The next big question for an organisation is what do you do if someone makes a disclosure?
Shana Schreier-Joffe, Consulting Principal at Keypoint Law, has warned general counsel of large or publicly listed companies they must have a whistle-blower policy in place, as of January this year.
Schreier-Joffe says if large organisations do not have this, they may be in breach of the Corporations Act 2001 (Cth) as of January 2020. She strongly advises all organisations to put in place whistle-blower policies.
“Whistle-blower legislation doesn’t just apply to the big organisations; it applies to every organisation. I think that some of the smaller businesses don’t get that,” says Schreier-Joffe.
Schreier-Joffe acknowledges that whistleblowing is not entirely new, however the reformed legislation makes it applicable to all businesses – therefore it is imperative to be across the law.
The first issue is who can make a protected disclosure?
“On this point, the Act is incredibly broad. Effectively it can be made by employees, officers, contractors, suppliers of goods and services as well as their family members,” says Schreier-Joffe.
The next step is to ensure a protected disclosure is made to a recipient, meaning an officer or senior manager. This includes senior managers, auditors, members of an audit team or people authorised by the company to receive these disclosures.
“Practically, this idea of recipients is quite technical,” says Schreier-Joffe.
“You might have an employee going to their manager and making a disclosure, that might not be protected if they’re not a recipient under the Act.”
Finally, the complaint must fall within one of the categories outlined under the Act.
Schreier-Joffe highlights the main one as the disclosure of information, where the discloser had reasonable grounds to suspect the information concerns misconduct or an improper state of affairs in relation to the company.
This raises technical questions such as to what is meant by an improper state of affairs. For example, whether a sexual harassment claim can qualify as the subject matter of a protected disclosure.
“In my view, given what sexual harassment is, and if it is pervasive across the company, then that would be indicative of an improper state of affairs and qualify,” says Schreier-Joffe.
Once these three components are made out, the disclosure is protected under the Act. That protection means the person who makes the disclosure’s identity must be kept confidential and there can’t be any adverse action taken against the discloser because of their disclosure. The exception to this is if the discloser is a participant in the misconduct.
Although there is no obligation to investigate, Schreier-Joffe encourages organisations to be responsible corporate entities. Beyond having a policy in place that complies with the Act, it is necessary to train staff on how to receive these disclosures and how one will be dealt with.
“The issue for in-house, is that you’re advising the business about their legal risk,” Schreier-Joffe says.
She notes the risk is that a protected disclosure is made to a recipient who doesn’t know what to do with it, and subsequently acts in contravention of the law.
“Practically understanding how this legislation works in your organisation is imperative for legal counsel otherwise the risk is huge,” she says.