Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Economics References Committee
Performance of the Australian Securities and Investments Commission

BOWDEN, Dr Peter, Private capacity

BRAND, Dr Vivienne, Senior Lecturer, Flinders Law School, Flinders University

BROWN, Professor AJ, Professor of Public Policy and Law, Centre for Governance and Public Policy, Griffith University

LOMBARD, Dr Sulette, Senior Lecturer, Flinders Law School, Flinders University

CHAIR: Welcome. Do you have any comments to make on the capacity in which you appear?

Dr Bowden : I am from the University of Sydney and I have been working on whistleblowing for the past six or eight years. I have just produced a book on it, which I will give to the committee.

CHAIR: We don't have enough to read!

Dr Bowden : I know a little about it, but this guy here knows a lot more.

Prof. Brown : As well as being Professor of Public Policy and Law at the Centre for Governance and Public Policy at Griffith University in Queensland, I am on the board of directors of Transparency International Australia.

Dr Brand : As a senior lecturer in the law school at Flinders University, I lecture in corporate law and have a research interest in corporate law ethics, and that brings up whistleblowing.

Dr Lombard : I am also from the Flinders Law School. I work with Vivienne doing joint research projects. I am a senior lecturer in corporate law, with an interest in corporate governance. I am interested in the links between corporate governance and accountability and whistleblowing.

CHAIR: Does anyone have an opening statement?

Dr Bowden : The secretariat asked us to prepare a pitch of five minutes.

CHAIR: Not five minutes each—we only have about 50 minutes in total.

Prof. Brown : I am happy to make a two-minute opening statement.

CHAIR: Seeing that you are prepared, make your opening statements, but it will reduce our time for questions. Dr Bowden, you can start.

Dr Bowden : I have a five-minute statement but I will cut it down to two minutes. This is the most important committee meeting that I have ever attended and that you have ever chaired. If we get this right, we will save this country millions and millions of dollars. There are two things I want to emphasise. The first is that we, Australia, lag behind the rest of the world in this area. If you ask, I will tell you why. Second, we can save millions of dollars. Third, we need a better whistleblowing management system in the private sector, and I expect this committee to produce it.

CHAIR: Thank you very much; you did that well, Dr Bowden. Professor Brown?

Prof. Brown : I think we will be guided by the committee's questions, to a large extent. But, to the extent that the inquiry is focused on the performance of ASIC, one of the crucial things it really does underscore, the significance of the influence that the inquiry will have in this field, is the fact that we already know that ASIC's performance on the question of managing whistleblowers has changed enormously since some of the circumstances which contributed to the inquiry and the circumstances as they stand today. So, to the extent that there might be justifiable criticism of ASIC's performance in relation to whistleblowers in 2008 or 2009, we already know that we are dealing with a completely different landscape now, because of the fact that ASIC, as the major corporate regulator, has clearly woken up to and is responding to whistleblowing as an issue in its jurisdiction in very distinct and clear ways, from which other regulators and other agencies probably can already start to learn.

From my perspective there is some question of what ASIC's role should be, fundamentally, but they are not questions that can be determined primarily by ASIC itself; they essentially relate to the legislative framework. So, I guess the crucial question for the committee is the extent to which you want to resolve those questions of what should happen with the Corporations Act and part 9.4AAA and ASIC's responsibilities within that, and do that in isolation as a stand-alone issue, which is clearly front and centre in your terms of reference. But Australia is in this incredible situation where, because whistleblower protection and regulation right across the private sector is effectively still largely a greenfield site, apart from part 9.4AAA, we are in a unique position to decide which path we are going to go down in terms of all major Commonwealth regulation and the role of whistleblowers in all of that. It is already covered in my submission, and maybe there will be a question on it—

CHAIR: There will be.

Prof. Brown : But I cannot emphasise enough the fact that if you just look at the United States, which is the path we will go down by default if we do not choose another path, then we will end up needing to put better whistleblower protection provisions in—as in the US case, possibly up to 47 pieces of federal legislation. And there is a future there that I suspect is not the preferred future for what we want to do. So, I am really very interested in seeing what can be done to encourage the committee to help set the Commonwealth on an overall path that will support corporate regulation and support ASIC but that also touches on many other areas of regulation as well.

CHAIR: Understood. Thank you, Professor.

Dr Brand : Sulette and I probably come from the other side of the fence, because we are thinking about what you can do with the corporate sector in terms of incremental, pragmatic, achievable change, which will assist ASIC to then do what it needs to do because it will improve whistleblowing and how that happens in corporate Australia. That is consistent with what Professor Brown has said, but I guess we are focusing on how that looks in corporate Australia—what bits can you fiddle with to make the whole thing work better? Therefore our submission goes to a very small part of the terms of reference, but we think it is relevant.

Dr Lombard : I am very interested in the external regulation, the corporate whistleblowing framework that we have in part 9.4AAA, and the relationship with internal whistleblowing mechanism incorporations and the way in which proper external regulation could perhaps nudge internal changes to increase accountability and governance inside corporations, which could alleviate some of the burden on ASIC, if those internal measures are functioning properly. But that is not something that is addressed at all at the moment in the Corporations Act.

CHAIR: So you are addressing the interaction between public and internal.

Dr Lombard : External and internal.

CHAIR: Thank you. Dr Bowden, I think I will open with you. Can you outline to us the qualitative difference between public and private sector whistleblowing?

Dr Bowden : There is no difference.

CHAIR: So, one size fits all—one regime.

Dr Bowden : There is no difference. If you look at the UK particularly, that may be, with reservations, the direction in which we should go. They have one whistleblowing law covering the private and the public sector. And they have six or eight—I am not sure of the number, because it just went through a major review in the UK—wrongs that apply to the public and private sector alike. They apply right across the board, right across the country. And this is the way I would urge you to go, if we take AJ Brown's statement about the US system—47 pieces of legislation, which is now 55 I understand, because they keep making new pieces of legislation. It is impossible in the US for an ordinary person on the shop floor, or even higher up the hierarchy, to know which law applies to him and what wrong is a wrong. I personally think—and my colleagues may disagree with me—that we need to go the simpler way that the UK has taken.

CHAIR: We have heard a lot of evidence today about personal gain being the motivator for grossly inappropriate behaviour in terms of relationships with clients—that is, essentially, fraud, or stealing, to get a higher quid. That can happen in the private sector, particularly in the financial services industry and, possibly, in others. It is not so obvious to me in the wide breath of the public sector, where there may well be malfeasance occurring but not fraud on the scale of tens or hundreds of millions of dollars. In light of that comment, do you still stick to one scheme fits all?

Dr Bowden : Yes. In the light of that comment, the amount of money you can steal in the private sector is much higher—granted. But we have had crooks in the public sector, remember, and people have taken bribes—maybe not as much money. It is still against the law, whichever one you do. And that is what you want to pick up—the people who contravene the law. And there is a law covering most particular issues of wrongdoing.

CHAIR: There is. I will ask a series of questions now and you can all make a short response because we are pressed for time. Firstly, to what extent do recent reforms to the Commonwealth public sector whistleblowing legislation and, specifically, the Public Interest Disclosure Act 2013 provide a template for potential reform to Australia's whistleblower protections in the corporate and private sector? Is that a useful template, or not?

Dr Brand : There are lots of useful ideas, lots of bits that you could pick up. With care and with thought, and with the right tweaking, I think we would both feel very much that there is room to pick up some of those ideas.

Prof. Brown : In my submission I have tried to articulate the extent to which the Public Interest Disclosure Act regime, which I had a little bit to do with, actually already covers the corporate sector to an enormous degree and probably to a much bigger degree than most of the corporate sector and many Commonwealth agencies yet realise. Any Commonwealth contracted service provider—in fact, any company, any organisation or any person who is a contracted service provider for the Commonwealth, which means either contracting with the Commonwealth or delivering services under contract on behalf or the Commonwealth—

CHAIR: Is caught.

Prof. Brown : Their employees are already protected under the terms of the Public Interest Disclosure Act, which already triggers a whole range of mechanisms which could be the precedent for what should happen with all employees everywhere or potentially not. To build on your first question and Peter's response: we are a bit different from the UK and other jurisdictions where there is a seamless protection law that covers both private sector and public sector employees. In countries such as the UK or South Africa the legislation tends to define the types of wrongdoing about which the whistle can be blown and protection can be claimed. In fairly broad terms, it is very often limited to clear breaches of law as the core reference point so that it is very clear that it does not matter where you go, this is wrong and therefore protection should be triggered.

We come from a slightly different starting point because the public sector legislation in Australia has some quite specific hooks about the type of wrongdoing involved that are tailored to the public sector, and therefore there is a question about whether in fact those same types of definitions of wrongdoing could be replicated easily to cover breaches of private sector regulation or conduct, or breaches of corporate codes of conduct, or industry codes or other things. So we are already operating at a slightly higher level of specificity, which I think is probably appropriate because it makes for more tailored and potentially more effective schemes in Australia than in some other jurisdictions. So there is a legitimate question as to how that should dovetail together in extending protections to all private sector and corporate sector employees.

A classic example is that the rules on conflict of interest in the public sector that would tend to govern certain types of wrongdoing that should be reportable would operate differently in the private sector. The private sector thrives on people having a vested interest in certain types of activity that make industries work, whereas the same activity that is accepted as normal in some circumstances in the private sector, but subject to regulation, would not be accepted as standard in the public sector. So there is a legitimate question about how to design a scheme that would effectively match or complement the approach we have taken in the public sector. They are not insurmountable barriers; they are just things that require detailed consideration.

CHAIR: Professor Brown, in your submission you submit:

… Australia’s legal regimes for facilitating, recognising, and responding appropriately to public interest whistleblowing in the corporate and private sectors are patchy, limited and far from international best-practice.

That is Professor Brown's viewpoint as expressed in his submission. Do other witnesses agree with that observation?

Dr Bowden : We are behind the rest of the world—simple—and it is a shame that we are. As I said, I am looking for this committee to change it and bring us into the 20th century—not the 21st century, just the 20th century.

CHAIR: That is a job for the government. Dr Brand?

Dr Brand : We are starting from a pretty low bar. There is room to improve it.

Dr Lombard : Yes, absolutely. As far as the Corporations Act is concerned, the whole focus is on protection of whistleblowers and there is no mention of what happens after with the information or how it should be dealt with or the role the whistleblower has to play afterwards. Those are matters that are much better dealt with in the Public Interest Disclosure Act.

CHAIR: Professor Brown, you also referred to a knowledge gap with respect to:

… the incidence, significance, value and current needs and challenges with respect to management of whistleblowing in Australian corporations and businesses, by comparison with public sector agencies.

Why is there this significant gap? How do we account for it? And what recommendations might the committee consider to overcome this apparent knowledge gap with respect to the private sector?

Prof. Brown : There are various reasons why there is the knowledge gap. One is that it is only when regulation starts triggering the requirement for collection of knowledge—as in statistics on how often the whistle has been blown and what the significance is of whistleblowing in our regulatory schemes—that you start to get a picture. That is why it is really very significant that, whether from 2004 or even 2008, the basic statistics on whether ASIC was even receiving any information from people they would class as whistleblowers that were covered by part 9.4AAA simply did not exist. That is not the situation today. When you look at ASIC's submissions to the committee, there are statistics now about which we can say, 'We know that at least this many are whistleblowers.' There has basically been very little research. There has not been a great deal of international research that goes beyond individual companies for the private sector, but there has effectively been no or next to no research of that kind in Australia that tells us what the real significance is. We know anecdotally, we know from many companies and we know from professional organisations like CPA Australia or the Governance Institute that whistleblowing is just as important to effective corporate governance, and on occasion has been just as important to good regulation, as we now know from research that whistleblowing is in the public sector.

Until there is a better knowledge base for saying, 'How much is there? How significant is it?' then people like the committee are still flying a little bit blind in terms of how exactly it should be legislated for, in a way that would be more effective than in other regimes. In other countries there may be whistleblowing legislative regimes that are clearly ahead of us but they are not necessarily that much better informed than us. So, having an information base on which to legislate and regulate effectively and to inform regulatory agencies like ASIC or the other regulators—the ACCC or APRA—is a crucial way to making a real difference, rather than just having symbolic legislation.

Dr Brand : It has not really been on the radar. My sense of it, having looked at it for a number of years now, is that it has been seen as a good idea but not critical or urgent—not something that really needs to be addressed right now. I think that is probably still the case for a number of—

CHAIR: I must say I agree. It is generally a non-issue. It has hardly ever been raised with me at all, particularly in the private sector.

Dr Brand : There is just not political will to make it happen, and it is another hassle. But there are people in the private sector who see the value of it, and I think this cultural shift is occurring, partly through the work of this committee but also more widely—WikiLeaks, Facebook. People understand the benefits of sharing information now, I think, in a way that did not exist 10 years ago. That is just an anecdotal observation. So I think there is shift, but it has not been on the radar.

Prof. Brown : Just to leap back in again, I think we know that stories like Mr Morris's earlier on are not unusual, and they have not been unusual for quite a long period of time. People have been going to regulators with information; it is just that they then become quiet collateral damage and walk away from it, much as often happens in the public sector.


Prof. Brown : But you only need to talk to any managers of risk and compliance in big companies to know that they rely on their own people to tell them what is going wrong, and they try to encourage their own people to give them indications of what is going wrong. They rely on them heavily, but they are still left at the end of the day without a supportive external framework that supports that role. So really from that point of view—the dynamic and the management incentives and the regulatory incentives for taking seriously what we know is already happening—it is simply that there are insufficient guarantees that we are maximising the role of employees in corporate governance and regulation.

CHAIR: Professor Brown, in your submission you express support for ASIC's recommendations of updating the definition in the Corporations Act of a whistleblower. At the same time, however, you also suggest that it would be better if independent financial services providers were covered by equivalent but separate provisions relating to the reporting duties of financial service providers rather than treating them as if they are whistleblowers. Can you just develop that and explain your reasoning a bit.

Prof. Brown : The crucial thing is that 'whistleblowers' can be a very wide term. The committee has probably heard from clients of companies complaining about ASIC who may well describe themselves as whistleblowers, even though they are customers of companies rather than employees or contractors of companies.


Prof. Brown : I guess the crucial thing is that everybody who has information and could be at risk of some kind of reprisal should be protected in some way, shape or form, but that does not necessarily automatically make them a whistleblower. In the research world that I live in, we retain a focus on whistleblowers as being people who are internal to the organisation about which they are blowing the whistle. The crucial reason for maintaining that distinction, even though everybody who has information should get protection, is that those people have the best information and they have the least incentive to reveal it, or they suffer the likelihood of the highest consequences if they release it. So it is employees but also contractors, quasi-employees, volunteers et cetera. So it is a difficult one that needs to be covered one way or another in terms of independent financial service providers or accountants that have been contracted in from an accounting firm and are working within a company. One way or another, they need to be protected, and possibly in a consistent and compatible way, but not at the expense of losing the focus on what it is that companies should be doing in relation to their own employees, their own direct contractors and the employees of those direct contractors.

CHAIR: So your argument for financial service providers is basically that they know better and they know more.

Prof. Brown : That is my argument in relation to any actual employee of a company.

CHAIR: But you referred particularly to 'independent financial services providers'. That is a direct quote from your submission.

Prof. Brown : Yes, but I think ASIC's suggestion is that it would be good to bring them within the protection of part 9.4AAA.

CHAIR: Your submission had a twofold focus. First you supported ASIC's recommendation for updating the definition in the Corporations Act of a whistleblower—that is one proposition—and then you suggested that it would be better if independent financial service providers were covered by equivalent but separate provisions relating to their reporting duties. That is what I am asking you to discuss—the latter provision.

Prof. Brown : The point I was trying to make is that they should be protected, but along with other similar types of professionals like lawyers, for example, they should be able to claim the same sorts of protections. It is not vital that they necessarily be embedded in part 9.4AAA of the Corporations Act because they have a different relationship with the company. It really is vital that the focus be retained on what is it that companies need to be doing in relation to their own employees. It is the appropriate core focus for whistleblower protection to be worrying about that. Yes, there should be protections for independent financial service providers, lawyers, accountants or other professionals who get information about companies, and they may or may not be subject to the same sorts of retaliation risks. But the ones who should remain the core of the focus should certainly be employees and officers within the company itself.

CHAIR: Any other comments from the witnesses?

Dr Brand : Not on that point, no.

CHAIR: Is there any evidence to suggest that would-be whistleblowers might be deterred by the good faith requirement in part 9.4AAA of the act?

Dr Bowden : This good faith requirement issue has come up on many, many occasions both in this country and in other countries. I reject it. I do not know what AJ does.

CHAIR: What do you reject?

Dr Bowden : I reject the good faith requirement. The issue is whether it is a wrongdoing or not. The reason may be lack of good faith. The example I use is this: if you were under a supervisor who consistently pushes the envelope on his ethical behaviour and eventually you end up by blowing the whistle on something that you think is going to get through, are you acting in good faith or not? It is hard to tell. But if you pointed out a wrongdoing, that is enough for me. My own belief is that the good faith requirement should be scrapped entirely. It is whether they have revealed a wrongdoing and a clear wrongdoing at that, a provable wrongdoing at that.

Dr Brand : I think everyone now agrees that it is the quality of the information, not the mode. Information is information.

Dr Lombard : I understand the reason why initially perhaps there might have been a thought to have the good faith requirement. It is to prevent vexatious whistleblowing. That obviously is something that we want to retain, the idea that we should safeguard against vexatious whistleblowing. But there are better ways of doing it.

Senator WHISH-WILSON: In relation to that good faith requirement, how would you explain a situation like we heard from one of our whistleblowers today, Mr Morris. Clearly, he disagreed with the culture that he was in, but in a lot of ways the regulations actually supported that culture. It may have been unethical but it may not necessarily have been illegal. How could a whistleblower really put forward a case under this legislation?

Dr Brand : That is part of the complexity of the good faith requirement. It just adds another barrier to the release of information and there may be no need to have it there. If you mean would it have made it harder for him to make his disclosure then maybe, yes. Looking at my colleagues here on the panel I think we all agree that it does not need to be there.

Senator WHISH-WILSON: I think it was mentioned that clear evidence was needed. If you are going to remove it then you deal with it on the basis that someone needs to provide a very clear case.

Prof. Brown : The standard threshold in our public sector legislation effectively requires, most commonly, an honest belief on reasonable grounds that the information which is being disclosed relates to a defined type of wrongdoing. That works quite well. In terms of good faith requirements, the interesting thing is that the major legislation internationally which included a requirement for good faith before there would be protection was the United Kingdom Public Interest Disclosure Act. Last year, the Cameron government in the UK amended that to remove that requirement but to retain it as one of the factors in determining the level of compensation that a whistleblower could claim, so that, if the employer can satisfy the tribunal that, yes, the whistleblower revealed wrongdoing but they did so for reasons that were not of sufficiently good faith, then damages could be reduced by up to 25 per cent, so that it simply became a factor at that point. I would not even necessarily advocate retaining that, because it just adds complexities which you do not really need.

In answer to the chair's original question, we know, from all the research that has been conducted about why people do report wrongdoing and why they do not report wrongdoing, that it is very simple messages and judgements about: does anybody want to know about this; is anybody really interested in hearing it; am I going to be able to receive any kind of level of support and recognition when I do this? Those very basic messages are influenced very strongly as soon as you introduce things like a good faith requirement. The classic example was that, previously, I think in around 2007 or 2008, on the ASIC website there was specific guidance to anybody who was seeking to use part 9.4AAA that they would have to reveal the information in good faith. At that time, the advice on the ASIC website was to the effect that that would not include information that was malicious. All good investigators—and I have my own investigation background—know that information that is provided for malicious reasons can be just as useful and important and revealing as other information. It does not mean that it is not information which should be revealed.

The other thing that bears upon it is the fundamental problem that, if the definition of good faith is left vague, which it typically is, unlike vexatious, which has got more precise legal definitions, then it would be very easy for either an organisation or a regulator to say that someone like Mr Morris, for example, was not revealing the information in good faith; he was having a personality dispute or a work related grievance issue or he was trying to get back at somebody or whatever—he had some ulterior motive. That would be all that would be needed for somebody—perhaps not like Mr Morris but somebody else—to basically say, 'Nobody is really interested.'

CHAIR: All right. We have got that point.

Dr Bowden : I have interviewed many, many whistleblowers. You know the person who has got a grievance. You can tell it automatically. Almost automatically they dislike the person. The super-duper question that you ask them is: what is the wrongdoing? If you can get a clear-cut and proven wrongdoing, you are home. It does not matter what their reason is. That is the position that I take. Good faith has got little to do with it.

Senator FAWCETT: I have got a number of questions, so quick answers would be good answers. Have you looked at comparative regulatory environments? For example, in the aviation environment, the Australian Transport Safety Bureau have the REPCON, which is a confidential reporting system, so any member of the public or the aviation industry who have a concern about safety can make a report. Have you looked at comparable systems and seen how they could work in the corporate and financial services environment, particularly around the efficacy of protection for whistleblowers?

Prof. Brown : I do not know whether there have been any really good systematic studies of those different systems and approaches. We know that many companies have their own hotline systems already, for example, and they use those. I guess the interesting thing about all those systems is that they tend to rely on confidentiality as a protection as much as possible. That should be maximised and that is good, but in the vast majority of situations where people do or should reveal information about wrongdoing, confidentiality is something which will only be preservable at best for a short period of time, and very often it is just not a factor. It is just not achievable. So that is why the crucial issue becomes: what are the requirements on the organisation and who is watching how the organisation deals with this?

But I think any scheme needs to recognise the role of a range of different service providers—for example, in providing those types of reporting avenue services. That can be an issue for the design of the legislation. Also, a scheme needs to encourage the use of those different sorts of services. But I think the actual mechanics, in terms of the flexibility of the different types of systems that can be used, is appropriately horses for courses.

Dr Brand : We have done some comparison work, just at a very basic level, with the bounty system in the US. We have had a think about that. We have also done a comparison between the new Public Interest Disclosure Act, the PIDA, from last year, which is the public sector, and what is not in the corporate world. Those two comparisons are the ones that we would think could deliver significant insights. But the idea of looking at other sources, like the aviation industry, where obviously safety is important—and that maybe has created some political will to help information flow freely—would be a good thing to do. So I have made a note of it.

Senator FAWCETT: At the moment ASIC has a requirement for corporations to report breaches of certain standards of regulations. Could it be as simple as saying to companies: a) you will have an internal hotline or whistleblowing system, and, b) every time there has been a whistleblowing incident you will report, whether on an individual basis or in a monthly summary, on the nature of it and how the company has dealt with it, so that the regulator can decide, should they so choose, to have further insight, or decide if they are happy the company has dealt with it appropriately. Do you think that would discourage companies from actively supporting and encouraging the whistleblowing, because they would not want the visibility, or do you think that with appropriate education from people like AICD et cetera the companies would embrace that as an internal quality control continuous improvement type system?

Dr Brand : We certainly think that making it part of a positive message is the only way it will happen. And we think it has to be pretty light-touch. But there are mechanisms there already, as you say. We actually take a fairly light touch—something like saying the directors' annual report needs to refer to whether there is an internal whistleblowing system and whether there was ever an occasion in a given 12-month period where the timelines for response were not met, or where the matter was referred externally because the whistleblower was not happy with the response they got, which is the public interest disclosure model. We think even a little thing like that could make a big difference—

CHAIR: That is pretty light touch—

Dr Brand : It is pretty light-touch, but I think it is very achievable, and very quickly. So it would not be the end of the road but it is a really good start.

Dr Bowden : I believe, with my colleagues, that you should mandate an internal whistleblowing system.

CHAIR: You say that is sufficient.

Dr Bowden : Yes.

Senator FAWCETT: In an environment where I think both sides of politics, particularly my side, are trying to deregulate and lift the burden off industry, how do we balance this concept of putting more reporting requirements on industry while talking about deregulation at the same time. I will tie another issue to that. There is a school of thought that says you should deregulate as much as you can but lift the penalties for noncompliance to be significantly higher—certainly, ASIC are asking for greater penalties—versus other people who say you should have greater regulation and lesser penalties but a more cooperative approach.

Dr Brand : I think we would say: work with what is already flowing. The ASX has just released its improved corporate governance guidelines and it has talked about increased risk assessment, and improving those mechanisms. The next witnesses to appear, the Governance Institute of Australia, will I am sure be very receptive to that kind of idea. There is an appetite there to do something that is consistent with the way corporate practice is going. So it is not an additional burden particularly, but can very much lift the profile of whistleblowing and facilitate that flow of information within the corporation. In the end it is in the corporation's interest to get access to that information. I think there would be an appetite for it.

Dr Lombard : For internal systems to work more effectively you need improved external regulation to nudge that process along. I think that if you do not have robust external regulation corporations may not see the need to ramp up their internal systems as much.

Senator FAWCETT: In regard to whistleblowers and the impact upon their health, their family relationships, their income, their career et cetera, do you have a view on what should be done to support those who do end up in a fairly high-conflict, high-stress situation?

Is that a penalty that should be applied to a company, if they are indeed found in breach? Is it a taxpayer obligation? How do you see that that should be shaped? Or is it part of the penalty system, that a company which ends up with their internal governance failing so badly that they have to have a whistleblower? Is caring for that person then part of the penalty structure?

Dr Bowden : I personally do not think it is the organisation's responsibility to care for the damaged whistleblower other than to compensate that whistleblower, if he or she was damaged, by a compensation payment.

Senator FAWCETT: You do or you do not think it is the company's responsibility?

Dr Bowden : If the whistleblower is damaged, then legal proceedings for him or her to take it to court to get damages should be there and are there. I think that is enough. But my colleagues may disagree.

Prof. Brown : I think many different actors share different aspects of those responsibilities. I think the mandating of internal reporting systems carries with it a recognition, once it is implemented, that the company has an obligation, wherever possible, to support and protect people in order to prevent and reduce the consequences and the damage that go with reporting. If that cannot be achieved, then they should have legal responsibility to compensate and to do that proactively in a way that is efficient and effective rather than relying on the civil courts, for example, which is where the Fair Work regime or alternative, lower cost mechanisms would be appropriate.

I guess the crucial question for this inquiry is what ASIC's responsibilities or a regulator's responsibilities should be. That is where we have already seen from ASIC's own changes of policies that yes, there is a responsibility on the investigative regulator to manage whistleblowers as well as, if not better than, any other types of witnesses they would be using and that they have obligations to manage them appropriately. That story we heard before about the consequences of simply not knowing what is going on is enough to start the spiral which leads to all sorts of negative outcomes, which should lead to compensable outcomes.

But the crucial question is: whether or when or which Commonwealth regulator, whether it is ASIC or whether it shared, should have a responsibility for being able to, more or less, intervene and seek remedies or take injunctions or step in in the management of and in the fates of individual whistleblowers before it gets any worse. Or if it has already got to the stage of being something which is compensable damage, stepping in to make sure that the action is taken that would lead to that compensation being paid. So the questions are about who should provide the real glue in the system to make protection and/or compensation real. Those are very important questions. Somebody has to do it, otherwise it will not happen. But the responsibilities are relatively clear. It is a question of who should then have the role of making sure those responsibilities are met and that compensation is paid or action is taken, especially in a timely way and hopefully in a preventative way. Those are the big questions.

Senator WILLIAMS: Professor Bowden—I should say, Dr Bowden—

Dr Bowden : I thank you for the promotion.

Senator WILLIAMS: I give them out pretty often but I take them back quickly as well. From my reading of your submission, there are two things we need: (1) better protection for whistleblowers; and (2) a financial incentive for whistleblowers when a delivery returns something like the $40 billion you mentioned in the United States.

Dr Bowden : If you had not raised that question, I was going to raise it myself. We need a false claims act. There are various types. The US has a false claims act and several other countries have a false claims act. It is the most effective version of whistleblowing legislation. The savings are millions. This book—I will give you a copy—refers to millions of dollars saved through whistleblowing. It is effective, has been proven to be effective and we need it.

CHAIR: Are you talking about reward-based incentives for corporate whistleblowers?

Dr Bowden : Yes, I am.

Senator WILLIAMS: Do they get a commission? Let's say I am in America and I find a company that has defrauded the tax office for a billion dollars and I blow the whistle on it. Do I get about 10 per cent of that money? Is there some scale of incentive for the whistleblower as far as money is concerned?

Dr Bowden : I think 15 per cent. I am not sure.

Senator WILLIAMS: The return on investment is very high, isn't it?

Dr Bowden : It is millions.

Senator WILLIAMS: It is 60 to one in some cases. I might get a dollar for blowing the whistle but I am actually getting $60.

Dr Bowden : The Brits just faced this in their inquiry, and it is no more than four or five months ago that it finished. They asked the same question of people like us who submitted, and the general answer, including from some of my legal colleagues in the UK, was, 'It's wrong. It's immoral. You're paying people to blow the whistle. You're dobbing in your mates for money.' You will find the premier business ethics text in this country says the same thing. It says it is akin to Nazi Germany or to Stalinist Russia. It is a statement that I cannot get my head around, because you are exposing wrongdoing. To me, exposing wrongdoing is a higher ethical demand, a higher ethical priority, than any other issue that an employee would face.

Senator WILLIAMS: Some of the people who expose the wrongdoing destroy their livelihood for life as well.

Dr Bowden : I did not pick it all up.

Senator WILLIAMS: Okay. If someone blows the whistle, it may destroy their employment for life anyway.

Dr Bowden : True.

Senator WILLIAMS: Hence, the financial compensation for those people who are probably never going to get another job.

Dr Bowden : They are people whose careers have been killed. I know a couple of Chinese people who are running shops out in the western suburbs right now because they blew the whistle on a person of some renown at their university. So, you are killed. But in this case it was not a false claim application. The False Claims Act—and it comes up in five or six other types of legislation in the UK and the US—is probably the most effective economic and financial move that this committee can make for the entire country.

Senator WILLIAMS: I know of government departments in Australia that pay informants for information. The return on the investment is very, very high.

Dr Bowden : That is obviously under-the-counter sort of stuff!

Senator WILLIAMS: I know of government departments that do actually pay informants a financial incentive, whether it be for tip-offs on drugs coming into the country or whatever, and the savings are huge. For the bit it costs to pay the informant, what is saved or what is captured or whatever the situation, it is 15 or 20 to one at least on the return on investment.

Dr Bowden : The payments to whistleblower is sometimes huge, too. There is this guy who tipped off the US Internal Revenue Service about cheating on tax returns got $1.4 million. He also got five months in jail. But that is a lot of money.

Senator WILLIAMS: That is pretty good pay, isn't it? Five months for $1½ million!

CHAIR: A variation on a theme: should ASIC have responsibility to intervene in order to protect whistleblowers from untoward behaviour by those whom they blow the whistle on?

Dr Brand : Do you want to give ASIC more to do?

CHAIR: ASIC have made the point in their submission that, where a whistleblower seeks to rely on the statute of protection against third parties, they will generally have to enforce their own rights or bring their own proceedings under the relevant legislation to access remedies. If someone is going out of their way to reveal the detail of where a company or servants of a company have been engaged in malfeasance and there is a huge cost involved, one argument says let the whistleblower wear the price himself or herself, and the other is to have organised protection from the organisation to which he makes the report—that is, ASIC. This imposes an obligation upon ASIC to intervene to protect those whistleblowers. Do you have a comment on that?

Prof. Brown : In the absence of any other better overarching system for protecting whistleblowers who assist and support Commonwealth regulation, then ASIC should have a responsibility and I think the public expectation would be, if they are ASIC's whistleblowers and ASIC's witnesses, then ASIC should have a responsibility. My submission is that we need to think about creating an infrastructure whereby that responsibility can be satisfied more effectively, whether it is by the Fair Work Ombudsman or through the Fair Work system, or more generally, or a separate office that covers whistleblower protection right across all employers, so that ASIC does not have to do it and can retain its core focus on corporate regulation and enforcement of corporate law. Until such time as there is any other scheme, the public expectation will be, 'They're ASIC's whistleblower. Why didn't ASIC do anything?'

CHAIR: Dr Brand, do you have a view?

Dr Brand : We have thought about this a bit. It is like so much else that ASIC does. You cannot think who else would do it and I take Professor Brown's point that, if you had a standalone organisation, they would be good at it. The thing about it is that ASIC struggles sometimes to cope with understanding the information which has come to it. I think they said in their submission that that has been one of the problems—working out how to manage the information flows, to spot the problems and to sort out what is not important from what is. How much less would an organisation without that corporate expertise and those expert members be able to process what can be quite complex material? That is our concern about outsourcing it to someone else. It is like so much else of what ASIC does—who else, if not ASIC?

CHAIR: I certainly would not suggest Fair Work Australia. Senator Whish-Wilson, do you have some questions?

Senator WHISH-WILSON: I want to ask the panel in their expertise and experience, do most whistleblowers go to someone internally first with their disclosure before they go to an external regulator or a government department?

Dr Bowden : The answer is that 80 per cent go internally first.

Senator WHISH-WILSON: And do not generally get a satisfactory response or change?

Prof. Brown : They may do. All the research and the actual statistics are dominated by what we know of in the public sector and we know that over 90 per cent of whistleblowers will go internally and then many will never go externally at all if it is not dealt with properly. Often it is dealt with properly and the earlier it is dealt with properly the more effective everything then becomes in terms of outcomes. That is one of the crucial things we do not know about the private sector. I think there is good reason to believe that although a lot of employees will still blow the whistle internally to somebody in the organisation, in most parts of the private sector or in many parts of the private sector there are more likely to be environments where more employees or corporate officers would be more likely to say, 'I can't raise this internally at all and I have to go externally.'

Senator WHISH-WILSON: Correct. That was going to be my next question. Do you know how many would be related to individual malfeasance or is it more to do with systemic issues within organisations?

Prof. Brown : We just do not know that. That is where the research can be done and should be done. We would like to do it—

Dr Brand : We are happy to have funding—just in case you missed the word 'funding'.

Prof. Brown : to ascertain those sorts of distinctions because there are reasons to believe that some of those dynamics could well be different in the corporate sector and in particular industries which would call for a different regulatory arrangement from that in the public sector. Really that does go back to Senator Fawcett's point about if we are going to go for deregulation or light regulation, we do need to be not assuming that imposing more reporting obligations will work the same way as we expect them to work in the public sector. A number of the types of initiatives that can be done fall into the whole category of almost like market incentive measures that can be taken which will make whistleblowing work in the private sector.

Requiring organisations to have internal whistleblower systems is an appropriate low-cost, effective, efficient requirement because it is in the organisation's interests as much as it is in anybody else's, but things like having defences to prosecution or reductions of penalties if you are prosecuted, if you have those systems in place and you can show that they are working and that you have been making an effort, those are the types of things which clearly are working in the US. Having qui tam or award based systems is a market mechanism which clearly can be effective in a whole lot of situations. So there is are range of things that fall into that category. Making it feasible for employees to get compensation through low-cost avenues or tribunals is another one.

It is simply levelling the playing field in a way that means that people can assert their rights, and if there are enough successful claims then employers will change their behaviour accordingly.

Dr Bowden : Just a quickie: the UK, remember, has private and public sector legislation covering both. If I remember the statistics and the research in the UK well, the figure is very high for those that go internally first in the private sector. I thought it was close to 70 or 80 per cent.

Senator WHISH-WILSON: I suppose that then raises the issue of having a whistleblower within an organisation like the Australian Securities and Investments Commission. The committee received evidence last week from a Mr Wheeldon, who provided information relating to what he saw as something unethical, and that was the influence of big financial organisations on ASIC's internal conduct and the way they prosecuted certain policies. Looking at a situation like that—once again, similar to that of Mr Morris—it may not necessarily be illegal yet, of course, can be potentially devastating in its consequences. How do we protect whistleblowers in those types of situations? I cannot really see people taking the risk when it is an issue like that. In this instance, to be more precise, Mr Wheeldon saw direct lobbying going on around him as an employee at ASIC, and the large financial services companies managed to change a very specific aspect of the way ASIC conducted business, which of course had implications for consumers. I find it quite troubling that that sort of thing could occur even with a regulator.

Dr Brand : I guess there are two points there, aren't there? One is: how do you regulate the regulator?

Senator WHISH-WILSON: Yes.

Dr Brand : That is something that any improved whistleblowing system has to take care of: how do you deal with failure to provide good protection to internal whistleblowers within that organisation, whatever it turns out to be? The other is: what do you do about information that people within the organisation have which could help improve the organisation's functioning but which is not necessarily a breach of the relevant regulatory environment? On the latter point, I do think there is some space for improved emphasis on whistleblowing in corporations generally to lead to increased presence of things like codes of conduct around whistleblowing, and I suspect a number of corporations probably already have codes of conduct which provide support mechanisms such as internal hotlines for employees to release information which they think is helpful or relevant but may not be a breach of the law. Whether you want to mandate that in legislation to go beyond protection for disclosures of honestly held belief in a breach of the law I do not know. I do not know whether someone else on the panel wants to contribute to that. Does that answer your question at all?

Senator WHISH-WILSON: Yes, if indeed the question can be answered!

CHAIR: Thank you very much, all of the witnesses here today. Thank you for your assistance and your attendance today. It is much appreciated.