Whistleblower Policy – Version 1.9 – August 2020
1. Defined terms
Capitalised terms used in this policy have the meanings given to them in point 14 below, unless the context requires otherwise.
2. Background to this policy
Keystart recognises that whistleblowers play an important role in identifying and calling out misconduct and harm to consumers and the community.
Our whistleblower policy is intended to foster an open and transparent culture of ethical practice and accountability where Disclosers (including employees) can come forward to report on misconduct or wrongdoing within the organisation without reprisal.
Indeed, our board of directors and executive management encourage Disclosers aware of any misconduct or wrongdoing to speak up and undertake that Keystart will treat all such disclosures seriously and confidentially and will investigate them promptly
We believe that this policy is fundamental to good corporate governance and ethical business practices, complements our code of ethics and conduct and supports our values of 'Customer Focus, Agility, Teamwork and Integrity'.
This policy’s objectives are to:
- encourage disclosure and reporting of any malpractice, misconduct or conflicts of interest in our organisation;
- set out the manner in which Keystart will manage whistleblowing reports;
- protect Disclosers who report malpractice, misconduct or conflicts of interest in our organisation;
- ensure that all reports are thoroughly investigated, and appropriate action taken; and
- meet Keystart’s legal and regulatory obligations.
This policy will be made available to officers and employees of Keystart via the intranet and on Keystart's external website.
4. Who this policy applies to
This policy applies to all persons who are, or has been, any of the following:
- an officer or employee (e.g. current and former employees who are permanent, part-time, fixed-term or temporary, interns, secondees, managers and directors);
- a supplier of services or goods to Keystart (whether paid or unpaid) including their employees (e.g. current and former contractors, consultants, service providers and business partners);
- an associate of Keystart; and
- a relative, dependant or spouse of any person referred to above (e.g. relatives, dependants or spouse of current and former employees, contractors, consultants, service providers, suppliers and business partners) (each a Discloser).
A Discloser will qualify for protection under this policy and the Act if they have made a Qualifying Disclosure:
- to an Eligible Recipient;
- to a legal practitioner for the purposes of obtaining legal advice or legal representation about the operation of the whistleblower provisions under the Act; or
- as a Public and Emergency Disclosure (it is important that you understand the criteria for a Public Emergency Disclosure and seek independent legal advice in relation to them before making one).
5. Matters this policy applies to
A disclosure of information will qualify for protection under this policy and the Act if the Discloser has reasonable grounds to suspect that that disclosed information concerns, in relation to Keystart:
- dishonest, unethical, fraudulent or corrupt behaviour;
- offering or accepting a bribe;
- a criminal offence;
- a failure to comply with any legal or regulatory obligation;
- a miscarriage of justice;
- an act endangering the health and safety of any individual or damaging to the environment;
- unsafe work practices;
- financial impropriety including fraud, money laundering or misappropriation of funds;
- serious non-professional or non-ethical behaviour;
- a failure to comply with Keystart’s policies and procedures;
- discrimination, vilification, sexual harassment, harassment, bullying and victimisation;
- a deliberate concealment of information relating to any of the above;
- other serious improper conduct (including gross mismanagement, serious and substantial waste of Keystart’s resources, or repeated breaches of administrative procedures); or
- any other conduct which may cause financial or non-financial loss to Keystart or be otherwise detrimental to the interests or reputation of Keystart, or any of its employees whether or not it involves a contravention of law (each a Qualifying Disclosure).
A Discloser can still qualify for protection under this policy and the Act even if the Qualifying Disclosure turns out to be incorrect.
6. Matters this policy will not apply to
This policy does not apply to any disclosures of information that are not Qualifying Disclosures, including disclosures relating to:
- poor performance of job duties; or
- personal work-related grievances.
Employees work and performance-related grievances may report them directly to their department manager or in accordance with the relevant employee grievance policy.
For the avoidance of doubt, a personal work-related grievance may still be a Qualifying Disclosure if:
- it includes information about misconduct, or information about misconduct includes or is accompanied by a personal work-related grievance;
- Keystart has engaged in conduct that represents a danger to the public;
- the disclosure relates to information that suggests misconduct beyond the Discloser’s personal circumstances; or
- the Discloser suffers from or is threatened with detriment for making a disclosure.
7. How to make a Qualifying Disclosure
A Discloser may make a Qualifying Disclosure at any time to an Eligible Recipient but must do so directly to the Eligible Recipient and in the manner set out in this point 7.2, to qualify for protections under this policy and the Act.
The role of the Eligible Recipient is to receive Qualifying Disclosures.
7.1. Employees to report to direct senior managers in first instance
Employees who are Disclosers should direct Qualifying Disclosures to their relevant direct senior manager. If this is not appropriate (e.g. if you are not comfortable to report to that person), or that person has not taken action in relation to an earlier report within a reasonable time, you can make a Qualifying Disclosure to any other Eligible Recipient.
7.2. Disclosure options
A Discloser may make a Qualifying Disclosure to any Eligible Recipient at any time by:
- posting it as a letter addressed to the Eligible Recipient and marked as "Qualifying Disclosure - Confidential" to the following address:
PO Box 2016
Subiaco WA 6904
- emailing Keystart’s internal whistleblower management service at email@example.com. (This is a shared mailbox accessible by the Chief Risk Officer, General Counsel and Executive Manager Risk).
- if the issue the subject to the Qualifying Disclosure is so exceptionally serious that it warrants the Qualifying Disclosure be made to an external Eligible Recipient, lodging it via ASIC’s online reporting form or by writing to ASIC at:
Australian Securities and Investments Commission
GPO Box 9827
7.3. Disclosures to be in good faith
To help preserve the integrity of this policy and its implementation, Disclosers should:
- ensure that the Qualifying Disclosure is made in good faith;
- ensure that, insofar as reasonably possible, they provide specific, adequate and pertinent information relating to the Qualifying Disclosure, including dates, places, names of persons and witnesses, amounts and other relevant information; and
- not discuss the Qualifying Disclosure with any person other than the Eligible Recipient.
In the event that an employee is found to have made a Qualifying Disclosure that they knew was false, maliciously or for personal gain, such action will be regarded as misconduct and will be dealt with via Keystart’s relevant counselling and
To encourage potential Disclosers to share their knowledge and information of any misconduct or wrongdoing within Keystart, Disclosers will have the rights and protections set out in this policy, particularly under this point 8, and the Act.
8.1. Anonymous disclosures
A Discloser may:
- choose to remain anonymous while making a disclosure, over the course of the investigation and after the investigation is finalised;
- refuse to answer questions that they feel could reveal their identity at any time, including during follow-up conversations; and
- choose to adopt a pseudonym for the purposes of making the Qualified Disclosure.
A Discloser will still be protected under this policy and the Act even if their Qualifying Disclosure remains anonymous, subject to the Qualifying Disclosure being made in the manner provided for under point 7.2.
Notwithstanding a Discloser's rights to remain anonymous, please note that anonymity and the withholding of information from the Eligible Recipient may impede the quality and efficiency of an investigation.
Please also note that the Chief Executive Officer, Chief Risk Officer and the Executive Manager of Organisational Capability may become involved in the conduct and management of a Qualifying Disclosure by virtue of their roles. In the event
that you do not want one or more of these persons involved you should make this request to the Eligible Recipient and they will comply with your request.
Keystart will take all reasonable steps to protect a Discloser’s identity by managing the disclosure on a ‘need to know’ basis and anonymising the Discloser’s identity during an investigation and will not disclose:
- that identity; or
- information that is likely to lead to the identification of the Discloser (which Keystart has obtained because the Qualified Disclosure was made)
except if Keystart’s disclosure is made to ASIC, APRA, a member of the Australian Federal Police, to a legal practitioner for the purposes of seeking advice on the whistleblower provisions of the Act or with the Discloser’s consent (Exceptions).
Except for the Exceptions, it is illegal for a person to identify a Discloser or disclose information that is likely to lead to the Discloser’s identification. If you consider this has occurred, you may lodge a complaint with:
A person can disclose the information contained in a disclosure with or without the disclosure’s consent if:
- the information does not include the discloser’s identity;
- the entity has taken all reasonable steps to reduce the risk that the discloser will be identified from the information; and
- it is necessary for investigating the issues raised in the disclosure.
8.3. Protection from detrimental acts
An employee, officer or contractor of Keystart must not engage in, or threaten, conduct that causes detriment to a Discloser (or another person) in relation to a Qualified Disclosure because of that Qualified Disclosure being made.
Examples of detrimental conduct include dismissal of an employee, alteration of an employee’s position or duties to their disadvantage and harassment or intimidation to a person, including psychological harm.
For the avoidance of doubt, the following do not constitute detrimental conduct:
- reasonable administrative action taken to protect the Discloser from detriment (e.g. moving the Discloser’s to a different working area to prevent detriment); and
- managing a Discloser’s unsatisfactory work performance, the action is in line with Keystart’s management framework.
8.4. Compensation and other remedies
A Discloser (or any other employee or person) can seek compensation and other remedies through the courts if:
- they suffer loss, damage or injury because of the Discloser making a Qualified Disclosure; and
- Keystart has failed to take reasonable precautions and exercise due diligence to prevent detrimental conduct.
Disclosers should seek independent legal advice in relation to any claims they wish to make in this regard.
8.5. Civil, criminal and administrative liability protection
A Discloser is protected from any of the following in relation to a Qualified Disclosure that they make:
- civil liability (e.g. any legal action against the Discloser for breach of an employment contract, duty of confidentiality or another contractual obligation);
- criminal liability (e.g. attempted prosecution of the Discloser for unlawfully releasing information, or other use of the Qualified Disclosure against the Discloser in a prosecution (other than for making a false disclosure)); and
- administrative liability (e.g. disciplinary action for making the disclosure).
These protections do not grant immunity for any misconduct a Discloser has engaged in that is revealed in their Qualified Disclosure.
9. Handling and investigating a disclosure
9.1. Investigation procedures
After Keystart receives a disclosure from a Discloser, it will:
|1.||Assess if it is a Qualifying Disclosure (i.e. qualifies for protection under this policy and the Act).||1 week|
|2.||If the disclosure is a Qualifying Disclosure, assess if a formal, in-depth investigation is required.||2 weeks|
If an investigation is required, conduct an investigation and prepare a report of the findings for the Chief Executive Officer or the board of directors, as appropriate.
If the findings indicate that misconduct or wrongdoing has occurred, then the report must include recommendations to:
a. remedy any harm or loss that has arisen from the misconduct or wrongdoing (e.g. disciplinary proceedings against the person responsible for the conduct and the referral of the matter to regulatory authorities); and
b. mitigate the future occurrence of the same or similar misconduct or wrongdoing.
|4.||Implement recommendations, if any||Subject to nature of recommendations|
Please note that estimated actions and timeframes may vary depending on the complexity and nature of the Qualifying Disclosure. Keystart will update Disclosers with any changes to estimated actions and timeframes.
Keystart will provide Disclosers with regular updates in relation to an investigation of a Qualifying Disclosure. Typically, updates will be provided at the start, during and at the end of an investigation, however, the frequency and timeframes
for updates will also depend on the complexity and nature of the Qualifying Disclosure.
9.2. Limitations to investigations
Discloser's need to be aware that Keystart may not be able to undertake an investigation if it is not able to contact the Discloser (e.g. if a Qualifying Disclosure has been made anonymously and the Discloser has refused to provide, or has not provided,
a means for Keystart to contact them).
9.3. Reporting of findings
The Discloser’s identity will be anonymised in all reports and findings.
Reports will be documented in electronic format.
Upon the completion of a report, the report will be:
- delivered to the Chief Executive Officer and the board of directors, as appropriate (e.g. it will not be provided to a person if doing so is likely to result in the Discloser being identified); and
- delivered to the Discloser, if requested by the Discloser and subject to the Discloser providing adequate contact details for this purpose.
It is important to note that the method for documenting and reporting findings will depend on the nature of the Qualifying Disclosure.
10. Fair treatment of individuals mentioned in a disclosure
Keystart will ensure fair treatment of its employees who are mentioned in a Qualifying Disclosure by ensuring that:
- Qualifying Disclosures will be handled confidentially, when it is practical and appropriate in the circumstances;
- the primary objective of any investigation into a Qualifying Disclosure is to determine whether there is enough evidence to substantiate or refute the matters reported;
- all investigations are undertaken in an objective, fair and independent manner;
- an employee who is the subject of a Qualifying Disclosure will be advised about the subject matter of the Qualifying Disclosure as and when required by principles of natural justice and procedural fairness and prior to any actions being taken; and
- an employee who is the subject of a Qualifying Disclosure is connected with third-party support providers such as Lifeline (13 11 14) and Beyond Blue (1300 224 636).
11. Breach of this policy
Any breach of this policy may result in counselling or disciplinary action, including termination of employment.
This policy has been approved by the Board.
This policy shall be reviewed biennially by the Chief Risk Officer.
Any proposed revisions to this policy must be presented by the Risk Committee to the board of directors for approval.
Act means the Corporations Act 2001 (Cth).
APRA means Australian Prudential Regulation Authority.
ASIC means Australian Securities & Investments Commission.
ATO means Australian Taxation Office.
Associate has the meaning given to it in the Act.
Discloser has the meaning given to that term in point 4 of this policy.
Eligible Recipients mean any of the following:
- the Keystart internal complaints management service;
- an officer or senior manager of Keystart, which includes the persons holding the following positions from time to time:
- director or company secretary of Keystart;
- Chief Executive Officer;
- Chief Financial Officer;
- Chief Information Officer;
- Chief Risk Officer;
- Chief Operating Officer;
- Executive Manager Organisational Capability;
- Executive Manager Corporate Relations & Executive Services;
- Executive Manage Credit Management
- Executive Manager Loans & Joint Venture Management;
- Executive Manager Customer Experience;
- Executive Manager Risk; and
- General Counsel;
- an internal or external auditor (including a member of an audit team conducting an audit) or actuary of Keystart;
- regulatory bodies such as:
- Australian Transaction Reports and Analysis Centre (AUSTRAC); and
- Office of the Australian Information Commissioner (OAIC); and
- in relation to Public and Emergency Disclosures only, journalists and members of Commonwealth, state or territory parliaments (parliamentarians).
Public and Emergency Disclosures means ‘public interest disclosures’ or ‘emergency disclosures’ pursuant to section 1317AAD of the Act.
Qualifying Disclosure has the meaning given to that term in clause 5 of this policy.