Australian whistleblower reforms - public and large proprietary companies must have a whistleblower policy

On 1 July 2019, new provisions of the Corporations Act 2001 and the Taxation Administration Act 1953 came into effect to improve “whistleblower” protection in Australia, including the requirement for some companies to have a whistleblower policy.

A “whistleblower”, in relation to a company, includes:

  • an individual who is, or has been, an officer or employee of that company and any relative or dependant of that person; and

  • an individual who supplies goods or services to that company.

Whistleblower Policy

By 1 January 2020, public companies, large proprietary companies and proprietary companies that are trustees of a registrable superannuation entity must have a whistleblower policy.  It will be a criminal offence if a company that must have a whistleblower policy does not have one. 

The whistleblower policy for such a company must include information about:  

  • the protections available to whistleblowers under the legislation (such as maintaining the confidentiality of the whistleblower, protection for whistleblowers against legal action, and protection for whistleblowers from detriment);

  • to whom disclosures that qualify for protection may be made (e.g. ASIC, APRA and eligible recipients, being an officer, auditor or actuary of the relevant company), and how disclosure may be made;

  • how the company will support whistleblowers and protect them from detriment;

  • how the company will investigate disclosures that qualify for protection;

  • how the company will ensure fair treatment of employees of the company who are mentioned in disclosures that qualify for protection, or to whom such disclosures relate;

  • how the policy is to be made available to officers and employees of the company; and

  • any other matters prescribed by regulations.

While only public companies, large proprietary companies and proprietary companies that are trustees of a registrable superannuation entity must have a whistleblower policy, the whistleblower regime under the Corporations Act applies in respect of all companies (regardless of size), while the regime under the Taxation Administration Act is broader and applies in respect of companies, individuals, partnerships, trusts and unincorporated associations. 

As such, even if you are not required to have a whistleblower policy, you must ensure that you are aware of and comply with the relevant whistleblower regime.

ASX Recommendations

For public companies that are listed on the ASX, Recommendation 3.3 of the ASX Corporate Governance Principles and Recommendations (4th Edition) also provides suggested content for whistleblower policies which should be considered.


If you are a company that must have a whistleblower policy, we recommend that you start preparing your policy (if you don’t have one), or start reviewing your current policy (if you do), to ensure it meets the new requirements.  We also suggest that all companies and businesses consider their internal policies, procedures, guidelines and training to ensure they are compliant with the new laws, and that relevant officers and employees understand their obligations.

If you have any questions on the new whistleblower protections or need any assistance preparing a whistleblower policy or internal polices or guidelines, please do not hesitate to contact:

Troy Mossley, Senior Associate, on M: +61 (0) 403 212 939 or E:

Ken Gitahi, Senior Associate, on M: +61 (0) 401 450 220 or E: