Note: Where available, the PDF/Word icon below is provided to view the complete and fully formatted document
Parliamentary Joint Committee on Corporations and Financial Services
Oversight of the Australian Securities and Investments Commission and the Takeovers Panel

BROWN, Professor A J, Private capacity


CHAIR: The committee now welcomes Professor Brown. For the Hansard record could you please state your name and the capacity in which you appear today.

Prof. Brown : Professor A J Brown, Professor of Public Policy and Law in the Centre for Governance and Public Policy at Griffith University based here in Brisbane.

CHAIR: The committee is obviously aware of the work you have been doing with other committees and topics that we have had an interest in. We look forward to your update for us today, which I believe is in the area of the whistleblowing. If you would like to make an opening statement, then we will pepper you with some questions.

Prof. Brown : Certainly. I am here to answer whatever questions you think are relevant to the work of the committee either in your oversight of the ASIC role or the broader role. The main message that I have for the committee is that Commonwealth law reform in this area in the corporate financial, but even broader than that, space in terms of whistleblower protection is an extremely important priority and one that the committee should be doing everything it can to support action on at a Commonwealth parliamentary level.

Before filling that out or giving you the update, I thought it was also timely to say that we have a very good relationship with ASIC at the moment. This is, I think, as result of what publicly many people have described as the fairly big 'wake-up call' that ASIC has had over the last few years in relation to a range of issues to do with its responsiveness to some of its core business—one of those has obviously been its responsiveness to information sources and to whistleblowers. We are now in the process of kicking off the next big national research project which will look at organisational experience with the incidence and the management of public-interest whistleblowing across the public sector and private sectors, with ASIC as a partner to that. We were fortunate to receive the whole project and we were fortunate to receive an Australian Research Council linkage grant of $557,800 in July, which, together with the partner funds, makes it a very significant project. We are looking forward to generating a lot of useful data that previously has never existed. I just thought it was worth noting that we are doing that now, with the support and in partnership with ASIC, and hopefully with APRA and other Commonwealth regulators as well. We expect that work will be pretty useful to the parliament in helping shape more clearly what the options are for what type of responsibilities ASIC should have or other regulators should have or how the Commonwealth can be managing its responsibilities in terms of whistleblower protection, not just in the public sector but also in the private sector.

CHAIR: In addition to those partnerships with regulators and government departments, do you have any active partnership with either private sector industry bodies, professional associations or, indeed, individual companies?

Prof. Brown : Yes we do. We are also formally involved in the project at the start-up phase. Our other major partner organisations are CPA Australia, the AICD and the Governance Institute—

CHAIR: Is that CPA as opposed to CBA?

Prof. Brown : Yes, CPA Australia, but the Governance Institute of Australia and the Australian Institute of Company Directors have also been involved. We are going to be inviting them in as formal partners now that the project has been established. The whole nature of the research is that we will, with the support of ASIC and the other regulatory bodies involved, go out to basically the entirety of industry to offer them the opportunity to participate in the surveys and the research. Based on our preliminary research—some of which we did supported by Deloitte Forensic, who is another partner—we know that there is an appetite out there, not necessarily on the part of all companies but on the part of significant companies, to participate in this kind of research because it obviously provides them with the intelligence on how best to design their own whistleblowing systems and also provides the data on what the interface between the internal governance practices and the oversight by the regulators should be and where the balance should lie. We are quite optimistic that we will get all of that participation that we need and that industry will find it a pretty useful body of work.

CHAIR: We will come to previous or recent Senate inquiries and recommendations around whistleblowers, and your view of implementation or lack thereof or how good it has been in a minute. In the scope of work that you are doing, are you also considering the role of industry codes versus regulation or legislation? The reason I ask is that we are currently conducting an inquiry where there is a lot of weight placed by industry players on the fact that they have codes and a plea not to see more regulation, but the evidence we are receiving seems to indicate that when it does not suit them the codes are not necessarily adhered to. In terms of whistleblowing and setting benchmarks for best practice et cetera, are you also researching what is the best way to shape the behaviour?

Prof. Brown : Absolutely. Whether we are talking about mandatory codes or voluntary codes is really the issue. It is quite clear from all the research and all the practice and all the experience that whistleblowing systems only work effectively if they are internalised and embedded in an organisation's governance systems. What that means for very small companies and small business operators is a completely different thing from larger companies and publicly listed companies.

The interesting thing is that there are different ways of either incentivising or requiring the implementation of codes. The research will go to inform a much better picture of what is best practice for whistleblowing policies—certainly in medium to large entities—and what works and what does not. On the question of how that is then institutionalised and whether that is made mandatory in some way, it is interesting to note that the big debate in the UK is about now making whistleblowing codes mandatory for all employers. That has not occurred, but that is the debate. But it has occurred within the last month in Ireland, for the first time. Under their new whistleblowing legislation, for all employers public and private there is a mandatory basic code. The trouble is that any mandatory code is always only ever going to be basic anyway.

It might be worth the committee being aware that there has been an Australian standard on whistleblowing protection programs for entities—or there was from 2004—and we have just recently established that in fact Standards Australia has withdrawn it. We think the reasons are that it is clearly known to be too limited and too basic and out of date, but at the moment there does not appear to be any plan to replace it. So there does not even appear to be a valid current Australian standard in place to help companies. That was there at least up until recently, since 2004. So this research will go to inform all of those things—whether it is a mandatory code or a voluntary code, or whether it is something that is required by Commonwealth regulatory legislation, or whether it is reflected in an Australian standard. The fundamentals that we are talking about will inform all of those things.

The other thing that the Commonwealth will be able to consider is that even if it does not set down a mandatory code of practice—a bit like an employment standard through the Fair Work regime that all employers must follow—there are ways under different regulatory legislation to give companies other ways of having incentives to have good practices. That can involve relief from prosecution or goes towards some of the other types of mechanisms that are already in place or should be in place when it comes to foreign bribery law or whatever. If companies can show that they have a culture of compliance or good systems and practices and procedures and that they are taking reasonable steps to implement those then they can be entitled to some relief from prosecution or civil penalties or whatever. Those are big incentives without actually telling companies, 'This is the code that you must be implementing.'

CHAIR: I am assuming that as an extension of that work that you are doing you will also be looking at what are the most effective ways of making employees aware of the code, and then also code compliance monitoring, because a lot of the evidence we are hearing—certainly from a consumer perspective, with interacting with some of the codes that are out there—is that many people are not even aware of them and are not aware that they have an option to complain, and the compliance monitoring and enforcement groups vary, shall I say, in terms of their efficacy.

Prof. Brown : Yes, absolutely. In fact, a lot of the reason for us doing our research and then continuing to offer it is so that companies do have a readily available monitoring and evaluation mechanism.

We need to distinguish that our focus is on whistleblower protection in terms of being able to encourage and then protect employees or contractors, employees of contractors or, in some cases, possibly suppliers—people who are basically internal to the organisation and its operations, as opposed to customers, clients and consumers per se. There are a whole lot of parallel considerations there as to what good complaint systems look like. Certainly, our focus is on the Commonwealth Bank financial planners type scenario where you have got people within an entity or within the supply chain of the organisation who have crucial inside information that is worth its weight in gold.

CHAIR: Time frame? When do you anticipate reporting?

Prof. Brown : We will start to report early in 2017 on the first major wave of data. In terms of the full analysis, conclusions and recommendations, it will be over the subsequent 18 months from early in 2017.

CHAIR: So, in terms of informing policy, it could be 2018 before we really see tangible data.

Prof. Brown : In terms of direct recommendations. But it depends on what happens—which takes us to law reform, because as soon as we have the data in our hands, if there are law reform processes or discussions underway, then we can extract it in a way that is most useful. I am always looking to see what is happening, because those things can be brought together rather than waiting for three years to report.

Mrs SUDMALIS: I have a very quick question and it is very vague too, so I apologise for that. I was reading some paper somewhere where it said eight companies had done precisely this. They introduced a very transparent whistleblowing process—and it was not for any remuneration; it was not for any reduction in possible prosecution—and it took off so well that there was a public register on the internet and companies were busting to get onto that public register to be seen as ethical. It brought into question a whole stack of equity of employment and equity of wages issues. It became the case that you wanted to be on this list because people prefer to deal with you because you are on this list. The standard was much higher than what would have been put in place by mandatory provisions. But I have no reference material; I just remember reading it and it sounded fascinating.

Prof. Brown : It does not ring a direct bell with me as to what that particular list would have been.

Mrs SUDMALIS: It was in America.

Prof. Brown : But that does not surprise me at all. I think there is a bit of a myth and a bit of an assumption amongst regulators—and this affects your thinking and your role in terms of law reform—that moving in this space must equate to more red tape and more onerous requirements on companies, and therefore companies are going to resist and the Business Council is going to resist, so that is not territory that should be explored. But that is not the reality of the situation.

The reality of the situation is that the bulk of companies—certainly, medium to large and very large—understand that good whistleblowing policies are part of a suite of practices which are going to increase their efficiency, their responsiveness and their market value. It is an internal warning system for problems. They would rather have the information internally than be reading about it on the front page of the paper. There are very powerful drivers before you even get to regulatory compliance, and all of those factors can be harnessed. What does not exist is very good evidence as to what best practice looks like and what works and what does not. That is the reason for this research.

We have seen enormous uptake over the last 10 or 15 years of whistleblowing hotlines, the big craze that companies got into, saying, 'We've got to have a whistleblowing system and a whistleblowing policy, so we'll hire a service provider and we'll set up a whistleblowing hotline and then we've got a whistleblowing system.' Of course, the next thing they realise is that this is the tip of the iceberg for actually doing it properly. A lot of companies, most companies, have gone past that and they are now going, 'What do we actually do internally?'

So we know that the drivers and incentives are there to see good whistleblowing management practices implemented. So, for companies who are less aware, there are a range of options for how can be incentivised to try and do it. But, at the end of the day, some companies and entities manage to get all of these things wrong, so they are not going to be any more receptive to the idea that they need a good whistleblowing system than they are to other things.

Senator WILLIAMS: Thank you for your good work, Professor. I think that the treatment of whistleblowers in Australia is appalling.

Prof. Brown : My only response to that would be that the ones that you hear about are typically appalling, and there are lots that you do not hear about that are also appalling, and then there are a lot that you do not hear about where it is not as bad as you might think. In a lot of companies, and certainly in the public sector, a lot of people are involved in blowing the whistle on wrongdoing that nobody ever gets to hear about. It does not necessarily make it an easy process, but those people are not necessarily getting treated as badly as those who you are more likely to hear about in the public domain. So I do not disagree with you, but that is a note that that is the light at the end of the tunnel that we are aiming at.

Senator WILLIAMS: Good on you.

CHAIR: Could I bring you then to part 9.4AAA of the Corporations Act, the definition of whistleblowers and then the consequent recommendations that came out of the Senate economics committee inquiry into ASIC. Do you have any comment on the adequacy of the act as it stands or the recommendations of the committee and where things currently stand in that regard?

Prof. Brown : Really, there is a very short answer to this, which is that the committee's recommendations in the inquiry into the performance of ASIC were basically spot on. To actually map out the solutions was obviously too big a task for that committee to take on in addition to everything else it was dealing with with ASIC. The chapter in that report and the recommendations in terms of there needing to be a very substantial process of review and consideration of the policy options for legislating to fix/completely replace part 9.4AAA are still as relevant today as they were then. The government, as you know, has noted those recommendations, which is better than rejecting them. But the best thing that your committee could do is continue to call on the government to respond positively to those recommendations.

The real question is: what is the best policy process for taking on this big question? There are a number of things of which the committee would be aware and which ASIC supports which could be fixed in part 9.4AAA in the short term that would be good. There are more substantial things than ASIC is recommending or supporting that I think the Senate economics committee ended up also agreeing needed to be dealt with even if you were to continue to rely primarily on part 9.4AAA. But, in fact, it is not possible to do a proper job by just trying to work through the Corporations Act. There are some whistleblower protection provisions under APRA's legislation, and every area of Commonwealth has issues of whistleblower protection associated with it. There is a big choice that confronts Australia because this is still relatively a greenfield site in terms of the private sector, because all we have is what is currently in the Corporations Act.

If we just fix up the Corporations Act provisions in relation to breaches of corporations law, whatever that may mean, and then we beef up provisions in the financial services legislation and then we start inserting equivalent whistleblower protection provisions in the Competition and Consumer Act and then we do it in the Environment Protection and Biodiversity Conservation Act, we will end up like the US, where there are scores of pieces of whistleblower protection rules that may or may not be consistent in federal private sector regulatory legislation alone before you even get near the states or anywhere else. That is why it is so important that the Commonwealth is in a position to take a big picture look at this, before it ends up by default down the road of US, which does increase the regulatory burden on business. It means that they have to deal with 17 different types of whistleblower protection obligations in 17 different acts, depending on what type of misconduct or public interest wrongdoing is being revealed inside the organisation.

I think the best thing that could happen would be for the committee to continue to call on the government to respond positively to that recommendation and possibly give some serious thought to what type of process the committee thinks is the type of review and policy investigation that is required, whether it is done by virtue of a select parliamentary committee, or an expert panel followed by a select parliamentary committee, or done by your committee, or done by somebody else. In some ways it does not really matter. All the stakeholders are more or less at one in the need to move on this and, I think, would play ball with whatever process the Commonwealth laid out, but just sitting around not doing anything is certainly not going to—

CHAIR: Given the broader remit that you are describing there, which goes well beyond the Corporations Act and the financial services sector, the concept of an Office of the Whistleblower,—and ASIC now have one of those and they have their regulatory guidance which, I think, they updated late last year—are you suggesting that we would do better to have that kind of advocate or owner of the whistleblower regulation sitting at a more central level in government—the Attorney-General's Department or somewhere—and then relevant agencies apply their regulatory guidance for their sector, or their government department, hinged off that central owner or advocacy of a government approach to whistleblowing? Is that broadly your suggestion?

Prof. Brown : Broadly. You certainly need both and, if you were to set up a central mechanism for whistleblower protector in the private sector, that should not mean that ASIC is suddenly off the hook, because it will always still have its own whistleblowers and have its own responsibility to support and require, to some degree, companies to have their own whistleblowing systems. The crucial thing is that the expectations on companies and the standards, the rules and the procedures for employees should be common, clearly understood and reasonably simple right across the board. How that applies in different industry sectors then becomes the responsibility of those particular regulators.

Where it becomes problematic for everybody is when companies do not protect or manage people well, or actually undertake reprisals against people. ASIC, for example, may well still be the one who is conducting the investigation and the prosecutions into the primary wrongdoing and the breaches of directors duties and everything. The whistleblower may well still be their witness and they have still got to manage them and support them as their witness. When it comes to the fact that that whistleblower has been sacked, is entitled to compensation and there may have been a criminal reprisal—all of those sorts of things—then it should not necessarily be ASIC's responsibility. It becomes partly a workplace-relations-type function, so there are valid questions about at what point the Fair Work Ombudsman, or Fair Work Australia, or some new- or expanded- or adjunct-type central regulator would be looking after the workplace relations dynamics or the compensation dynamics.

As far as I am aware, the only compensation action that has produced results under the Corporations Act whistleblowing compensation provisions is the settlement that Brian Hood reached with Note Printing Australia over the note printing foreign bribery scandals. I think it is publicly known that he sought and reached a settlement with Note Printing Australia and the impact on his career of having been involved in that and their mismanagement of it. The crucial thing is that that was achieved as a result of those provisions. What is significant is that someone like Brian Hood, who was a company secretary, is not someone who is covered by Fair Work Australia. He is not an employee within the purview of Fair Work Australia. You are talking about compensation that many need to be assisted, facilitated and supported for people who may or may not be protected by the Fair Work regime. Again, ASIC or ACCC might support particular cases where there are particular whistleblowers, where they decide it is in their regulatory interests to support an outcome whereby everybody understands that this whistleblower was supported and protected and received compensation. But regarding the actual mechanics of that, it is really a question of whether that is left to the whistleblower to fight it out for themselves in court, or whether there is also an employment relations whistleblower protection regulator to support that process.

CHAIR: Thank you for your evidence, Professor Brown. We have to wrap it up because most of us have to race to the airport to catch a plane.

Prof. Brown : Certainly.

CHAIR: Thank you for the work you are doing and for your evidence to previous committees as well as to this one. We look forward to hearing more about your work and where you get to.

Committee adjourned at 16 : 45