Whistleblower reporting and protection for your business

Technology Insights

There are now legal requirements for companies to have whistleblower avenues in place and ensure whistleblower protection when receiving, managing and investigating reports, which bring companies up-to-date and beyond the whistleblower requirements for the public sector.icon-risk_management_legal_advisory-grey3.png

As an organisation’s first line of defence, a workforce holds the most amount of information regarding your operations, risks, and day-to-day running. So, listening to them is critical.

Is your business compliant with the law?

If not, RSM's Fraud & Forensic Services team regularly manage whistleblower reports and operate RSM's whistleblower reporting service for clients.

The following are the sort of concerns a whistleblower can raise on which a spotlight can be put for management’s attention:

  • Fraud, bribery and corruption allegations
  • Code of Conduct or integrity breaches
  • Ethics breaches
  • Occupational Health and Safety
  • Compliance breach
  • Internal control weaknesses or exploitation
  • Bullying and harassment
  • Security incidents including terrorism
  • Confidential information or data breach
  • Cyber fraud, cyber incident
  • Human Resources or People & Culture or similar incidents
  • Environmental incidents

What is the New Corporations Act?

New Corporations Act whistleblower reforms came into effect for companies from 1 January 2020 with penalties applying for non-compliance. A key part of the requirements is for companies to have a whistleblower policy including an effective avenue for receiving whistleblower reports as well as safeguards and protections for whistleblowers.

“Whistleblower policies are an important component of corporate governance and can help promote a more ethical corporate culture,”
ASIC Commissioner John Price said.
“They encourage employees to speak up and alert management to changes that are necessary to address misconduct and improve their performance.”

Source: ASIC Commissioner John Price, (Dec 2019).



From 1 January 2020, certain companies will be required to have a whistleblower policy that complies with the new section 1317AI of the Corporations Act 2001 (Cth).

Some of the key Corporations Act whistleblower reform legislation that you should know are as follows.

Under the Corporations Act for companies, an eligible whistleblower is a current or former:

  1. Officer (usually that means a director or company secretary)
  2. Employee
  3. Contractor (or a contractor’s employee) including volunteers
  4. Associate of the company (such as a business the company acts in concert)
  5. Trustee, custodian or investment manager of a superannuation entity, or an officer, employee, or a goods or service provider to a trustee, custodian, investment manager
  6. Spouse, relative or dependant of one of the above people referred to in 'a' to 'e'

Under the Corporations Act for companies, a disclosable matter is:

  1. Misconduct
  2. An improper state of affairs or circumstances
  3. Information about the company or an officer or employee that -
    1. Breaches the Corporations Act
    2. Breaches other financial sector laws enforced by ASIC or APRA
    3. Breaches an offence against any law of the Commonwealth punishable by imprisonment for 12 months or more
    4. Represents a danger to the public or the financial system

Note: A disclosable matter is not a personal work-related grievance

icon-audit-checklist-blue.pngUnder the Corporations Act for companies, companies must have a Whistleblower Policy which must include:

  • The protections available to whistleblowers;
  • To whom disclosures that qualify for protection may be made, and how they may be made;
  • How the company will support whistleblowers and protect them from detriment;
  • How the company will investigate disclosures that qualify for protection;
  • How the company will ensure fair treatment of employees of the company who are mentioned in disclosures that qualify for protection, or to whom such disclosures relate;
  • How the policy is to be made available to officers and employees of the company; and
  • Any matters prescribed.

How can RSM help?

RSM’s Fraud & Forensic Services team provide clients with one or more, or all, of the following avenues of whistleblower reporting (24/7 365 days of the year), as well as program set-up advice and investigative response if required:

  • A telephone helpline through a 1800 number
  • Website
  • Email
  • Physical mail
  • Physical address for a visitor
  • Other avenues

For more information about whistleblowing services

Do you have a question about, or require whistleblowing, protected disclosure or whistleblower legislation services? Get in touch with Roger Darvall-Stevens, RSM's National Head of Fraud & Forensic Services, for more information.
Roger is a Director and National Head of Fraud & Forensic Services and has over 25 years of experience in forensic investigations and forensic accounting, fraud, bribery and corruption control, related training, forensic IT, compliance (including foreign bribery and corruption risk), and corporate security. 



Subscribe to Risk Insider to stay up to date with the latest in Technology, Fraud and Security.