Case studies

Implementing a whistleblower policy

6 minute read

This is a case study for business owners on implementing a whistleblower policy to help businesses to identify and address staff concerns, including concerns about potential bribery.  


Mary manages an events and catering business which organises and caters for functions for local businesses, schools and public organisations. She is currently applying for a local council tender to plan, cater and run the annual community festival event which takes place each January.

Mary’s senior employee, Marco, is responsible for putting together the tender application. He is assisted by Niamh, a junior consultant.

Three days before the tender is due, Marco asks Niamh to help him fix an issue on his computer. Niamh sees that he is about to send an email to the local council mayor which says:

I hope you enjoyed the bottle of wine I dropped over at your office last night; it is a taste of the trip to the wine region we have organised for you! I’d be delighted if we could catch up soon to discuss opportunities for the business in the local community.

Niamh is concerned that Marco is trying to influence the mayor to select Mary’s company for the tender by bribing him. However, she is also worried that Mary might not believe her if she speaks up about her concerns and that she might lose her job. Niamh believes that Marco will deny the allegations, and make life difficult for her in the business if he finds out she has spoken to Mary.

Niamh chooses not to share her concerns with Mary. Later, Mary notices a receipt for the wine region tour and learns that Marco has gifted it to the mayor. Mary also becomes concerned about the payment and worries it was an attempt to improperly influence the mayor’s decision making. She confidentially asks her consultants, including Niamh, if they were aware of the gift. Niamh tells Mary she was uncomfortable about the gift, but was not sure if she should say anything. 

What could Mary’s business have done to encourage Niamh to speak up?

Whistleblowers in Australia, who raise concerns about entities regulated under the Corporations Act 2001 (Cth), are protected from criminal or civil legal action. They can remain anonymous when they report misconduct to senior officers or directors within their organisation, or to a Commonwealth authority such as ASIC. Furthermore, if a whistleblower’s employer, or any other person, causes or threatens detriment to the whistleblower for making a protected disclosure, the person engaging in this conduct may be liable for a criminal offence or civil penalty.

To keep her business free from bribery and misconduct, it is vital that Mary has appropriate whistleblower policies and procedures in place. This will support employees such as Niamh to make a confidential whistleblower disclosure, and to be aware of their rights and the protections available to them if they do so.

While a medium-sized business like Mary’s is unlikely to be legally required to have a whistleblower policy under the Corporations Act 2001 (Cth), having a policy will help the organisation. For instance, businesses that encourage staff to voice concerns are likely to detect potential problems much earlier. Doing so assists in preventing unethical and potentially illegal conduct from occurring. It also helps foster a positive workplace culture. A policy that is consistent with the protections mandated under Australian law for whistleblowers also helps the business ensure its processes are consistent, and that it will not fall foul of the laws penalising companies and individuals that fail to protect employees.

Mary’s and other businesses should consider these steps.

Step 1: Establish a whistleblowing policy for your business

A whistleblower policy should include the following key components:

Purpose and scope sections

Staff will be more likely to follow the policy if they understand its purpose is to:

  • Encourage staff to speak up about potential misconduct;
  • Ensure the business acts ethically and in line with the law; and
  • Provide reassurance to staff that those who disclose misconduct will be protected from detriment, supported and treated fairly.

Your policy should also define behaviour which may amount to misconduct in your specific industry. In Mary’s field of hospitality and events, matters worthy of disclosure may include: offering or accepting bribes or incentives; conduct that may be illegal, dishonest or fraudulent; anti-competitive behaviour (like circumventing a tender process), and; conduct that is inconsistent with the business’s policies (like an anti-bribery and corruption policy), or is otherwise improper.

Information about how to make a disclosure

Your policy should include clear instructions on how a whistleblower can disclose misconduct. ASIC recommends policies provide both internal and external disclosure options, so that staff who are not comfortable raising the issue in their workplace, like Niamh, are not deterred. It should address:

  • The protections available to whistleblowers;
  • The person/organisations to whom protected disclosures may be made, and how they can be made;
  • How the business will support whistleblowers and protect them from detriment;
  • How the business will investigate protected disclosures;
  • How the business will ensure fair treatment of employees of the business who are mentioned in protected disclosures, or to whom such disclosures relate; and
  • How the policy is made available to officers and employees of the business.

Information about how disclosures are investigated

To give staff confidence that their concerns will be listened to, outline how your business will investigate the matter disclosed and what staff should expect to occur after an investigation has concluded. For more detail on how an internal complaint should be investigated, see the Investigating an internal complaint case study.  

Assurances regarding confidentiality, support and protection for staff

Your policy should outline how your business will keep the identity of whistleblowers confidential and how it will protect them from legal or workplace consequences they may fear.

It should reiterate that whistleblowers are afforded legal protection under Australian law from reprisal and detriment, and that confidentiality will be maintained by the business. It should also reiterate that offences can apply to businesses and individuals, including directors and senior managers, who breach these legal requirements. 

Step 2: Implement the policy in your workplace


Run training sessions for your staff to explain the whistleblower policy, how it operates and to give staff a chance to ask questions. Implement this kind of training as part of your induction procedures for new employees.

Also provide training to directors, senior managers and anyone identified in the whistleblower policy who may receive protected disclosures. Those individuals will need to understand how to identify a protected disclosure and what their obligations are. They can be personally exposed to civil or criminal liability if they do not understand their obligations.

Easy access

Make sure the policy is easily accessible and visible to staff. Make new employees aware of the policy during the on-boarding process, and host refresher sessions on risk management and whistleblowing so staff stay conscious of the need to prevent misconduct in the workplace.

Step 3: Review and monitor the whistleblower policy periodically

Ensuring the policy remains consistent with regulatory expectations and that it is ‘fit for purpose’ for the business will help to ensure effective management of whistleblower concerns by the business and encourage a ‘speak up’ culture. Monitoring and review help a business to identify and address issues early.

The Bribery Prevention Network acknowledges the pro-bono contribution of Corrs Chambers Westgarth in developing this case study.

Relevant resources

Understand regulatory expectations, seek to comply with legal obligations and manage whistleblowing in accordance with the Corporations Act 2001 using this guide on whistleblowing policies. The guide offers background context to whistleblowing policies. It also provides detailed steps, examples and good practice tips on how to establish, implement and maintain a whistleblower policy.

This resource offers an introductory summary of corporate sector whistleblower protection requirements under the Corporations Act 2001. It includes links to further guidance for companies on handling whistleblower disclosures and creating whistleblowing policies. This guidance can be used by companies even if they are not required to have a whistleblower policy under the law.  

Practical guidance in the form of seven considerations is provided to support business to establish and implement internal whistleblowing programs as part of their efforts to tackle corruption. The document includes a summary of the international corruption landscape and a selected overview of national and international whistleblowing laws and conventions.

Filed under Whistleblowing Detect

As type PDF Web

View resource

A resource to help develop an understanding of how internal reporting mechanisms can strengthen a business. Provides guidance on the components required for a business to have effective reporting mechanisms and early detection. Covers the benefits of whistleblower reporting mechanisms and having employees speak up about legal or ethical misconduct. 

This resource unpacks the key role played by whistleblowers in identifying instances of foreign bribery. Approaches to encouraging whistleblowers to report suspected instances of bribery to law enforcement are explored, including ensuring effective legal protection from reprisals. Case studies of the various approaches are provided from around the world to offer practical examples of the recommendations in action.

The Whispli platform has a resource centre with practical tools, videos and guidance on how organisations can establish a culture of whistleblowing protection and support.  It provides free access to the ‘Open Line’ App to enable open and secure communication with employees who may want to speak up. These resources have been developed by experts in the field of whistleblower protection.