What businesses need to include in a compliant whistleblower policy

Under the Corporations Act 2001 (Cth), public companies, large proprietary companies, and corporate trustees of registrable superannuation entities must have a whistleblower policy. Beyond compliance, a well-structured policy signals to employees and stakeholders that the organisation prioritises integrity, accountability, and transparency. 

PKF Australia’s whistleblower program provides a market-leading solution for businesses seeking both compliance and effective outcomes. With over 18 years’ experience and support for over 300,000 disclosers across Australia and beyond, PKF Integrity uniquely combines the role of an independent intermediary for anonymous disclosures with the ability to conduct follow-on service line investigations. This dual capability ensures organisations can act decisively while protecting the anonymity of disclosers.

"The best risk mitigation isn’t hiding problems; it’s creating a system where the right people can raise them safely."

What makes a whistleblower policy compliant in Australia

A whistleblower policy should cover several core areas to meet legal requirements and operational effectiveness:

1. Eligibility of whistleblowers: The policy must define who can raise a concern. This includes employees, contractors, suppliers, and associates. Clear eligibility criteria ensure that all individuals understand their rights under the whistleblower policy and know the channels available to them.
2. Types of disclosures covered: Detail the workplace misconduct that can be reported. This may include illegal activities, unethical behaviour, breaches of company policy, or risks to health, safety, and the environment. Providing concrete examples helps potential disclosers recognise reportable concerns.
3. Reporting channels: A compliant whistleblower policy should offer multiple reporting options. PKF Integrity’s program provides a 24/7 anonymous hotline, secure online portal, and dedicated email address for reporting. Organisations can rely on PKF Integrity as an independent intermediary, ensuring that disclosures are securely captured and communicated to the relevant internal stakeholders without revealing the identity of the discloser.
4. Confidentiality and anonymity: Maintaining confidentiality is critical. Policies should clearly outline how anonymity is preserved and under what circumstances, if any, a discloser’s identity may be disclosed. PKF’s secure Disclosure Management System (DMS) protects sensitive information, allowing companies to comply with their confidentiality obligations while still acting effectively on reports.
5. Protection against detrimental conduct: Whistleblowers must be protected against retaliation, harassment, or discrimination. A compliant policy outlines the protections available, including the organisation’s obligations under the Corporations Act, and the consequences for individuals engaging in detrimental conduct.
6. Investigation procedures: The policy should detail how disclosures are assessed and investigated. PKF Australia offers a unique advantage here: not only do we manage the intake and protection of disclosures as an intermediary, but we can also conduct follow-on service line investigations, ensuring issues are independently reviewed and resolved. Investigations follow rigorous procedures, including evidence collection, impartial assessment, and structured reporting.
7. Training and awareness: Employees and management should receive regular training on the whistleblower policy, reporting channels, and protections. Awareness programs strengthen trust in the reporting system and promote a culture of compliance and integrity.
8. Review and continuous improvement: Policies should be reviewed regularly to remain legally compliant and operationally effective. Feedback from users and lessons from previous investigations should inform updates, ensuring the program evolves with organisational needs

Legal requirements for a whistleblower policy in Australia

Under the Corporations Act 2001 (Cth), certain entities are required to maintain a whistleblower policy:

• Public companies
• Large proprietary companies (meeting at least two of the following: consolidated revenue ≥ A$50 million, consolidated gross assets ≥ A$25 million, or ≥ 100 employees)
• Corporate trustees of registrable superannuation entities

Non-compliance can result in penalties, including fines and reputational damage. Even where the legal obligation does not apply, ASIC strongly encourages organisations to implement robust whistleblower arrangements to safeguard employees and ensure organisational integrity.

How whistleblower programs support workplace integrity investigations

Once a disclosure is received, handling the investigation process correctly is vital. Workplace integrity investigations must be impartial, confidential, and thorough. Key considerations include:

• Impartiality: Investigators must be neutral and free from conflicts of interest. PKF Integrity provides independent investigators, ensuring credible outcomes.
• Confidentiality: Information must be secured at every stage, from initial report to final resolution. PKF Australia’s DMS ensures anonymity and protects sensitive data.
• Documentation: Complete and accurate records of the investigation are critical for accountability, legal compliance, and risk management.
• Follow-on action: PKF Australia is unique in offering follow-on serviceline investigations, allowing organisations to address workplace misconduct investigations fully and independently, even after initial reporting and assessment.

By integrating these principles, organisations ensure that disclosures are handled with integrity and that issues are resolved effectively without compromising the protection of whistleblowers.

Strengthening transparency with PKF Australia’s whistleblower program

PKF’s whistleblower program in Australia is unique. Unlike standard programs, PKF Integrity acts as an independent intermediary for anonymous disclosures and offers follow-on service line investigations when required. This dual capability provides organisations with:

• Secure and compliant handling of all disclosures
• Protection of whistleblower anonymity
• Independent, professional investigation and resolution of issues
• Guidance on reporting, training, and compliance with the Corporations Act

“In safeguarding disclosures and investigating misconduct, we are defending the integrity of workplaces, the dignity of individuals, and the very fabric of ethical business.”

PKF delivers both legal compliance and operational effectiveness, ensuring organisations can respond decisively while protecting people and business integrity.

Building a culture of integrity through whistleblower protection

A compliant whistleblower policy is essential for legal compliance and fostering a culture of transparency. By incorporating clear reporting channels, confidentiality measures, protections against retaliation, and robust investigation procedures, organisations can ensure that misconduct is addressed effectively.

PKF Australia’s program stands out in the market by combining secure, anonymous reporting with the ability to conduct independent follow-on investigations.

Organisations that partner with PKF can confidently meet their obligations under Australian law while strengthening workplace integrity and accountability. 

Get in touch with myself, Sarah-Jane Jacques, or contact PKF Australia to discuss the next steps in setting up your business’s whistleblower program.