13 min read

Developing a Whistleblower Policy

Featured Image

A compliant whistleblower policy must be implemented by large businesses by 1 January 2020. The policy must include certain mandatory content.

Failure to do so by 1 January 2020 is a criminal offence if you are a public company, large proprietary company, or a corporate trustee of an APRA-regulated superannuation entity. 

You must also be prepared to respond to ‘emergency disclosures’ and ‘public interest disclosures’ and ensure your processes are robust enough to comply with this significantly expanded regime.’

Although not necessarily mandatory for other organisations, a Whistleblower Policy is good governance practice.



State the intended objective of the policy

Example: To encourage reporting of wrongdoing that is of a legitimate concern to persons while protecting those persons who have made the disclosure.



State the context to which the policy applies such as the entities name/s, location/s and other encompassing factors such as interested parties, suppliers, stakeholders etc.

Example: This Policy applies to the XXX Group Pty Ltd in its entirety throughout Australia and New Zealand. It encompasses all Directors and personnel including executives, managers, staff, contractors, consultants and volunteers. The policy extends to clients and suppliers as far as it relates to the operations of XXX Group Pty Ltd.




A person who reports wrongdoing in accordance with this Whistleblower Policy that includes but is not limited to:

  • Breaches of legislation or is otherwise illegal (including whistleblower laws, corporations law, theft, drug sale/use, violence or threatened violence or criminal damage against property

  • Unsubstantiated allegations which are found to have been made maliciously, or knowingly to be false. These will be viewed seriously and may be subject to disciplinary action that could include dismissal, termination of service or cessation of a service or client relationship

  • An unethical breach of the Code of Conduct

  • Is corrupt or is an abuse of public trust or position as a public official, is dishonest or fraudulent, perverts the course of justice

  • Unreasonably endangers health and safety or the environment

  • Is serious or substantial waste (including public money or public property)

  • Is gross mismanagement or repeated breaches of administrative procedures


Ethical behaviour

Ethical behaviour is agreed codes and standards and involves demonstrating respect for key moral principles that include honesty, fairness, equality, dignity, diversity and individual rights.


Situations in which a person chooses to withhold their identity. And ensure it does not become traceable.


Obligation to retain personal information securely without sharing or otherwise exposing to others. This applies whether provided verbally or in written form.


Responsibilities and accountabilities shall be assigned for delivery of the policy and procedures through to resolution.

Example: XXX Group Pty Ltd employees and representatives shall practice honesty and integrity in fulfilling responsibilities and comply with all applicable laws and regulations.

Any person raising an allegation or complaint must act in good faith and have reasonable grounds for believing the information disclosed indicates a violation. Any allegations that prove not to be substantiated and which prove to have been made maliciously or knowingly to be false will be viewed as a serious disciplinary offense.

It is the responsibility of all board members, officers, employees and volunteers to report concerns about violations of XXX Group Pty Ltd code of ethics or suspected violations of law or regulations that govern the XXX Group Pty Ltd operations.

Supervisors and managers are required to report complaints or concerns about suspected ethical and legal violations in writing.

The appointed Compliance Officer or designated board member who has the assigned responsibility and training to investigate all reported complaints. The Compliance Officer will advise the Director, CEO and/or the Board of Directors of all complaints and their resolution.



The policy statement shall be clear, unambiguous, legislative complaint and achievable.

The policy statement shall include:

  • Encouragement to report suspected or actual illegal, unethical or inappropriate events including behaviours or practices without retribution

  • Protection of person/s making the disclosure

  • Non retaliation requirement

Example: XXX Group Pty Ltd is committed to a code of conduct and ethics that promotes and supports a culture of honest and ethical behaviour, corporate compliance and good governance.

Any person or entity working with or within XXX Group Pty Ltd could be in a position to identify behaviour, processes or systems that not conducive to legal, ethical or appropriate behaviour.

XXX Group Pty Ltd encourages the reporting of any instances of suspected unethical, illegal, fraudulent or undesirable conduct within the business environment and provides protective measures for persons reporting such matters.

Persons should expect and will receive, without fear of intimidation, disadvantage or reprisal the following:

  • Total anonymity

  • Protection from reprisal, discrimination, harassment, victimisation or retaliation

  • An independent internal inquiry or investigation

  • Resolution and/or rectified

  • Being informed about the outcome


Procedures shall be documented in clear simple terms and be made readily available to all stakeholders and interested parties. It is common practice to include the policy and process [or links] in inductions, on the company website and included contracts and agreements. Where necessary this documentation should be made available in other than English language.

Example: XXX Group Pty Ltd has an open and encouraging policy/procedure requesting employees to share their questions, concerns or complaints with their direct line supervisor.

  • If you choose not to speak with your supervisor or you are not satisfied with your supervisor’s response, please speak with the Compliance Officer [Insert name & contact XXX]. This person is specifically trained in this role and fully understands the need for confidentiality and anonymity.

  • Supervisors and managers are required to report complaints or concerns about suspected ethical and legal violations in writing to the Compliance Officer as soon as it is reported to them or they identify the need themselves.

  • The Compliance Officer shall take notice, inform the complainant of the intended process and shall commence the investigation asap. On investigation:

  • Legal and code of conduct breaches shall be specifically identified. Immediately identified breaches shall be reported to the Director/CEO/Board and regulator as/if applicable.

  • If an investigation requires outside expertise or regulator involvement this shall be referred to the Director/CEO/Board as applicable for approval before the investigation proceeds to resolution.

  • Investigations shall provide actions and outcomes to be addressed until a satisfactory resolution is achieved. This shall be progressively reported to the complainant.

  • Violations or suspected violations of complainants privacy or confidentiality may be submitted on a confidential basis by the complainant to the Director/CEO or a Board Member. Reports of violations or suspected violations will be kept confidential to the extent possible, consistent with the need to conduct an adequate investigation.

  • The Compliance Officer shall inform designated audit and accounts personnel for the purposes of due diligence audit and annual reporting to the Board/Executive.


Records shall be retained for an agreed period and in compliance with relevant legislation.