Not-for-profit Law
Legal help for community organisations

Whistleblower protection laws

Please change your location to view this page.

This page contains content that does not match your current location

Whistleblower protection laws under the Corporations Act 2001 (Cth) (Corporations Act):

  • encourage whistleblowers to come forward with their concerns about misconduct or breaches of the law and protect them when they make a disclosure, and
  • promote ethical behaviour by organisations and encourage them to deal with disclosures of misconduct seriously

If whistleblower protection laws apply to your organisation, your organisation will need to comply with the protection requirements including:

  •  keeping a whistleblower’s identity and information confidential, unless the organisation has the person’s consent to disclose the whistleblower’s information, and
  •  preventing the organisation or an officer or employee of the organisation, causing detriment to or victimising a whistleblower

Who do the whistleblower protection laws apply to?

Entities that the whistleblower protection laws under the Corporations Act apply to include:

  • companies registered under the Corporations Act (including unincorporated registrable bodies), and
  • corporations which meet the definition of a ‘trading or financial corporation’ under the Australian Constitution (these may include incorporated associations and other structures not incorporated under the Corporations Act if they are a ‘trading or financial corporation’)

If you are not sure whether your organisation is a trading or financial corporation, refer to ASIC’s guide on this.

Depending on how your organisation is registered and the organisation's size, it may also need to put a whistleblower policy in place.

Who must have a whistleblower policy?

Your organisation must have a whistleblower policy if it is a public company limited by guarantee with an annual consolidated revenue of $1 million or more.

While not-for-profit companies limited by guarantee with an annual consolidated revenue of less than $1 million are not required to have a whistleblower policy, they must still comply with the whistleblower protection provisions in the Corporations Act. The best way to demonstrate compliance may still be to have a whistleblower policy.

How do I prepare a whistleblower policy?

A whistleblower policy must include information about:

  • protections available to whistleblowers
  • how and to who the whistleblower may make the disclosure
  • how the company will support whistleblowers and protect them from detriment
  • how the company will investigate disclosures
  • how the company will make sure employees mentioned in disclosures, or related to disclosures, will be fairly treated, and
  • how the policy will be made available to officers and employees

ASIC has published a guide (Regulatory Guide 270) to help organisations prepare a whistleblower policy that complies with the Corporations Act.

Our fact sheet ' Whistleblower protection laws and not-for-profit organisations’ is under review and will be published soon.


Last Updated: 23 March 2021