Whistleblower protection policy

Policy Statement 

OC Connections Limited (‘OCC’) is committed to developing an internal culture based on ethical behaviours that are aligned with organisational values. 

OCC recognises that people working at or with the organisation (including volunteers) or those who observe the organisation from the view of an independent party may identify what is potentially a serious issue contravening legal or regulatory obligations. 

This policy determines the ways in which OCC will deal with “Protected Disclosures” and is intended to meet the requirements of the Corporations Act 2001 (Cth). 

Capitalised terms used in this policy are defined in the Definitions table at the end of this document. 

This policy will be provided to each Board member, employee (including each casual employee), contractor and volunteer of OCC via email dissemination. This policy will also be made available on the Quality Management System and included in new starter onboarding documents. 

We encourage disclosers to seek independent legal advice if they are considering making a disclosure under this policy. Effective Date This policy comes into effect at the date of approval. In accordance with the requirements of legislation, the procedures contained within this document may apply to protected disclosures prior to 1 July 2019.

1. Purpose 

The purpose of this Whistleblower Protection Policy is to promote a culture of compliance, probity, integrity, honesty and ethical behaviour within OCC. 

OCC is committed to maintaining an organisation where suspected misconduct, an improper state of affairs or circumstances in relation to OCC or its operations are disclosed without fear of detriment. 

The policy furthers this purpose by outlining: 

  • the types of disclosures which qualify for protection; 
  • to whom disclosures should be made; 
  • how Whistleblowers will be supported and protected so that their disclosures can be made safely, securely and with confidence; 
  • how the company will ensure fair treatment of employees mentioned in the disclosures; and 
  • the process by which disclosures of suspected Wrongdoing will be managed so as to be transparent, appropriate and timely. 

2. Who the policy applies to 

This policy only protects the following types of disclosers within and outside the entity who make a Protected Disclosure to an Eligible Recipient: 

  • officers, employees and contractors of OCC, whether current or former employees/contractors, permanent, part time, fixed term or temporary employees/contractors, interns, secondees, managers and directors; 
  • individuals who supply services or goods to OCC;

Whistleblower Protection Policy Board 

  • employees of a person or entity who supplies services or goods to OCC (whether paid or unpaid), including current and former consultants, service providers, suppliers and business partners; 
  • individuals who are associates (a director or secretary of the company or of any related body corporate of the company) of OCC; and 
  • relatives or dependants of any of the persons listed above. 

Each such person is called a “Whistleblower”.

3. Protected Disclosures 

A person described in paragraph 2 of this policy may make a Protected Disclosure of information under this policy if they have objectively reasonable grounds to suspect that the information concerns misconduct or an improper state of affairs in relation to OCC or any of its related bodies corporate. 

Such a person may qualify for protection even if their disclosure later turns out to be incorrect (e.g. the investigation concludes there was an error of identity or fact which was reasonable to make in all the circumstances). 

Misconduct or improper states of affairs covered by this policy is not limited to conduct that involves a contravention of law. It is wider to include, but is not limited to, any Wrongdoing. 

A person may also make a Protected Disclosure of information if they have objectively reasonable grounds to suspect that the information indicates that OCC or its related bodies corporate has engaged in conduct which: 

  • is an offence against or contravention of law; 
  • is an offence or contravention of: 
    • the Corporations Act 2001; o the ASIC Act 2001; or o any law relating to tax or duty; 
    • involves any other kind of serious impropriety; 
    • represents a danger to the public or its safety or to the stability of, or confidence in, the financial system; or 
  • conduct which regulation prescribes as being relevant conduct.

4. Disclosures that are NOT protected under this policy 

Only disclosures that meet the definition above will be protected under this policy and by law. Disclosures that do not meet the definition above (for example, trivial or vexatious matters with no substance, knowing or reckless false reports, allegations made without any supporting information, personal work-related grievances such as interpersonal conflict, dissatisfaction in relation to a promotion or a complaint of discrimination, bulling or harassment affecting only the discloser) will not be protected by the Corporations Act 2001 (Cth) but may be protected by other legislation, such as the Fair Work Act 2009 (Cth). Unsubstantiated allegations which are found to have been made maliciously, or are knowingly false, will be viewed seriously and may be formally dealt with. 

On the other hand, some personal work-related grievances may still qualify for protection under this policy such as where: 

  • the personal work-related grievance includes information about misconduct, or information about misconduct includes or is accompanied by a personal work-related grievance – this is a mixed report; • the person is suffering bullying or harassment in the context of a more general culture of bullying or harassment in the company or suggests other misconduct is occurring – the personal bullying or harassment is part of conduct that has wider implications and which is contrary to company policy or in breach of the Fair Work Act 2009;
  • the entity has breached employment or other laws punishable by imprisonment for a period of 12 months or more, engaged in conduct that represents a danger to the public, or the disclosure relates to information that suggests misconduct beyond the discloser’s personal circumstances – while the discloser is an employee personally affected by the breach, the consequence has wider application; 
  • the discloser suffers from or is threatened with detriment (such as a threat to their employment) for making a disclosure (see further below) – the discloser is entitled to protection against that detriment; or • the discloser seeks legal advice or legal representation about the operation of the whistleblower protections under the Corporations Act – that communication with lawyers is protected.

5. Procedure for making disclosures 

Who to disclose to 

In order to qualify for protection, the disclosure must be made directly to an Eligible Recipient or to ASIC, APRA, or another Commonwealth body prescribed by legislation. Once disclosure is made to an Eligible Recipient, the discloser qualifies for protection as set out in this policy even though, at the time of making the disclosure, it is not yet determined if the disclosure is a Protected Disclosure. 

Eligible Recipients are named in the Definitions table at the end of this policy. One such person is the Whistleblower Officer appointed by OCC. Intending disclosers are encouraged to obtain independent legal advice or to consult in the first instance with the Whistleblower Officer to obtain guidance if in doubt as to whether they have a Protected Disclosure. 

At the time of formal reporting, the Whistleblower will be provided with a copy of this policy to ensure they are aware of how the process will be managed. It is important to note that if a manager has been consulted about the matter that they may have a legal obligation to report any alleged wrongdoing even if the Whistleblower does not wish to take the matter further. 

If a Whistleblower makes a disclosure to a legal practitioner to obtain legal advice or legal representation, the Whistleblower will be protected, even if the legal practitioner concludes that the disclosure is not a Protected Disclosure within the Corporations Act 2001

The Whistleblower Officer has a responsibility, and is vested with the authority by OCC, to conduct sufficient inquiry into a Whistleblower report to be satisfied that: 

  • a disclosure is a Protected Disclosure under this policy; 
  • each disclosure of wrongdoing reported to them is appropriately investigated; 
  • the investigator has internal independence of line management of the business unit affected by the wrongdoing disclosure; 
  • action taken in response to the findings of an investigation is appropriate to the circumstances; 
  • retaliatory action has not been taken against the person who made the disclosure; 
  • the investigator has, if appropriate, seconded the expertise of other officers in OCC to assist in the investigation and sought the advice of internal or external experts as required. 

A discloser is entitled to make a disclosure directly to any Eligible Recipient, ASIC, APRA or any other prescribed body and qualify for protection under this policy. However, Whistleblowers are encouraged to make a disclosure to the Whistleblower Officer in the first instance. Where the Whistleblower does not feel comfortable reporting a matter to the Whistleblower Officer, or where the Whistleblower has previously done so and believes no action has been taken, the Whistleblower may contact the CEO directly to report a matter. If the CEO is the subject of the Whistleblowing report, the Whistleblower may contact the Chair of OC Connections’ Board.

Whistleblower Protection Policy Board 

Where the Whistleblower Officer is involved in the conduct the subject of the Protected Disclosure or is otherwise not fully independent from the matter disclosed, the report must be passed to the CEO for action and investigation. 

The Eligible Recipient of any Protected Disclosure will, through the CEO (or if the CEO is implicated, directly) provide a verbal report to the Chair of the Board within 48 hours of being advised of the disclosure while maintaining the confidentiality of the Whistleblower. 

In the event that an external investigation is required, the Whistleblower will be provided with the details of the external agency. 

Where necessary, disclosures may also be made to ASIC, APRA, the Commissioner of Taxation and other Commonwealth body which regulation prescribes for this purpose. Guidance as to the making of a disclosure to such bodies can be found on their websites. See, for example, ASIC Information Sheet 239 How ASIC handles whistleblower reports and ATO guidance on Tax whistleblowers

Public interest disclosure 

In certain circumstances, 90 days after the Whistleblower has made a report in accordance with this policy to ASIC, APRA or a Commonwealth authority prescribed for this purpose by law, and provided that the Whistleblower has reasonable grounds to believe that: 

  • no action is being, or has been, taken to address the matters raised in the disclosure; and 
  • the making of a further disclosure would be in the public interest, 
  • the Whistleblower may give limited disclosure of the matter to a member of Parliament or a journalist. 

Such a step is a serious matter and, to ensure the Whistleblower is protected by law, the Whistleblower should take independent legal advice or consult with OCC’s Whistleblower Officer before doing so. 

Emergency disclosure 

In certain circumstances and provided the Whistleblower has: 

  • made a report in accordance with this policy to ASIC, APRA or a Commonwealth authority prescribed for this purpose by law; 
  • reasonable grounds to believe that the information concerns a substantial and imminent danger to health or safety of one or more persons or to the natural environment; and 
  • given notice to the same authority about the Whistleblower’s intention to make an emergency disclosure, the Whistleblower may give limited disclosure of the matter to a member of Parliament or a journalist. 

Such a step is a serious matter and, to ensure the Whistleblower is protected by law, the Whistleblower should take independent legal advice or consult with OCC’s Whistleblower Officer before doing so. 

Right of anonymity 

Disclosures may be made anonymously. Anonymous disclosures are still protected disclosures. A discloser can choose to remain anonymous while making a disclosure, over the course of the investigation and after the investigation is finalised. A discloser can also refuse to answer questions that they feel could reveal their identity during follow-up conversations. A discloser may choose to adopt a pseudonym for the purposes of their disclosure, and not use their true name. This may be appropriate in circumstances where the discloser’s identity is known to their supervisor or the Whistleblower Officer, but the discloser prefers not to disclose their identity to others.

Whistleblower Protection Policy Board 

If a disclosure comes from an email address from which the discloser’s identity cannot be determined, and the discloser does not identify themselves in the email, OCC will treat it an anonymous disclosure and handle it in accordance with this policy. 

6. Investigation 

Whistleblowing investigations are to be undertaken by the Whistleblower Officer or by an external investigator appointed by the Whistleblower Officer. The Whistleblower Officer or external investigator responds to all concerns raised with them and reports to the CEO. If the CEO is the subject of concerns raised, the Whistleblower Officer or external investigator will report the matter to the Chair of the Board. 

All reasonable steps will be taken to attempt to ensure all Protected Disclosures are reviewed and, where necessary, investigated as soon as reasonably practicable, with the aim of finalising the investigation within 90 days of the date the disclosure is first made. OCC will take reasonable steps to keep the Whistleblower informed as to the progress of the investigation. 

A Whistleblower must provide all information in their possession or control to assist any inquiry/investigation of the wrongdoing disclosed. 

After a disclosure has been made, as a general guide and subject to the particular circumstances applying to the disclosure, the investigation procedure is normally expected to include the following steps: 

(a) If the disclosure is not made to the Whistleblower Officer, the issue of concern will be forwarded by the 

relevant Eligible Recipient to the Whistleblower Officer as soon as possible. (b) The Whistleblower Officer or external investigator will review the issue of concern and determine 

whether it falls within this policy and, if so, the appropriate manner of investigation. (c) After consultation with the CEO and/or the Chair of the Board (if necessary), the Whistleblower Officer or external investigator will inform the Whistleblower of the determination made in respect of paragraph (b) within a reasonable period of time, provided the Whistleblower can be contacted. (d) The Whistleblower Officer or external investigator will determine what resources are needed including, depending on the nature of the report, the assistance of other employees or external professional help (including legal, accountancy, forensic analysts or operational experts). (e) The Whistleblower Officer or external investigator will plan and lead the investigation, including the 

following steps: 

a. interview the Whistleblower to obtain relevant information about the disclosure from the 

Whistleblower; b. interview any alleged wrongdoer to obtain a response to the disclosure in so far as it relates to 

the alleged wrongdoer; c. interview any relevant witnesses regarding relevant matters arising from the disclosure; d. obtain and review any documents or other material relevant to the disclosure; e. if necessary, conduct further interview/s with the Whistleblower or otherwise obtain further 

information or a response to material arising from the investigation; and f. if necessary, conduct further interview/s with any alleged wrongdoer or witness regarding further 

material arising from the investigation. (f) The Whistleblower Officer or external investigator will consider process/control improvements (risk 

assessments, audits, etc.). (g) The Whistleblower Officer or external investigator will keep the Whistleblower informed upon relevant milestones on the status of the investigation via the Whistleblower’s preferred method of update (for example, by email). (h) The Whistleblower Officer or external investigator will prepare an investigation report which will make finding of fact and determine whether the disclosure has been substantiated or not substantiated, in whole or in part. The report may also include recommendations arising from any factual findings. (i) The Whistleblower Officer or external investigator will forward the investigation report to the CEO or 

Chair of the Board as appropriate.

Whistleblower Protection Policy Board 

(j) The Whistleblower Officer or external investigator will inform the Whistleblower of their rights and the 

ways that OCC protects those rights and debrief the Whistleblower. (k) The CEO or Chair of the Board will prepare a report to be provided to the Board at its next scheduled 

meeting. (l) The CEO or the Chair of the Board will document the incident on the Whistleblower Register. The Whistleblower Register will be stored securely in the CEO’s office and will be accessible only by the CEO and Whistleblower Officer. 

7. Protection of Whistleblowers 

Commitment to protection 

To meet OCC’s obligations and procedures for Protected Disclosures, the organisation adopts the principle of providing protection to people or organisations with a relationship with OCC: 

  • at least to the extent of protection provided at law; and 
  • beyond that legal protection, wherever it is practical in the circumstances. 

A report may not protect the Whistleblower from the consequences flowing from involvement in the wrongdoing itself. However, the same protection will apply to the rights of the Whistleblower as a person involved in the matter as apply to the Whistleblower as a reporter. 

Confidentiality of Whistleblower’s identity and whistleblowing reports 

If a person or organisation makes a disclosure, OCC will not disclose (and no other person may disclose) any information that would suggest or be likely to reveal that person’s or organisation’s identity. 

The exception to the above protection is if OCC discloses the Whistleblower’s identity: 

with the person’s or organisation’s consent; 

  • to ASIC, APRA or the Australian Federal Police or other person or body prescribed by regulations; 
  • to the extent required or authorised by law, or 
  • to a legal practitioner for the purposes of obtaining legal advice or legal representation. 

When a report is investigated it may be necessary to reveal its substance to people without the Whistleblower’s consent in order to investigate and deal with the matter, such as OCC managers, external persons involved in the investigation process and, in appropriate circumstances, law enforcement agencies. At some point in time it may also be necessary to disclose the fact and the substance of a report to a person(s) who may be the subject of the report. In such cases, OCC may do so provided that: 

  • the information so disclosed does not include the discloser’s identity (unless consented to by the Whistleblower); and 
  • OCC has taken all reasonable steps to reduce the risk that the discloser will be identified from the information. Even after taking such steps, in some circumstances the source of the reported issue may be obvious to a person who is the subject of a report. 

To protect the confidentiality of records, OCC will also take all reasonable precautions to store any records relating to a report of a Protected Disclosure securely and to permit access by authorised persons only. This includes the following measures: 

  • all paper and electronic documents and other materials relating to disclosures will be stored securely; 
  • all information relating to a disclosure can only be accessed by those directly involved in managing and investigating the disclosure; 
  • only those people who are directly involved in handling and investigating a disclosure – Chair of Board, CEO, Whistleblower Officer, Manager of Quality and Risk – are made aware of a discloser’s identity or information that is likely to lead to the identification of the discloser; 
  • communications and documents relating to the investigation of a disclosure are not sent to an email address or to a printer that can be accessed by other staff without appropriate security features; and 
  • each person who is involved in handling and investigating a disclosure is reminded that they should keep the identity of the discloser and the disclosure confidential and that an unauthorised disclosure of a discloser’s identity may be a criminal offence. Information and awareness of whistleblower processes will be provided to support the application of confidentiality of the content and identity of the person(s) named in disclosures. Each person involved in the disclosure will be required to sign a document, to be retained on the investigation file, vouching maintenance of confidentiality. Emails relating to a Whistleblowing disclosure will be headed ‘CONFIDENTIAL RECIPIENT ONLY (WB)’. 

Unauthorised disclosure of information relating to a report, the identity of a person or organisation that has made a report of wrongdoing the subject of a Protected Disclosure, or information from which the identity of the reporting person or organisation could be inferred will be regarded seriously and will be dealt with accordingly at senior management level. 

Detriment 

Committing to the protection and respect of the rights of a person or organisation that makes a Protected Disclosure, OCC does not tolerate any detriment, retaliatory action, omission or threats of retaliatory action as a reaction to Protected Disclosure, including against a person’s colleagues, employer (if a contractor or supplier) or relatives, even if the Protected Disclosure is merely part of the reason for the action, omission or threats. 

A Whistleblower must not be subjected to retaliatory actions of any kind including, but not limited to: 

  • dismissal of an employee; 
  • injury of an employee in his or her employment; 
  • alteration of an employee’s position or duties to his or her disadvantage; 

discrimination between an employee and other employees of OCC; 

  • harassment or intimidation; 
  • physical or psychological harm; 
  • damage to a person’s property; 
  • damage to a person’s reputation; 
  • damage to a person’s business or financial position; and 
  • any other damage to a person. 

The fact that a person has made a Protected Disclosure will not give rise to (and the Whistleblower is protected as a matter of law from) any civil, criminal or administrative liability (including disciplinary action) on the part of the Whistleblower, and the fact of making the disclosure and its content is not admissible against the Whistleblower in criminal or civil proceedings. 

OCC will not take (and the law prohibits any other person from taking) any action under a contract to which a Whistleblower is a party or seek to enforce any other contractual or equitable right against a Whistleblower, solely on the basis of having made a Protected Disclosure. So, a Whistleblower is not liable in connection with any legal action for breach of an employment or services contract, a duty of confidentiality or any other contractual obligation. Further, the Whistleblower will be protected from any termination of a contract on the basis that the disclosure is a breach of that contract. 

A Whistleblower who believes that he or she, or his or her family have been the victim of detrimental treatment by reason of their status as a Whistleblower should immediately report the matter to the CEO or the Chair of the Board. If the matter is not remedied, it should be disclosed as a Protected Disclosure in line with this policy. Any OCC employee or director who is found to have detrimentally treated a Whistleblower will be subjected to disciplinary measures and may be subject to penalties that can be invoked in accordance with the Corporations Act 2001 (Cth). Where a contractor or consultant is found to have detrimentally treated a Whistleblower by reason of their status as a Whistleblower, the CEO or Chair of the Board will determine the appropriate action to be taken to ensure the matter is dealt with fairly and effectively. 

A Whistleblower who has been involved in the wrongdoing the subject of a Protected Disclosure may, in some circumstances, be provided with immunity from, or due consideration in, OCC’s initiated disciplinary proceedings. OCC, however, has no power to offer or provide immunity from criminal prosecution or from action by third parties.

8. Management of a person against whom a disclosure is made 

(a) OCC recognises that individuals against whom a report is made must also be supported during the investigation of the Protected Disclosure. OCC will ensure that there is fair treatment of a person who is the subject of a report, and will endeavour to maintain confidentiality and anonymity during an investigative process where practical and appropriate in the circumstances. 

(b) Where a person is suspected of possible wrongdoing, but preliminary enquiries determine that the suspicion is baseless or unfounded and that no formal investigation is warranted, the Whistleblower will be informed of this outcome and the matter laid to rest. The Whistleblower Officer will decide whether the person named in the allegation should be informed that a suspicion was raised and found to be baseless upon preliminary review. This decision will be based on a desire to preserve the integrity of a person so named, so as to enable workplace harmony to continue and to protect the Whistleblower if it was a genuine report. 

(c) Where an investigation does not substantiate the report, the fact that the investigation has been carried out, the results of the investigation and the identity of the person who is the subject of the report must be handled confidentially and any relevant documentation retained in a secure environment for the purpose of maintaining privacy. 

(d) The Whistleblower Officer must ensure that the person who is the subject of any report where an 

investigation is commenced: 

  • is informed of the substance of the allegation(s) if required by the principles of natural justice and procedural fairness; 
  • has their identity kept confidential during the investigation; 
  • is given a reasonable opportunity to respond before any investigation is finalised; 
  • is informed about the substance of any adverse comments that may be included in any report arising from the investigation before it is finalised, and 
  • has their response set out fairly in the investigator’s report.

Whistleblower Protection Policy Board 

(e) Where the allegations in a disclosure report have been investigated and the person who is the subject of the report is aware of the allegations or the fact of the investigation, then the Whistleblower Officer must formally advise the person of the outcome of the investigation. The Whistleblower Officer or other Eligible Recipient will not provide the person who is the subject of the investigation with a copy of the report. 

(f) OCC will give its full support to a person who is the subject of a report where the allegations contained in the report are clearly unfounded including non-disclosure of the report or its outcomes outside of the investigative process. 

(g) Any person suspected of possible wrongdoing will have reasonable access to support made available by OCC such as contact with a nominated person and, where relevant, access to OCC’s employee assistance program or similar counselling service. OCC will consider any request for other support for such a person on a case by case basis. 

9. Remedies 

A Whistleblower or any other person can seek compensation and other remedies through the courts if: 

  • they suffer loss, damage or injury because of a disclosure; and 
  • OCC failed to prevent a person from causing the detriment. 
  • In such circumstances, the affected persons should seek independent legal advice or consult the Whistleblower Officer. 

10. Definitions 

APRA: Australian Prudential Regulation Authority

ASIC: Australian Securities and Investment Commission

Eligible Recipient:

  • Whistleblower Officer (General Manager – People, Learning and Culture)
  • Chief Executive Officer
  • Chairperson of OCC Board
  • Other officers and senior managers
  • Internal or external auditors of OCC

Protected Disclosure : A disclosure which is protected by the Corporations Act 2001 (Cth), including the matters described in paragraph 3 of this policy.

Whistleblower: A person who meets the definition at paragraph 2 of this policy.

Wrongdoing:

Includes behaviour that is:

  • illegal (examples include, but are not limited to, theft, drug sale or use, violence, harassment, criminal damage to property or other breaches of legislation); 
  • fraudulent or corrupt; 
  • unethical, such as acting dishonestly; altering OCC’s records; wilfully making false entries in the books and records; engaging in questionable accounting practices; or wilfully breaching the OCC’s Code of Conduct or other ethical statements; 
  • indicates a systemic issue that a relevant regulator should know about to perform its functions; 
  • damaging or potentially damaging to the reputation of OCC; 
  • a serious breach of the OCC Code of Conduct for employees and volunteers which sets out expectations regarding the behaviour and responsibilities of employees and volunteers to safeguard service users from abuse and neglect, and to ensure a safe environment when undertaking programs and activities; 
  • may cause or contribute to serious financial or non-financial loss to OCC, or be otherwise seriously contrary to OCC’s interests; 
  • involving any other kind of serious impropriety including retaliatory action against a Whistleblower for having made a disclosure of Wrongdoing.

Related Documents
Corporations Act 2001 (Cth)
ASIC Act 2001 (Cth)
Protected Disclosure Act 2012 (Vic)

Related Standards
National Standards for Disability Services

Standard 6: Service Management: 6.1, 6.2, 6.3, 6.5

NDIS Practice Indicators
Governance and Operational Management

Version Control

VersionIssue DateAuthorDocument
Owner
ApprovalDate for
Review
Details of
Amendments
V1February 2017Carolyn Carter Therese
Executive Manager
Quality and Risk
Therese Desmond

CEO
Compliance,

Audit, Quality and
Risk Committee post
consultation with
EMT
February

2018
New policy
V2September
2018
Gillian Kinder, Quality &
Risk Coordinator
CEOBoard of Directors2020Revised
V3August
2019
Gillian Kinder Manager
Quality & risk
CEOBoard of Directors2020New legislation