Implementing a whistleblower policy
6 minute read
This is a case study for business owners on implementing a whistleblower policy to help businesses to identify and address staff concerns, including concerns about potential bribery.
Mary manages an events and catering business which organises and caters for functions for local businesses, schools and public organisations. She is currently applying for a local council tender to plan, cater and run the annual community festival event which takes place each January.
Mary’s senior employee, Marco, is responsible for putting together the tender application. He is assisted by Niamh, a junior consultant.
Three days before the tender is due, Marco asks Niamh to help him fix an issue on his computer. Niamh sees that he is about to send an email to the local council mayor which says:
I hope you enjoyed the bottle of wine I dropped over at your office last night; it is a taste of the trip to the wine region we have organised for you! I’d be delighted if we could catch up soon to discuss opportunities for the business in the local community.
Niamh is concerned that Marco is trying to influence the mayor to select Mary’s company for the tender by bribing him. However, she is also worried that Mary might not believe her if she speaks up about her concerns and that she might lose her job. Niamh believes that Marco will deny the allegations, and make life difficult for her in the business if he finds out she has spoken to Mary.
Niamh chooses not to share her concerns with Mary. Later, Mary notices a receipt for the wine region tour and learns that Marco has gifted it to the mayor. Mary also becomes concerned about the payment and worries it was an attempt to improperly influence the mayor’s decision making. She confidentially asks her consultants, including Niamh, if they were aware of the gift. Niamh tells Mary she was uncomfortable about the gift, but was not sure if she should say anything.
What could Mary’s business have done to encourage Niamh to speak up?
Whistleblowers in Australia, who raise concerns about entities regulated under the Corporations Act 2001 (Cth), are protected from criminal or civil legal action. They can remain anonymous when they report misconduct to senior officers or directors within their organisation, or to a Commonwealth authority such as ASIC. Furthermore, if a whistleblower’s employer, or any other person, causes or threatens detriment to the whistleblower for making a protected disclosure, the person engaging in this conduct may be liable for a criminal offence or civil penalty.
To keep her business free from bribery and misconduct, it is vital that Mary has appropriate whistleblower policies and procedures in place. This will support employees such as Niamh to make a confidential whistleblower disclosure, and to be aware of their rights and the protections available to them if they do so.
While a medium-sized business like Mary’s is unlikely to be legally required to have a whistleblower policy under the Corporations Act 2001 (Cth), having a policy will help the organisation. For instance, businesses that encourage staff to voice concerns are likely to detect potential problems much earlier. Doing so assists in preventing unethical and potentially illegal conduct from occurring. It also helps foster a positive workplace culture. A policy that is consistent with the protections mandated under Australian law for whistleblowers also helps the business ensure its processes are consistent, and that it will not fall foul of the laws penalising companies and individuals that fail to protect employees.
Mary’s and other businesses should consider these steps.
Step 1: Establish a whistleblowing policy for your business
A whistleblower policy should include the following key components:
Purpose and scope sections
Staff will be more likely to follow the policy if they understand its purpose is to:
- Encourage staff to speak up about potential misconduct;
- Ensure the business acts ethically and in line with the law; and
- Provide reassurance to staff that those who disclose misconduct will be protected from detriment, supported and treated fairly.
Your policy should also define behaviour which may amount to misconduct in your specific industry. In Mary’s field of hospitality and events, matters worthy of disclosure may include: offering or accepting bribes or incentives; conduct that may be illegal, dishonest or fraudulent; anti-competitive behaviour (like circumventing a tender process), and; conduct that is inconsistent with the business’s policies (like an anti-bribery and corruption policy), or is otherwise improper.
Information about how to make a disclosure
Your policy should include clear instructions on how a whistleblower can disclose misconduct. ASIC recommends policies provide both internal and external disclosure options, so that staff who are not comfortable raising the issue in their workplace, like Niamh, are not deterred. It should address:
- The protections available to whistleblowers;
- The person/organisations to whom protected disclosures may be made, and how they can be made;
- How the business will support whistleblowers and protect them from detriment;
- How the business will investigate protected disclosures;
- How the business will ensure fair treatment of employees of the business who are mentioned in protected disclosures, or to whom such disclosures relate; and
- How the policy is made available to officers and employees of the business.
Information about how disclosures are investigated
To give staff confidence that their concerns will be listened to, outline how your business will investigate the matter disclosed and what staff should expect to occur after an investigation has concluded. For more detail on how an internal complaint should be investigated, see the Investigating an internal complaint case study.
Assurances regarding confidentiality, support and protection for staff
Your policy should outline how your business will keep the identity of whistleblowers confidential and how it will protect them from legal or workplace consequences they may fear.
It should reiterate that whistleblowers are afforded legal protection under Australian law from reprisal and detriment, and that confidentiality will be maintained by the business. It should also reiterate that offences can apply to businesses and individuals, including directors and senior managers, who breach these legal requirements.
Step 2: Implement the policy in your workplace
Run training sessions for your staff to explain the whistleblower policy, how it operates and to give staff a chance to ask questions. Implement this kind of training as part of your induction procedures for new employees.
Also provide training to directors, senior managers and anyone identified in the whistleblower policy who may receive protected disclosures. Those individuals will need to understand how to identify a protected disclosure and what their obligations are. They can be personally exposed to civil or criminal liability if they do not understand their obligations.
Make sure the policy is easily accessible and visible to staff. Make new employees aware of the policy during the on-boarding process, and host refresher sessions on risk management and whistleblowing so staff stay conscious of the need to prevent misconduct in the workplace.
Step 3: Review and monitor the whistleblower policy periodically
Ensuring the policy remains consistent with regulatory expectations and that it is ‘fit for purpose’ for the business will help to ensure effective management of whistleblower concerns by the business and encourage a ‘speak up’ culture. Monitoring and review help a business to identify and address issues early.
The Bribery Prevention Network acknowledges the pro-bono contribution of Corrs Chambers Westgarth in developing this case study.