Whistleblower protections and not-for-profit organisations

There has been some question over whether and to what extent the new whistleblower protections provided for in recent amendments to the Commonwealth Corporations Act 2001 apply to not-for-profit organisations which are not registered entities under the Act. This confusion is an understandable one, particularly when looking at the many not-for-profits which are incorporated associations by virtue of State legislation.

In this client briefing, we hope to remove some of the confusion and give not-for-profits a clear understanding of whether and how the whistleblower protections in the Corporations Act 2001 apply to their organisation, and whether organisations to which they do not apply should nevertheless seek to implement whistleblower protections in their policies and practices.

Where do the whistleblower protections come from, when did they commence and what do they comprise?

The whistleblower protections are legislated for by the Federal Government in Part 9.4AAA of the Corporations Act 2001. While some whistleblower protections were introduced into the Act in 2004, these were significantly extended by amendments to the Act which commenced on 1 July 2019. Further, from 1 January 2020, provisions requiring public companies and large proprietary companies to have a compliant whistleblowing policy or face criminal penalties, will come into effect.

The whistleblower protections are designed to ensure that employees (current or former), officers or suppliers (or employees of suppliers) of an organisation can safely make a disclosure about any of the following in relation to that organisation or a related body corporate, without fear of repercussions:

  1. misconduct or an improper state of affairs or circumstances in relation to an organisation’;
  2. a contravention of a law of the Commonwealth that is punishable by 12 months or more imprisonment; or
  3. conduct that represents a danger to the public or the financial system.

The discloser will not be protected by the Act if the disclosure concerns a personal work-related grievance.

The discloser is entitled to have their identity protected, except in limited circumstances designed to enable the investigation of the conduct complained of.

In each case, the disclosure must be made to an officer, “senior manager”, auditor or actuary of the entity or a related body corporate, or someone authorised by the entity to receive whistleblowing disclosures. Alternatively, the disclosure may be made to ASIC, APRA or any other Commonwealth authority to be relevantly prescribed. If it is disclosed to any other person, the whistleblower will not be protected. In particular, a disclosure by a whistleblower to the ACNC will not be protected under this legislation.

There is also provision in the Act for protection of whistleblowers where a disclosure has been made as above but not actioned upon. If, in these circumstances, the discloser has reasonable grounds to believe that:

  • it is “in the public interest” to make further disclosure (where there has been no action following 90 days since the original disclosure), or
  • the information concerns a substantial and imminent danger to the health and safety of one or more persons or to the natural environment”,

then provided the other particular conditions in the Act are satisfied, the public interest or emergency disclosure may be made to a member of parliament or to a journalist (as defined).

Which organisations are bound by the whistleblower protections?

The organisations that are bound by the whistleblower protections are listed in s1317AAB of the Corporations Act 2001. They include a company registered under the Act, which of course includes companies limited by guarantee, and any body which is incorporated under the laws of another jurisdiction that is also a trading or financial corporation within the Commonwealth of Australia[1]. Such entities could include associations which are incorporated under State legislation.

ASIC’s guidance notes on Whistleblower protections[2] provide guidance on the definition of trading and financial activities for the purpose of identifying a trading or financial corporation as follows:

“Trading activities involve buying and selling goods or services. Financial activities involve commercial dealings or transactions in finance, such as borrowing, lending, investing or providing advice on financial matters.

A not-for-profit organisation selling goods or services to the public to support its operations or promote its activities, such as through fundraising drives, would not be enough to make it a trading corporation, where this activity is not a sufficiently significant proportion of its overall activities.

Similarly, an organisation merely having a loan or credit facility, or making financial investments, to support funding its operations would not be enough to make it a financial corporation.

However, where an organisation engages in trading or financial activity as a sufficiently significant proportion of its overall activities, it will meet the test for being a trading or financial corporation.” [emphasis added]

Independent schools which do not operate through a company registered under the Corporations Act 2001, but which operate through a corporation, such as an incorporated association, in our view will fall within the definition of trading and financial corporation. As such, these schools are subject to the whistleblower protection provisions under the Corporations Act 2001. Most churches, however, will not fall within the scope of the Act, unless they have trading activities of sufficient scope such that those activities form a significant part of their overall activities.

Additional requirements on public companies and large proprietary companies

There are additional requirements to have whistleblower policies in place meeting specific requirements set out in the Corporations Act 2001, however these only apply to public companies and large proprietary companies which are registered under the Corporations Act 2001. These policies must be in place and made available to officers and employees of the company by 1 January 2020.

A number of not-for-profits are established as companies limited by guarantee. Companies limited by guarantee are public companies for the purposes of the Act. They are therefore required to meet the whistleblower policy requirements in the Act, unless their consolidated revenue for each financial year is less than $1 million.

A large proprietary company is a company for which:

  • the consolidated revenue for the financial year of the company and any entities it controls is $50 million or more; and
  • the value of the consolidated gross assets at the end of the financial year of the company and any entities it controls is $25 million or more; and
  • the company and any entities it controls have 100 or more employees at the end of the financial year.

Incorporated associations are not required to comply with these specific policy requirements, including to have a policy in place by 1 January 2020, but please see our recommendations below.

Risks of not complying

An organisation to which the whistleblower protections regime applies risks compensation orders or other remedies against them and in favour of whistleblowers if they do not comply with the requirements for the protection of whistleblowers under the Act. Other remedies that a Court may give are open-ended, but include injunctions, apologies, reinstatement of the individual or exemplary damages (i.e punitive damages on top of any compensation for actual loss that may be payable to the whistleblower).

It is important to note that in such actions, the Act states that the whistleblower need only point to evidence of a reasonable possibility of detrimental treatment as a result of their disclosure, and then the burden shifts to the organisation to prove that the claim is not made out.

Enforcement against incorporated associations by ASIC will be limited to breaches of the whistleblower requirements. So, for example, if an employee of an association incorporated in South Australia made a relevant disclosure about non-compliance by the association with some governance standard or external conduct standards under the ACNC legislation, and suffered repercussions for doing so from their employer, ASIC would be empowered to pursue the association for their breaches of the whistleblower protections, but it would be up to the ACNC to enforce compliance with the relevant standards or de-register the association under the ACNC legislation for non-compliance if appropriate.

Our recommendations

Given the very serious consequences that may flow for a trading or financial corporation that is bound by the whistleblower protection provisions of the Corporations Act 2001, we strongly recommend that such entities work to prepare strong and clear policies, regardless of whether they are bound by the additional policy requirements under the Act.   These policies must be communicated and implemented across the organisation, to ensure that whistleblowers are and will be protected in accordance with the requirements of the Act.

Even for those organisations, such as churches, which may not fall within the ambit of the whistleblower protections at all, it is our view that these sorts of protections will now become generally accepted in the community as a minimum standard of good governance. As such, following these standards and implementing policies to ensure that this occurs, may well be held to be a requirement for the purpose of the Governance Standards[1], which must be followed for continuing ACNC registration, something on which many churches rely for their financial viability.

As with all areas of regulatory compliance, organisations must remember that it is not sufficient to simply have a policy in place. Continuing implementation of the policy across the organisation and its activities and reporting of policy implementation must occur on regular basis.

[1] The Governance Standards under the ACNC legislation set out high level principles, rather than precise requirements, and therefore are apt to change with changing community expectations.


This client briefing is not legal advice but for information only.

If the information contained in this client briefing has raised some concerns about your current arrangements and you would like legal advice, please contact our office on (08) 7120 9000 and ask to speak to Geoff Adams (Director).

We look forward to being of assistance to you.