses questioned the value of the 'good faith' requirement, and argued for its removal.

14.61         The PJCCFS's 2004 report on the CLERP 9 Bill recommended that the 'good faith' requirement be removed, arguing the protections should be based on the premise that:

...the veracity of the disclosure is the overriding consideration and the motives of the informant should not cloud the matter. The public interest lies in the disclosure of the truth.[54]

14.62         The then-government did not accept the recommendation, responding that the 'good faith' requirement would help minimise vexatious disclosures and ensure persons making disclosures did not have 'ulterior motives'. The removal of the 'good faith' requirement could, it argued:

...give rise to the possibility that a disgruntled employee might attempt to use the [whistleblower] provisions as a mechanism to initiate an unnecessary investigation and thereby cost the company time and money.[55]

14.63         Professor AJ Brown argued that the 'good faith' requirement is 'out of date and inconsistent with the approach taken by Australia's public sector whistleblowing legislation, as well as best practice legislative approaches elsewhere':[56]

For several reasons, 'good faith' is not a useful concept to appear at all in whistleblowing legislation. Motives are notoriously difficult to identify and may well change in the process of reporting, for example, when an internal disclosure is ignored or results in the worker suffering reprisals. Because it is such a subjective and open-ended requirement, the likely effect of a good faith test is negative—that workers simply choose not to report their suspicions about wrongdoing, because they are unsure whether or how this test would be applied to their circumstances.[57]

14.64         Professor Brown suggested that the only proper test was that which applied in PIDA: that a disclosure must be based on an honest belief, on reasonable grounds, that the information shows or tends to show defined wrongdoing; or does show or tend to show such wrongdoing, on an objective test, irrespective of what the discloser believes it to show.[58] Similarly, the Blueprint for Free Speech suggested that the 'good faith' requirement had the unhelpful effect of shifting the focus from the importance of the information disclosed to the motives of the whistleblower.[59]

14.65         Dr Bowden explained why he believed the 'good faith' requirement should be removed by way of example:

[I]f you were under a supervisor who consistently pushes the envelope on his ethical behaviour and eventually you end up by blowing the whistle on something that you think is going to get through, are you acting in good faith or not? It is hard to tell. But if you pointed out a wrongdoing, that is enough for me. My own belief is that the good faith requirement should be scrapped entirely. It is whether they have revealed a wrongdoing and a clear wrongdoing at that, a provable wrongdoing at that.[60]

14.66         Dr Brand supported Dr Bowden's reasoning, telling the committee that the issue was the 'quality of the information' rather than the motive for providing that information. Dr Brand's colleague, Dr Lombard, added that while it was reasonable to want to prevent vexatious whistleblowing, there were better ways to achieve this than the current 'good faith' test.[61]

14.67         Professor Brown explained that all the research on why people became whistleblowers indicated that a decision to make a disclosure basically involved a judgement on whether anybody was going to be interested in receiving the information, and whether the discloser would receive support and recognition for making the disclosure. Professor Brown explained that 'those very basic messages':

...are influenced very strongly as soon as you introduce things like a good faith requirement. The classic example was that, previously, I think in around 2007 or 2008, on the ASIC website there was specific guidance to anybody who was seeking to use part 9.4AAA that they would have to reveal the information in good faith. At that time, the advice on the ASIC website was to the effect that that would not include information that was malicious. All good investigators—and I have my own investigation background—know that information that is provided for malicious reasons can be just as useful and important and revealing as other information. It does not mean that it is not information which should be revealed.[62]

14.68         According to Professor Brown, the lack of precision as to what was meant by 'good faith' left whistleblowers vulnerable to accusations that they had an ulterior motive in making a disclosure. As such, would-be whistleblowers might conclude that it was not worth making a disclosure on the grounds that no one would take them seriously.[63]

14.69         In response to a question on notice, ASIC declined to take a position on the merits of the 'good faith' requirement, suggesting this was 'ultimately a policy question for government'. Nonetheless, in declining to take a position on the subject, ASIC made the general point that:

...if there are any deficiencies identified in the current whistleblower protections that may be proving to be an impediment to potential whistleblower disclosures, these should be carefully reviewed and change considered.[64] 

Protecting disclosures to third parties, such as the media

14.70         Professor Brown argued that the fact that the Part 9.4AAA protections do not extend to corporate whistleblowers who take their disclosure to the media or other third parties is a 'major gap'. There were circumstances, Professor Brown argued, in which it was widely accepted that this approach was reasonable; for example, where an internal disclosure or disclosure to the regulator was not acted on, or where it was impossible or unreasonable to make an internal disclosure or disclosure to ASIC.[65]

14.71         Asked whether the whistleblower protections should be extended to cover external disclosures to the media in certain circumstances, ASIC responded:

There may be circumstances where a person suffers reprisal following their making external disclosures to third parties, such as the media, and it may be useful to consider extending the whistleblower protections in such a situation. However, ultimately, this is a policy question for government.[66]

Improving internal disclosure systems

14.72         Several witnesses argued for the introduction of a regulatory requirement for companies to establish internal whistleblower systems. Such an approach, these witnesses suggested, could improve corporate governance outcomes while reducing the regulatory burden on ASIC.

14.73         The PJCCFS's 2004 report on the CLERP 9 Bill recognised the importance of internal corporate disclosure systems. The PJCCFS recommended that:

...a provision be inserted in the Bill that would require corporations to establish a whistleblower protection scheme that would both facilitate the reporting of serious wrongdoing and protect those making or contemplating making a disclosure from unlawful retaliation on account of their disclosure.[67]

14.74         In making its case, the PJCCFS noted that in the United States the Sarbanes‑Oxley Act requires that every public company in the United States establish mechanisms which allow employees to provide information anonymously to the company's board of directors. Sarbanes-Oxley also stipulates that disclosures made through this internal reporting mechanism constitute protected whistleblower activity.[68]

14.75         The then government did not accept the recommendation, on the basis that:

Prescribing particular systems which all companies must implement in order to facilitate whistleblowing could prove to be overly rigid and unsuitable for particular companies in the Australian market.[69]

14.76         Professor Brown explained to the committee that the overwhelming majority of whistleblower complaints in the private sector (over 90 per cent) where made internally in the first instance. In cases where an internal disclosure was dealt with quickly and properly, Professor Brown reasoned, the entire whistleblower system worked more efficiently and the burden on ASIC was reduced.[70] Professor Brown added having a requirement for companies to have internal whistleblower arrangements in place could work in the interest of a company. In fact, Professor Brown suggested that such a requirement should:

...incentivise businesses to adopt whistleblower protection strategies by offering defences or partial relief from liability, for itself or its managers, if the business can show (a) it had whistleblower protection procedures of this kind, (b) that the procedures were reasonable for its circumstances, and (c) that they were followed (i.e. that the organisation made its best efforts to prevent or limit detriment befalling the whistleblower).[71]

14.77         Professor Brown also noted that this positive approach appeared to be working in the United States.[72]

14.78         The lack of a 'mandated requirement for Australian corporates to institute internal structures to facilitate whistleblowing' was a key point of concern in the submission made by Dr Brand and Dr Lombard. Such a requirement, they argued, would encourage rates of whistleblowing, with evidence suggesting that 'the level of whistleblowing activity in a corporation is positively associated with the level of internal support for whistleblowing'. Also, rather than increasing the regulatory burden on ASIC, good internal systems 'have the potential to ensure tips are "screened", thus reducing pressure on the public regulator (i.e. ASIC) and preserving resources'.[73]

14.79         Dr Brand and Dr Lombard further noted that PIDA appears to recognise the advantages of internal reporting systems, inasmuch as external disclosures are generally only permitted after an internal disclosure has been made. In this way, they argued:

...PIDA offers a model for increased activity within corporations in relation to whistleblowing handling and response, with the possibility of concomitant increases in the level of whistleblowing activity, and the potential for reduced demand on ASIC's resources.[74]

14.80         Discussing the potential regulatory burden of a requirement for companies to establish and maintain internal whistleblower systems, Dr Brand emphasised that the internal compliance requirements that might be imposed on companies should be 'part of a positive message', and undertaken in a 'light touch' manner. Such an approach might include:

...saying the directors' annual report needs to refer to whether there is an internal whistleblowing system and whether there was ever an occasion in a given 12-month period where the timelines for response were not met, or where the matter was referred externally because the whistleblower was not happy with the response they got, which is the public interest disclosure model. We think even a little thing like that could make a big difference...[75]

14.81         Asked to comment on recommendations from witnesses aimed at improving the internal systems within corporations to encourage and protect whistleblowers, ASIC responded that this was a matter for government. At the same time, ASIC indicated that it would 'support consideration of any reforms that improve companies' governance arrangements to ensure that they support and meet their obligations towards whistleblowers'.[76]

Compensation for whistleblowers

14.82         In his submission, Professor Brown argued that the compensation provisions in Part 9.4AAA of the Corporations Act are limited and vague, providing no clear guidance about how an application for compensation can be made, the potential relief from costs risks, the situation regarding vicarious liability, the burden of proof, and so on. Professor Brown recommended that the compensation entitlements be amended so that they were consistent with PIDA.[77]

Reward-based whistleblower incentives and qui tam arrangements

14.83         A number of witnesses, including Mr Morris, told the committee that consideration should be given to introducing rewards or other monetary incentives for corporate whistleblowers. Mr Morris told the committee that a system that rewarded whistleblowers, like the system in the United States, would help to improve compliance in the Australian financial services industry:

I think what would clean up this industry overnight would be some form of financial compensation for whistleblowers that would allow them to move on with their lives and would encourage people to come forward, as we did. In [the CFPL] case, the compensation paid to victims so far is in the order of $50 million. If the institution at fault, as part of whistleblowing provisions, then had to pay the whistleblower, say, a certain percentage based on the actual compensation paid to victims—so that is established malfeasance, I suspect you would have a lot more whistleblowers coming forward. I would suspect you would find the institutions would have to improve their behaviour overnight if literally any employee could bring them down when they were doing the wrong thing with some sort of incentive—not necessarily a huge incentive, like in the United States, but some reasonable basis to allow people to move on with their lives.[78]

14.84         Asked if he was advocating an incentive based scheme to reward whistleblowers who disclose malfeasance, Mr Morris answered that he would like to see either incentives or a compensation scheme introduced:

The last time I saw the person at ASIC he basically said to me in as many words, 'Thanks for sacrificing yourself.' It is not a very attractive prospect for anybody else to want to emulate what we did.[79]

14.85         Professor Bob Baxt AO told the committee that while any reward-based system would need appropriate safeguards, careful consideration should nonetheless be given to whether would-be whistleblowers in Australia might be encouraged through monetary rewards. He suggested that with proper safeguards, it was likely:

...the regulators will get better results which means that people will get better recovery regimes and the government will get a bit of money, because it will recover fines.[80]

14.86         Professor Baxt also discounted the notion that a reward-based system would somehow be inconsistent with Australian culture. At the very least, he argued, the merits of such an approach should be subject to careful assessment before being rejected.[81]

14.87         In his submission, Professor Brown highlighted the success of qui tam or reward-based disclosure incentives in other countries, including the United States, in helping detect corporate wrongdoing. Allowing a whistleblower a percentage of the amount of money recovered from fraud or of the penalty imposed had, he suggested. 'been at the heart of a significant expansion of attention on whistleblowing by the United States Securities and Exchange Commission'.[82] Professor Brown concluded that qui tam should be considered if Australian corporate whistleblower protections are to be best practice.[83]

14.88         Dr Bowden similarly argued that Australia should consider the adoption of a rewards scheme for whistleblowers similar to that in place in the United States. He noted the monies recovered through fines and levies paid by US companies to the US Government as a result of qui tam cases.[84] In his view, concerns that a rewards scheme would negate the moral position of the corporate whistleblower were not necessarily well-founded, as the 'ultimate result is that the wrongdoing is stopped'.[85]

14.89         The Blueprint for Free Speech also suggested that consideration should be given to qui tam remedies, such as those which exist in the United States.[86]

14.90         The committee explored this point with ASIC during the public hearings. Mr Medcraft acknowledged that a reward system for whistleblowers might provide would-be whistleblowers with some comfort by knowing that, if they lost their jobs or damaged their careers as a result of their disclosure, they would nonetheless receive some compensation. At the same time, Mr Medcraft explained that before an effective bounty reward system for corporate whistleblowers could be implemented in Australia, it would likely be necessary to revise upwards the civil penalties Australian corporations were subject to:

Senator, on your question about the payment of a bounty, one of the issues, when we looked at it, is that the penalties are really low in Australia and the way that the system works in the States is that you get a percentage, and so would it actually be meaningful to have that? I guess it is a bit of a chicken-and-egg situation. If the penalties were more realistic then paying a percentage of them actually might then become an incentive. So I think you need to look at the issue with the penalties in mind as well.[87]

14.91         Mr Medcaft added that ASIC had also considered whether a reward-based system would be consistent with Australian culture:

Are we a bounty hunter culture? Is it the Australian ethos to go after money in the same way? That is really a matter for community debate. But certainly, as you say, in America is seems to work quite effectively—getting a bounty. But I think you need to look at the issue from a cultural perspective and then, secondly, the incentive—and making sure that it does give them that comfort, that they will have that financial security.[88]

ASIC's role as an advocate for whistleblowers and the penalties for victimising a whistleblower

14.92         A key finding to emerge from the committee's consideration of the protections afforded by ASIC to corporate and private whistleblowers is that ASIC does not appear to have a clear substantive role in protecting the interests of whistleblowers. Indeed, as noted earlier, ASIC stated that whistleblowers 'will generally have to enforce their own rights' if seeking to rely on the statutory protections.[89] Asked if it was fair to conclude that ASIC does not have a substantive role as an advocate for corporate whistleblowers, ASIC agreed that the current whistleblower provisions 'do not either require or empower ASIC to treat whistleblowers or the information they provide in any particular way'.[90]

14.93         One of the more troubling pieces of evidence received from Mr Morris was that the CFPL whistleblowers were effectively reconciled to losing their jobs as a result of their decision to make a disclosure to ASIC. In his first submission, Mr Morris recalled that when the whistleblowers met with ASIC for the first time on 24 February 2010 (16 months after providing ASIC with an anonymous report) they were told by an ASIC official that from that day forward they had whistleblower protection, but that 'wouldn't be worth much'.[91] Asked about this comment, Mr Morris told the committee that he believed the ASIC officer in question was 'just being frank' about the limitations of the whistleblower protections:

[T]he whistleblower protection basically, as he said, [are] not worth much. But I think we had made a decision. We recognised at the outset that we would be giving up our jobs by what we were doing.[92]

14.94         On the CFPL whistleblowers' expectations regarding ASIC's role in protecting them, Mr Morris also told the committee:

...I do not think at the outset we seriously expected ASIC to protect us. If you look at their whistleblower protections, there are a lot of weasel words in there and it is very, very limited. I suspect, if a company wants to get rid of a whistleblower, they never do it because you are whistleblower.[93]

14.95         In an article by journalist Adele Ferguson, Mr Morris indicated that he was essentially left to negotiate his own exist from the CBA when he raised concerns with ASIC about death threats he believed had been made. He reported that:

...I was told by my ASIC contact in a rather offhand manner, 'It's probably bullshit, but if you're worried, go to police.'[94]

14.96         This issue is by no means new. In fact, in its 2004 report on the CLERP 9 Bill, the PJCCFS noted that while the Bill made causing, or threatening to cause, detriment to a whistleblower a contravention of the Corporations Act:

...it does not specify whether ASIC or the company have a role in preventing reprisals from taking place and if they do what action they should take. In other words, it is unclear whether the onus rests solely on the whistleblower who has been subject to unlawful reprisal to defend his/her interests or whether the agency receiving the report should assume some responsibility for protecting the whistleblower.[95]

14.97         In light of this, the PJCCFS recommended that 'a provision be inserted in the Bill that would allow ASIC to represent the interests of a person alleging to have suffered from an unlawful reprisal'.[96] However, the PJCCFS's recommendation was not accepted by the government of the day. The government argued that in instances where a company violates the whistleblowing provisions, whistleblowers could pursue compensation under the statute:

Existing section 50 of the ASIC Act already provides ASIC with the ability in certain circumstances to commence civil proceedings in a person's name to recover damages. Where it is in the public interest, this would generally permit ASIC to represent a whistleblower in a claim for damages. However, this provision would not permit ASIC to conduct a criminal prosecution or to represent a whistleblower in an action for reinstatement. The Government considers that an ability for ASIC to represent a person in this sort of action is not necessary.[97]

14.98         Several witnesses suggested this current state of affairs was unacceptable. Professor Brown, for example, argued that ASIC needed the ability to investigate and remedy alleged reprisals regardless of whether the primary alleged wrongdoing is being investigated.[98] In his appearance before the committee, Professor Brown underlined the importance of this issue:

[T]he crucial question is: whether or when or which Commonwealth regulator, whether it is ASIC or whether it shared, should have a responsibility for being able to, more or less, intervene and seek remedies or take injunctions or step in in the management of and in the fates of individual whistleblowers before it gets any worse. Or if it has already got to the stage of being something which is compensable damage, stepping in to make sure that the action is taken that would lead to that compensation being paid. So the questions are about who should provide the real glue in the system to make protection and/or compensation real. Those are very important questions. Somebody has to do it, otherwise it will not happen.[99]

14.99         Professor Brown subsequently explained that in the absence of an overarching system for protecting all corporate whistleblowers, ASIC should have a responsibility to protect its own whistleblowers. However, he suggested there was ultimately a need to:

...think about creating an infrastructure whereby that responsibility can be satisfied more effectively, whether it is by the Fair Work Ombudsman or through the Fair Work system, or more generally, or a separate office that covers whistleblower protection right across all employers, so that ASIC does not have to do it and can retain its core focus on corporate regulation and enforcement of corporate law.[100]

14.100    Professor Brown recommended that, consistent with the approach taken in PIDA, the victimisation of whistleblowers in circumstances of deliberately intended detriment should be a criminal offence.[101]

The need to keep whistleblowers 'in the loop'

14.101    Mr Jeffrey Morris told the committee that one the frustrations of the CFPL whistleblowers was what he referred to as the 'one-way flow of information'. This was a reference to the lack of information from ASIC about how it was acting on the information provided by the whistleblowers.[102]

14.102    The Blueprint for Free Speech wrote that for whistleblowers, who often risk their jobs and even their long-term careers to reveal wrongdoing, it is very important to know that something is being done about the wrongdoing they have disclosed.[103]

14.103    As noted earlier, ASIC claimed that one of the lessons it has taken from the CFPL matter is that it needs to improve the way it communicates with whistleblowers. According to ASIC, it has already implemented a new approach to how it manages whistleblowers and the information it receives from them (as outlined earlier).

14.104    Dr Brand and Dr Lombard noted that the Corporations Act provides little or no guidance in terms of keeping a whistleblower informed of actions taken in relation to the information they provide. This serves, they argued, to dissuade would-be whistleblowers from making disclosures. By contrast, PIDA outlines how disclosures should be dealt with and imposes a general obligation to investigate disclosures. Further, where a decision is made not to investigate a disclosure, PIDA:

...creates a statutory requirement to inform the whistleblower of the reasons why, and requirements are imposed in relation to the length of any investigation, as well as an obligation to give the whistleblower a copy of the report of the investigation.[104]

14.105    When asked about Dr Brand and Dr Lombard's suggestion, ASIC responded that whereas PIDA was directed towards the inherent public interest in the transparency of public institutions, different considerations may need to be weighed in regard to the private sector. ASIC acknowledged the interest whistleblowers have in how ASIC has acted on the information they have provided, and reiterated that it had updated its approach to communicating with whistleblowers. At the same time, ASIC told the committee that there were limitations on the amount of information it could provide to whistleblowers:

Whistleblowers are not themselves subject to confidentiality obligations, and they may have different or additional motives to those of ASIC. In general, it can be difficult for ASIC to be as open about our investigations as we would like to in all cases, including because this could jeopardise the success of the investigations or future legal proceedings. These factors would all need to be considered in deciding whether to include such requirements in Pt 9.4AAA.[105]

Committee view

14.106    The committee believes there is merit in a number of the recommendations for whistleblower reform made by witnesses during the inquiry.

14.107    The weight of evidence received by the committee would suggest that Australia's corporate whistleblower protections should be extended to cover anonymous disclosures. The committee also believes the 'good faith' requirement serves as an unnecessary impediment to whistleblowing, and should be removed from the Corporations Act.  The committee received some evidence suggesting that the whistleblower protections should be extended to cover external disclosures to third parties, such as the media, in certain circumstances. On the face of it, this would seem a sensible reform. However, the committee believes that further consideration of the issue is required.

14.108    The committee acknowledges the importance of internal whistleblower systems, and believes that consideration should be given to mechanisms that encourage or require companies to implement such systems. The benefits of any regulatory requirement that companies implement such systems should, however, be weighed against the regulatory burden this might impose on Australian businesses.

14.109    The committee notes that most witnesses who addressed the issue of compensation or rewards for whistleblowers felt that consideration should be given to introducing a reward-based or qui tam scheme for corporate whistleblowers. This would represent a fundamental shift in approach to corporate law enforcement in Australia, and the committee is mindful of concerns that such an approach might be considered by some to be inconsistent with Australian culture. Nevertheless, the committee agrees with witnesses that reward-based or qui tam systems do seem to improve rates of whistleblowing, and by extension the detection of corporate misconduct. As such, these approaches should be given careful consideration as part of a broader review of Australia's corporate whistleblower arrangements.

14.110    Another aspect of the current whistleblower protections in the Corporations Act that concerns the committee is that ASIC does not appear to have a clear role in actually ensuring that the protections are applied. At the same time, the committee is not convinced that ASIC currently has the expertise or resources necessary to act as an effective advocate for whistleblowers. Therefore, the committee believes that, subject to a broader review of Australia's corporate whistleblower arrangements, an 'Office of the Whistleblower' should be established within ASIC. The office could provide a dedicated point for all whistleblowers to contact ASIC, ensuring that specialist staff are managing and protecting whistleblowers. The office could also undertake work to encourage whistleblowers to come forward, and would be advertised in a prominent place on ASIC's website. An Office of the Whistleblower could also help improve ASIC's communication with whistleblowers and ensure that they are kept 'in the loop' regarding any action taken in relation to the matters raised by their disclosures (subject, of course, to ASIC's confidentiality obligations and the need to ensure the appropriate administration of justice). In this sense, the office would help embed and advance the work ASIC has recently undertaken to improve its ongoing communication with whistleblowers.

14.111    Finally, the committee notes Professor Brown's concern regarding the adequacy of penalties that can be imposed if a whistleblower is victimised. While little evidence was received on this point, the committee believes this issue should be considered as part of a broader review of Australia's corporate whistleblower arrangements.

Recommendation 12

14.112    The committee recommends that, consistent with the recommendations made by ASIC, the government develop legislative amendments to:

Recommendation 13

14.113    The committee recommends that an 'Office of the Whistleblower' be established within ASIC.

Recommendation 14

14.114    The committee recommends that the government initiate a review of the adequacy of Australia's current framework for protecting corporate whistleblowers, drawing as appropriate on Treasury's 2009 Options Paper on the issue and the subsequent consultation process.

Recommendation 15

14.115    The committee recommends that, subject to the findings of the broader review called for in Recommendation 14, protections for corporate whistleblowers be updated so that they are generally consistent with and complement the protections afforded to public sector whistleblowers under the Public Interest Disclosure Act 2013. Specifically, the corporate whistleblower framework should be updated so that:

Recommendation 16

14.116    The committee recommends that, as part of the broader review called for in Recommendation 14, the government explore options for reward-based incentives for corporate whistleblowers, including qui tam arrangements.

Navigation: Previous Page | Contents | Next Page