Breaking the silence: New whistleblower legislation


Rocio Paradela, Graduate Associate

The Treasury Laws Amendment (Enhancing Whistleblower Protections) Bill 2018 (Cth) passed both Houses of Parliament on 19 February 2019, and is now awaiting Royal Assent. This legislation aims to consolidate and broaden whistleblower protections for the corporate and financial sectors, and to introduce a whistleblower protection regime with respect to breaches of tax laws.

The events surrounding the recent Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry has put the spotlight on misconduct in these sectors, and on the role that whistleblowers may play in bringing such conduct to light.

The regime is relatively complex as it sets up a number of qualifying requirements for disclosures to be protected under the legislation.

Who is an eligible whistleblower?

Individuals who qualify for protection include current and former employees, officers and directors, contractors, suppliers, unpaid workers, family members of employees, and certain designated individuals in relation to superannuation entities.

What disclosures are protected?

Disclosures of information may qualify for protection where there are reasonable grounds to suspect that the information concerns misconduct, an improper state of affairs, conduct that could constitute an offence, or other prescribed circumstances. In addition, to qualify for protection disclosures need to be made to a relevant authority, a legal practitioner or an appropriate person (referred to as an “eligible recipient”). In the case of a corporate entity, this includes an officer or senior manager, or a person authorised to receive disclosures.

However, there is provision for certain public interest and emergency disclosures, and personal work-related grievances are on the whole excluded from the protections.

How will an eligible whistleblower be protected?

The legislation provides a number of levels of protections for whistleblowers. These include in relation to the confidentiality of whistleblowers’ identity, prohibitions on victimisation and detrimental treatment, immunity from liability in certain circumstances, and the capacity to apply for compensation.

The policy imperative

One area for employers to note in particular is that as a consequence of this legislation, certain entities (such as public companies, large proprietary companies and proprietary companies that are the trustee of a registrable superannuation entity) will be required to have a whistleblower policy in place. Failure to comply with this requirement is designated as a strict liability offence.

A policy must contain information about:

  • the protections available to whistleblowers, including the protections available under the legislation;
  • how and to whom an individual can make a protected disclosure;
  • how the company will support whistleblowers and protect them from detriment;
  • how the company will investigate disclosures that qualify for protection under the legislation;
  • how the company will ensure fair treatment of employees who are mentioned in whistleblower disclosures;
  • how the policy will be made available; and
  • any other prescribed matter.

Many of the provisions are designed to commence some months after Royal Assent is received. This gives organisations a window of time to examine their practices and to get an appropriate policy framework in place. Employers are also encouraged to consider appropriate training to deal with the new legislation, particularly for staff that are likely to be the designed recipients of disclosures within their organisation.

If you require any advice as to how these legislative changes may affect you or your organisation, please feel free contact People + Culture Strategies on (02) 8094 3100.

What’s the impact: how do you know if your culture is impacting on (mis)conduct?

Therese MacDermott, Consultant and Rocio Paradela, Graduate Associate

The notion of the culture of an organisation can be hard to define, and it is often considered an intangible concept. Broadly speaking, the culture of an organisation is its character. It is the sum of its values, vision and attitudes, as well as its people; what they say and what they do.

We all know that an organisation’s values statement is meaningless without the right behaviours and actions to support and implement those values. The difficulty for many organisations is knowing whether the behaviours and actions within the organisation are having an adverse impact; that is, whether the organisation’s culture is enabling certain types of conduct, including misconduct.

Public scrutiny of banking and financial Institutions

Recent events such as the Royal Commission into Misconduct in the Banking, Superannuation and Financial Service industry (the “Commission”) have contributed to a focus on corporate culture. The processes utilised by the Royal Commission have led to a detailed examination (in public hearings) of the organisational practices of a number of institutions, as well as the behaviours of individuals within those organisations. Senior executives of organisations have been called to give evidence before the Commission, and subject to detailed questioning and robust cross examination about the manner in which they conduct their business. These hearings are a very public form of holding organisation’s accountable for their practices and the behaviour of their staff. The Commission’s processes have also involved detailed research by its staff and requests for public submissions. These processes provide other avenues by which organisational practices have come under review and have been subject to sustained criticism.

This type of scrutiny has caused a number of organisations to review their governance frameworks and their internal culture. Many organisations have had to undertake detailed reviews internally in order to prepare submissions and to present evidence before the Commission. A not infrequent organisational response to such scandals has been that “any misconduct was caused by a few bad apples and that the issue did not raise broader or systemic concerns1. This type of response tends to ignore the root cause of the conduct, which often resides in a failure to audit and improve the culture promoted within an organisation and the systems and structures that work alongside that culture.

In the case of the financial institutions that have been the subject of the Commission’s enquiries, issues such as remuneration arrangements have been identified as playing a significant role in contributing to (mis)conduct. The Commission has criticised certain practices that have led to poor advice being given to customers to secure commissions. Such outcomes are unsurprising where the culture of the organisation has been to prioritise sales over customers interests. Sales volume was rewarded, whereas doing “the right thing” by the customer was not. In addition, problems of misconduct can be exacerbated where there is a culture of pay secrecy clauses, and where discretionary incentives and bonus payments are common but not disclosed. As a consequence of the public scrutiny of such practices, reforms of pay secrecy provisions are now being considered.

Cricket under the spotlight

An example of the auditing of a specific organisation’s culture that has played out in the public arena is the recent review of Cricket Australia.2 Cricket Australia engaged an independent organisation, the Ethics Centre, to audit its culture. Again, this was as a response to a scandal, rather than a proactive effort to audit or improve culture.

The type of audit process undertaken had as its starting point the identification of the principal attributes (purpose, values, principles) that define and underpin Cricket Australia’s “target culture”. Surveys and interviews were then conducted amongst key personnel (Board members, management, staff, former and current players and other key stakeholders). The process included the review of additional documentation, such as the organisation’s Code of Conduct, the Directors’ Code of Ethics, and the anti-harassment code. On the basis of the data collected, the Ethics Centre prepared a report that detailed why gaps may exist in respect of the “actual culture” and the “aspirational culture”, and how these gaps could be bridged.

In essence, the report showed a disconnection between the Board of Cricket Australia (and its senior executives) and those who play the game. The Ethics Centre report suggests that the unsatisfactory behaviour that engulfed the organisation in a scandal was a predictable consequence of the way the Board of Cricket Australia and its executive team had established a “winning without counting the costs” culture.

The outcome of the audit is an implementation plan designed to achieve better alignment between Cricket Australia’s actual and aspirational culture. The report includes recommendations for structural changes to the team, changes to performance reviews and selection functions, and improvements to basic skills and team culture.

Building, auditing and improving a culture

What do these reviews teach us about the things that stand out in relation to a good corporate culture?

  • Communicate – what is acceptable (and unacceptable) conduct and behaviours throughout the organisation;
  • Challenge – the communication of an organisation’s conduct, values and expected behaviours only gets you so far. This needs to be actioned by management and continually reviewed, enforced and validated. Employees should also be encouraged to raise potential practices or behaviours of concern; and
  • (a lack of) Complacency – the active management of culture necessitates robust and ongoing processes that reinforce the desired culture, are responsive to changing needs and encourage improvements.

A fish rots from the head

An organisation’s culture starts at the top. For an organisation to be effective in reinforcing good corporate culture, it is critical that senior management leads by example. A failure in culture happens when there is poor communication, including when leaders are remiss in reinforcing the expected behaviours and where the organisation’s systems and practices do not lead to the sanctioning of poor behaviours. The culture of an organisation can also be compromised when an individual and an organisation’s values do not align, and this misalignment is not actively managed.

Where an organisation makes clear what behaviours are required, and the consequence of non-compliance, there is a greater chance that behaviour across the organisation will be more consistent, and any non-complaint behaviour will be called out by other employees.

Knowing where the problems lie

One of the key takeaways from the events outlined above is that regular and detailed examination of organisational practices and behaviour is a core aspect of good governance. It is far better to know what lies within your organisation and address these internally, than to wait until poor practices come to light in very public forums. Where problems are identified either internally or publicly, implementing organisational change and establishing accountability mechanisms are crucial to restoring confidence in the organisation’s brand.

1. Interim Report of the Financial Services Royal Commission, available at
2. Australia Cricket, A Matter of Balance. The Ethics Centre Organisation Review Report Oct 2018, available at


Pulling the trigger: audits as a responsive mechanism

Kathryn Dent, Director and Rohan Burn, Associate

Processes that audit or review organisational systems and practices can provide an organisation with prudent information about compliance, risk and culture. However, organisations may be hesitant or lack the motivation to proactively undertake such processes. Often, they are a response to a particular event or circumstance or are instituted by the need to gather certain information. In this article, we explore three situations which may trigger an audit process, what the audit process may look like, and how an organisation may seek to change as a result of the outcomes of such a process.

What might trigger an audit?

Conduct and/or organisational culture concerns

It is important for an organisation to have an awareness of its cultural health and to be responsive to any situations that jeopardise this. Organisations that ignore their workplace culture may be more exposed to greater risks of poor employee satisfaction, non-compliance with workplace policies, and claims of workplace discrimination, bullying or harassment. If these risks materialise then an organisation may respond by conducting a culture audit and/or an investigation into any alleged misconduct. Depending on the circumstances, an organisation may need to conduct an audit or review process in response to a particular complaint, general concerns expressed by the workforce as a whole, or to satisfy a regulatory agency such as a work health and safety authority. In the case of allegations of inappropriate workplace behaviour, organisations may be subject to additional pressure due to the speed at which information is exchanged in the social media environment, which can expose an organisation to significant reputational risks that may have ramifications in terms of an organisation’s bottom line. Thoroughly investigating and managing an employee’s complaint and the wider cultural issues of a workplace can also be a powerful symbol to both internal and external stakeholders that the organisation takes such matters seriously.

Financial and/or compliance issues

External financial or compliance audits may be instigated by bodies such as the Australian Taxation Office (“ATO”) or the Fair Work Ombudsman (“FWO”). To avoid being “caught out”, organisations may proactively instigate an internal review in preparation, for example, for a FWO or ATO announced compliance campaign targeting their particular industry. A related scenario is where an individual employee notifies their employer of their intention to contact an agency such as the FWO to make a complaint, for example about wages or related entitlements. Subject to operational requirements and an organisation’s perception of risk, an internal review into that specific employee’s payments or the wider payment practices of the organisation may be appropriate, as it can shed light on whether there are any systemic problems of this nature within the organisation.

Due diligence

Audits are not only conducted in response to existing liabilities but may also be performed to assess the future liabilities of an organisation. In particular, when an organisation is considering the acquisition of a new business, an audit is a vital step in assessing the value of that target business. This type of audit forms part of the “due diligence” process that an organisation performs. It can inform the terms on which an acquisition is negotiated and can help to avoid unexpected problems and additional costs associated with the potential liabilities of the target business.

What form do these audits take?

Conduct and/or organisational culture concerns

There is no “one-size fits all” method for responding to allegations of misconduct or poor cultural health within an organisation. The first step for an organisation is often to conduct an investigation to determine whether there is any factual basis for the complaint or concerns and to identify the best way for the organisation to respond. In investigating a particular complaint of misconduct, an organisation needs to be mindful of whether the problem is more widespread and whether a broader cultural audit is required. An organisation’s response will usually be predicated on a close consideration of the legislative obligations, relevant workplace policies and any relevant industrial instruments. In terms of the wider cultural implications, an organisation may need to have regard to how it communicates its behavioural expectations, its approach to training, and what its employee engagement surveys and analysis of employee leave patterns might say about the organisation’s culture.

Financial and/or compliance issues

A basic financial audit of employee entitlements involves the reviewing of wages, pay slips, leave entitlements, incentive schemes, rosters, contracts, and indicators of actual hours worked. An employer should take into account the type of work the employee is performing and the terms of any applicable industrial instrument, including those that provide for minimum rates of pay, overtimes, loadings and other allowances.

Due diligence

Subject to time pressures, budgets, and any agreed parameters for the process, a due diligence audit can involve considering the target business’ governance structures, as well as any applicable industrial instruments and employment contracts to ascertain any risks that may be associated with, for example, confidential information and intellectual property clauses, or the incorrect characterisation of an employment relationship. It is important to know the source of the employees’ terms and conditions of employment, and whether the employees are covered by a modern award or enterprise agreement, particularly because there are circumstances where the terms and conditions under an award or enterprise agreement will follow the employees when there is a transfer of business. The due diligence process may also reveal the extent to which employee benefits, such as accrued leave entitlements and other liabilities may affect the sale price of a business.

What might an organisation change as a result?

Conduct and/or organisational culture concerns

The starting point in achieving acceptable workplace behaviour and fostering the desired workplace culture is ensuring that all levels of an organisation are aligned and also aware of their legal obligations and they monitor and enforce compliance. If an investigation into misconduct substantiates findings of inappropriate or even unlawful behaviours it may be appropriate for an employer to take disciplinary action. Where conduct is revealed, a failure to act can cause problems when the organisation is confronted with similar behaviours in the future that it seeks to address. If cultural problems have been identified, then it is important for an organisation to enhance the capability of its managers to become effective leaders. A healthy workplace culture can reduce an employer’s financial costs, increase employee health, well-being and productivity, increase attraction and retention of employees, and reduce an employer’s risk profile in terms of its exposure to bullying, discrimination and harassment type claims.

Financial and/or compliance issues

The first response to an audit, for example, on employee entitlements may be to rectify any underpayments and to inform any affected parties. In situations where there has been an overpayment to employees, we recommend seeking advice because of prescriptive provisions in the Fair Work Act 2009 (Cth) that prohibit an employer from simply deducting such an overpayment from subsequent wages. In circumstances where underpayments or overpayments have not occurred, the audit may nevertheless reveal potential risks of future non-compliance that necessitate changes to an organisation’s systems and structures, as well as its human resources processes. Organisations may also take the opportunity to address any inconsistencies between employees’ entitlements by overhauling its remuneration structure.

Due diligence

If risks are identified through the due diligence process then, depending on the seriousness of these risks, the potential buyer may seek to renegotiate the price of the transaction, or seek specific warranties or indemnities in relation to those risks. If these risks cannot be resolved, then the potential buyer may seek to withdraw from the transaction altogether. The audit may also identify a target organisation’s need to rectify its practices before a sale and its reliance on key employees that the potential buyer may seek to retain through more generous terms of employment in order to capitalise on their skills and to maintain consistency during the change period.

The takeaways

In all cases, any audit should not be regarded as presenting a complete and objective picture of an organisation. As mentioned, the scope of the audit can be limited and any reliance on the audit should be similarly qualified. Audits themselves are not completely free from risk and the audit process should be monitored to ensure it is free from bias and those being audited are afforded a fair process. Notwithstanding this, audits provide useful insights into an organisation and communicate positive messages to stakeholders about a company’s diligence and concerns around compliance and culture. The process of responding to these “triggers” with an audit is valuable in itself, again in terms of the messages that conducting an audit conveys. Rather than ignoring these trigger events and their wider implications, responding with an audit is an action that is likely to be of substantial benefit to organisations and is strongly recommended.


Through the looking glass: a case study on Kalyx’s transformation of the “people process”

Erin Lynch, Director

Hearing PCS Founder and Managing Principal, Joydeep Hor, speak at the HR Summit about the PCS approach to people issues and “what good looks like” resonated with Sue McGregor, People Culture & WH&S Manager at Kalyx Australia Pty Ltd (“Kalyx”). She felt this refreshing perspective was one that her company could benefit from exploring.

Kalyx provides an unparalleled level of independent, quality research to Australian agriculture and horticulture. With regional locations and a national focus, it provides quality and innovative research that is timely, accurate and second to none in Australia.

In respect of its people, Kalyx has 16 offices, 100 permanent staff and between 50 and 60 casual staff members at harvest time. The majority of the office locations are regionally based, and a high percentage of the workforce comes from a rural area and/or have studied agriculture or science.

Kalyx had reached a stage where it needed to develop a strategic plan. The Board was grappling with competing in the “corporate world” at both a national and international level, but also wanted to retain its authenticity and its “small company” feel.

Listening to Joydeep speak made Sue realise that, with the right attitude and approach, Kalyx could achieve that balance. The concept of “what good looks like” may have been simple in concept but made sense and was an easy message to deliver. Getting buy-in on “what good looks like” was necessary for Kalyx to maintain market share and achieve success in the industry.

The Plan

After meeting with Sue, a project plan was developed. This involved:

  • reviewing current systems and structures (including vision statements, organisational charts, position descriptions, relevant policies and template contracts) and also conducting high-level interviews with Sue and the General Manager;
  • based on the review, developing a “gap analysis” and also making necessary recommendations to bring the source documentation in line with best practice; and
  • conducting a half-day session with the Board around making Kalyx a high-performing organisation.

The Message

Deciding on the level of staff involvement in the process was considered at the outset. Sue was initially the one driving the process, however, “buy-in” was also sought from the Board and the senior management team.

In Sue’s opinion, the message was simple and the level of interest in the process was heightened because she believed in the message and the Board also backed the process. Sue says this made it much easier to get the management team to engage in the process.

The Actions

The current position descriptions and performance review documents were updated to reflect easily understandable and measurable key performance indicators.

This included creating a matrix for each position description that addressed things such as technical competency, relationships and adherence to values. For each of these areas, examples were created so that staff could easily recognise how they could satisfy these requirements and to help them understand “what good looks like”. For example, “conducts high quality trials that produce meaningful and significant data”, “has the technical expertise to accurately diagnose problems in the field”, “is flexible, adaptable and open to change”, “breathes integrity – doesn’t compromise values for anyone” and “trusts the team – help others and be helped when required”.

This led to developing clear progression and succession pathways, as well as improved onboarding processes and increased engagement with staff via informal and formal feedback and reviews.

Contracts of employment were reviewed and “paired back” to a more approachable document. To provide Kalyx with the ability to expand upon the contract, a bank of optional clauses was created to be inserted into the contract as required. For example, if Kalyx required an employee to have a particular qualification the “Accreditation and Qualification” clause could be inserted, or if Kalyx wished to have an employee subject to a particular post-termination restraint a “Restrictions After Termination of Employment” clause could be inserted.

Onboarding and exit checklists were also reviewed and amended to ensure they aligned with the updated employment contracts.
An induction timeline document was created, which spanned from the recruitment phase to the first six months of employment. This allowed Kalyx to develop the appropriate timelines, training and internal HR documents. It also provided for a uniform approach to recruitment and induction for new employees.

Finally, the employee handbook was reviewed to ensure that the entire “people process” was consistent.

The Learnings

Sue describes the main learnings as:

  1. Getting the recruitment right.
  2. Spending time on onboarding correctly and spelling out “what good looks like”.
  3. Being clear on the ‘non-negotiables’ to success in the organisation.
  4. Checking in regularly and providing feedback (both positive and constructive).
  5. Providing clear and transparent progression pathways.

The Surprise

The biggest surprise for Sue was confirmation that you need to keep things simple. On reflection, getting tied up with “corporate lingo” does not assist the process, and a simple message is what resonates with the staff.

The Changes

Since undertaking the review Kalyx has:

  1. Introduced value and cultural fit questions into interviews.
  2. Developed a week-long onboarding phase (at one branch) to instil consistent compliance requirements in staff and discuss “what good looks like” for Kalyx and for the staff.
  3. Developed clear progression pathways.
  4. Introduced quarterly informal check-ins rather than formal (stuffy) performance review process.

Twelve months on

Kalyx has seen a number of benefits as a result of engaging in the process.

Management and staff no longer tolerate non-compliance or the “rotten apple” syndrome. Staff are now comfortable to call out, and capable of calling out, poor behaviour by others in the workplace. This means that rather than a “top-down” approach to poor behaviour, behaviour is managed at the ground level.

Sue also believes that these new processes have meant that staff engagement and retention is higher. Of particular note is the increased engagement or willingness of staff to have open discussions with management about the positive and negative aspects of the workplace.

Sue says she would recommend this process to organisations because of the simplicity of the message. The workplace gets so busy and there are so many competing priorities. For Sue it was very refreshing to return to the basics and just “get it right”.