Summary: Recent media reports on Oil Search’s handling of a senior executive’s reports of misconduct highlight the importance of ensuring that your organisation has a compliant whistleblowing policy and is prepared to handle qualifying disclosures in accordance with legal requirements and corporate governance principles. A failure to do so can have serious consequences for individuals and companies.


It has been reported that Oil Search is a respondent in Supreme Court proceedings following its handling of a senior executive’s reports of financial mismanagement and workplace bullying.1  These reports highlight the importance of ensuring that your organisation has:

  • a compliant whistleblower policy;
  • trained all persons designated by the policy and the law as eligible to receive disclosures, to identify and properly handle those disclosures; and
  • a broad culture of good corporate governance and compliance.

What you need to do

A compliant policy

Public companies, large proprietary companies and proprietary companies that are the trustee of a registered superannuation entity, must have a compliant whistleblower policy, and make that policy available to the officers and employees of the company.2 Non-compliance with this requirement is an offence of strict liability.3 

In order to be compliant with the Corporations Act 2001 (Cth) (Act) a policy must provide information about: the protections available to whistleblowers, to whom, and how disclosures should be made, how the company will support whistleblowers and protect them from any detriment, how they will investigate disclosures, how the company will ensure fair treatment for any employees mentioned in a disclosure, and how the information in the policy is to be made available to officers and employees of the company.4  

In our experience, organisations have non-compliant whistleblower polices as they do not provide adequate detail as to these matters, or they have provided incorrect information as to the legislative protections.  If your whistleblower policy seeks to address the legislative protections at ‘high level’, or does not refer specifically to the Act, there is a high likelihood that it is non-compliant.  

We also recommend that small proprietary companies adopt a policy which identifies adequately the protections available and how eligible disclosures can be made.  This policy will assist the company, its directors, officers, and senior managers, to comply with the whistleblower protections mandated by the Act, and which apply regardless of entity size. 

Adequate procedures and training

A whistleblower need not utilise a whistleblower hotline, or specifically invoke the whistleblower protections when making a disclosure. A ‘qualifying disclosure’ can be made within a company to any director, company secretary, company officer, senior manager, or a person specifically authorised to receive whistleblower complaints.  This means that each person within your organisation meeting this description must be trained on identifying and receiving ‘qualifying disclosures’ as defined by the Act.  

Except in limited circumstances, companies and ‘eligible recipients’ that receive qualifying disclosures must keep both the identity of the discloser, as well as information that could identify the discloser, confidential.  They must also avoid causing detriment to the discloser, defined as any form of adverse action as a result of the disclosure.5

Failure to comply will give rise to a risk of criminal and civil liability.

Compliance with these requirements can be difficult. The starting point is a well drafted whistleblower policy and considered procedure for handling and investigating whistleblower complaints. Then, training for relevant directors, officers, and employees.

Corporate governance implications

It is in a company’s best interests to properly investigate a whistleblower report and provide the required protections to the whistleblower.  

The report may disclose a serious matter requiring immediate action to prevent further ramifications for the company and its directors.  For example, the report might reveal a matter that should be disclosed to ASIC, or indicate an unsafe work practice or bribery and corruption.  Such matters give rise to risks of criminal and civil liability in respect of the underlying conduct.  A failure to properly identify, investigate and cease the conduct identified, and to do so confidentially, should also be expected to present class action and directorial liability risks.

How we can assist

Cite Legal has market leading experience in:

  • drafting compliant whistleblower policies and procedures;
  • advising on the handling of whistleblower disclosures; and
  • advising on a broad range of compliance issues and directors’ duties.

Please contact us for further information.

Jemima Whyte and Michael Roddan, ‘Oil Search sued for ‘bullying’, CFO out of her job’, Australian Financial Review (17 November 2021); Jemima Whyte and Michael Roddan, ‘Oil Search chairman told CEO of ‘bullying’ complaint’, Australian Financial Review (17 November 2021). 
2 Corporations Act 2001, s1317AI.
3 Corporations Act 2001, s1317AI(4).
4 Corporations Act 2001, s1317AI(5).
5 Corporations Act 2001, s1317AC.