Whistleblowing is considered to be an integral component of corporate governance through exposing and remedying corruption, fraud and other types of wrongdoing in both the public and private sector. Australian whistleblowing legislation emerged in the aftermath of the systemic government corruption inquiries of the late 1980’s, meaning that although whistleblower protection was squarely on the political agenda, legislative development was firmly fixed on the public sector. The Commonwealth, States and Territories have all enacted public sector whistleblower protection or public interest disclosure acts based on a structural approach, which prohibit retaliation against whistleblowers for reporting misconduct. While academic debate continues as to whether private sector legislation should ultimately be based on a structural, anti-retaliation, reward-based or blended model, political will to enact comprehensive private sector legislation has stagnated and current legal avenues that are available to targets of retaliation are inherently complex, fragmented and unpredictable.

The inability to predict the requirements of a cause of action has resulted in few whistleblower disclosures. A 2012 survey found that while 80 per cent of Australian employees felt personally obliged to report wrongdoing in their organisations, only 49 per cent felt that their managers would be serious about protecting them against retaliation. In a recent paper, I argue that in the absence of progress towards comprehensive private-sector whistleblower protection, private commitments contained in corporate codes of conduct (‘Codes’) may provide an interim regulatory solution by setting a ‘best practices’ benchmark and diffusing norms that influence organisational behaviour and culture. Through examining the whistleblower policies of Australia’s 200 largest listed companies, the paper further argues that private commitments potentially provide broader protection for whistleblowers than currently available under statute, and may provide an alternative route for enforcement, through contract.

The Codes were examined with regard to their: (i) general content, scope and tone; (ii) the nature of the corporate violations that whistleblowers were instructed to report; (iii) the officials to whom the Codes indicate that misconduct should be reported; (iv) any reporting guidelines or formalities; (v) any provisions related to confidentiality or anonymity; (vi) the extent of the protection from retaliation provided by the Codes; and (vii) details regarding the investigation of any whistleblower report.

The study demonstrates that minimum criteria appear to have evolved in Codes. Australian listed companies have similar ways to encourage employees to report misconduct with the majority incorporating language that is prescriptive, stating that reporting is a ‘requirement’, a ‘duty’, or a ‘responsibility’ of employment. While prima facie unenforceable, under certain circumstances the promises contained in Codes may bind the employer and employee as part of the employment contract. For whistleblowers to rely on promises contained in Codes, they must prove that the promises within the Codes constitute promissory obligations. Language, context and timing are imperative in determining this issue. Numerous individuals can accept employee reports, and most importantly, companies promise to protect whistleblowers from retaliation. However, questions remain as to the enforceability of these private promises, particularly if companies choose to incorporate contractual disclaimers.

As regulatory capacity is limited, the paper argues that permitting enforcement of voluntary private promises made between an employer and employee is consistent with the movement towards corporate self-regulation. It forces companies to focus on implementing a culture of compliance, with demonstrable benefits for both employer and employee. The paper does not argue that permitting contractual enforcement of anti-retaliation promises optimally encourages whistleblowers. Self-regulatory models such as Codes require support of a regulator-backed deterrence model in the event of internal regulatory failure. Ultimately, broader statutory protection is a necessary compliment to ensure consistent application and protection. However, permitting whistleblowers to enforce a company promise contained in a Code through a breach of contract action could serve as a valuable additional cause of action and deterrent to retaliation.

Olivia Dixon is a Lecturer in Regulation of Investment and Financial Markets at the University of Sydney Law School.