Whistleblower Protection Policy (MPF1346)
- Category: Governance and Management
- Review due by: August 23, 2025
- Version: 4
- Policy Steward: General Counsel and Executive Director, Legal and Risk
- Approved on: August 23, 2022
- Supporting Processes: Legal Processes
- Effective date: August 23, 2022
- Policy Approver: Vice-President (Administration & Finance) and Chief Operating Officer
- Status: Published
- 1. Objectives
- 2. Scope
- 3. Authority
- 4. Policy
- Protection
- Excluded parties
- Reportable information
- Personal work-related grievances
- 5. Procedural principles
- Making a whistleblower disclosure
- Whistleblower portal
- University Whistleblowing Committee
- Whistleblower Disclosure Coordinator
- Other eligible recipients
- Disclosures made by email
- Making an anonymous whistleblower disclosure
- Reporting format
- External Reporting - Disclosures to ASIC, ATO, APRA
- External Reporting - Public Interest Disclosures to IBAC in Victoria
- Protections available to whistleblowers
- Identity protection
- Detriment
- Legal advice
- Investigation process
- Communication
- Support available to whistleblowers
- Employee Assistance Program
- Training
- Publication
- Reporting
- Breach of Policy
- 6. Roles and responsibilities
- 7. Definitions
- POLICY APPROVER
- POLICY STEWARD
- REVIEW
- VERSION HISTORY
11. Objectives
1.1. The University is committed to the highest standards of ethics and integrity in our organisation and does not tolerate fraud, corruption, misconduct, criminal or improper conduct. We understand that this is crucial to our continued success and reputation in the delivery of our mission.
1.2. The University’s Whistleblower Policy is an important element in detecting corrupt, illegal or other undesirable conduct. The University strongly encourages you to speak up if you suspect or witness any matters of concern.
22. Scope
2.1. This policy explains the protections available to whistleblowers, what matters are reportable, how you can report your concern without fear of detriment and how the University will support and protect you.
2.2. Personal work related grievances are generally not covered by this policy. Clause 4.5 below explains how you can raise personal work related grievances. The University of Melbourne undertakes activity in many countries. You can make a disclosure regardless of where you are located or where the conduct is occurring. This policy is subject to the laws that apply in those countries which means that in some cases, disclosures made under this policy may be handled differently according to legislation or regulation in that country.
2.3. Regardless of the applicable law, the University will at least apply the protections relating to confidentiality and detriment to everyone who makes a disclosure under this policy.
2.4. This policy applies to the University of Melbourne and those of its subsidiaries that have adopted the policy.
2.5. Controlled entities must adopt and implement this policy, with appropriate amendments, or a policy which is equivalent to this policy in all material respects.
2.6. For a controlled entity that adopts this policy, references to the University, are deemed to be references to the controlled entity, or to both the controlled entity and the University, as the context requires.
33. Authority
3.1. This policy is made under the University of Melbourne Act 2009 (Vic) and the Vice-Chancellor Regulation and has regard to the relevant legal requirements and current best practices relating to the protection of whistleblowers in the following:
(a) Corporations Act 2001 (Cth);
(b) Taxation Administration Act 1953 (Cth);
(c) Treasury Laws Amendment (Enhancing Whistleblower Protections) Act 2019;
(d) ASIC’s Regulatory Guide 270 Whistleblower Policies;
(e) Public Interest Disclosures Act 2012 (Vic);
(f) Independent Broad-based Anti-corruption Commission Act 2011 (Vic);
(g) Ombudsman Act 1973 (Vic).
44. Policy
4.1Protection
4.1. You can use this policy to disclose reportable conduct. Reportable conduct is defined in 4.4.
4.2. At law certain additional protections may apply to current and former employees, officers (including council members, directors and secretaries), contractors, volunteers, secondees, suppliers (including their employees), Associates of the University or relatives, dependents or spouses of any of these people who disclose reportable conduct in the manner set out in clause 5.
4.2Excluded parties
4.3. This policy does not apply to students or third parties unless they are also an individual listed in 4.2. Students should refer to information on the University website.
4.3Reportable information
4.4. Under this policy reportable conduct is anything that an individual has reasonable grounds to suspect, in relation to the University, is:
(a) misconduct or an improper state of affairs;
(b) conduct that constitutes a contravention of laws specified in the whistleblower laws or other Commonwealth laws that are punishable by imprisonment for a period of 12 months or more; or
(c) conduct that represents a danger to the public or the financial system.
Examples include but are not limited to:
(a) Illegal conduct, such as theft, violence or threatened violence and criminal damage against property;
(b) collusion, theft, fraud;
(c) offering or accepting a bribe;
(d) financial irregularities;
(e) failure to comply with, or breach of, legal or regulatory requirements;
(f) engaging in or threatening to engage in detrimental conduct against a person who has made a disclosure or is believed or suspected to have made or be planning to make a disclosure;
(g) serious or systemic breaches of the research integrity policy;
(h) modern slavery or human trafficking;
(i) conduct indicative of systemic issues, dishonest or unethical behaviour or practices;
(j) concealment of any wrongdoing;
(k) a serious breach of any internal University policy including the Workplace Behaviours Policy.
Reportable conduct excludes personal work-related grievances as described below.
4.4Personal work-related grievances
4.5. A personal work-related grievance is typically a report of behaviour that has implications for an individual personally and does not have significant or broader implications for the University.
Examples include:
(a) an interpersonal conflict between you and another Employee, or
(b) a decision relating to your employment or engagement, such as a transfer, promotion or disciplinary action;
unless the complaint is about your victimisation as a whistleblower.
4.6. Personal work-related grievances must be raised with your one-up manager or HR representative or reported via the Inappropriate Workplace Behaviour line.
4.7. Section 1317AADA(2) of the Corporations Act 2001 (Cth) provides further guidance as to the definition of a personal work-related grievance.
55. Procedural principles
5.1Making a whistleblower disclosure
5.1. Reportable conduct may be disclosed through the following channels.
5.2Whistleblower portal
5.2. The University has established a confidential Whistleblower Portal available online at https://uom.elker.com/report.
5.3. For the purposes of this policy to ensure appropriate and timely handling and investigation we request that disclosures are made through the Whistleblower Portal.
5.4. The Whistleblower Portal is secure and confidential and enables anonymous disclosures.
5.3University Whistleblowing Committee
5.5. Reportable conduct can be disclosed directly to any member of the University’s Whistleblowing Committee namely:
(a) General Counsel & Executive Director Legal & Risk (Chair);
(b) Chief Human Resources Officer;
(c) Director, Risk & Assurance;
(d) Director, Office of Research Integrity and Ethics;
(e) Academic Registrar.
5.4Whistleblower Disclosure Coordinator
5.6. The General Counsel & Executive Director, Legal and Risk is the University’s Whistleblower Disclosure Coordinator and Chair of the Whistleblowing Committee.
5.5Other eligible recipients
5.7. Other internal individuals who are eligible to receive disclosures include:
(a) University Council Members and members of the University Executive;
(b) An Officer or Senior Manager of the University;
(c) Internal and external auditors; or
(d) For tax matters, officers with functions relating to the University’s tax affairs.
5.8. While you can qualify for protection by reporting matters to the above listed eligible recipients, such disclosures will be referred to the Whistleblower Committee for appropriate investigation, unless there are exceptional circumstances.
5.9. Disclosures to an eligible recipient, including via the Whistleblower Portal may be provided to the Whistleblower Committee or any member of that committee.
5.10. If a disclosure relates to or may give rise to a conflict with:
(a) A member of the Whistleblower Committee, that disclosure should be made to the Vice Chancellor or the Chair of the Whistleblowing Committee;
(b) The Vice Chancellor or a member of University Council, that disclosure should be made to the Chancellor;
(c) The Chancellor, that disclosure should be made to the Chair of the Audit and Risk Committee.
5.6Disclosures made by email
5.11. Disclosures made by email may be accessible to people who have access to the mailbox of the intended recipient of the email. If you make a disclosure by email, you consent to your email potentially being accessed by others, noting that any employee, officer or contractor who becomes aware of a disclosure must comply with all aspects of this policy including the confidentiality requirements.
5.7Making an anonymous whistleblower disclosure
5.12. You can choose to make your disclosure anonymously and if so, you will still be protected under the whistleblower laws. However, requiring complete anonymity may practically make it more difficult for us to investigate the issue or take the action we would like to take.
5.8Reporting format
5.13. Useful details that assist us to investigate the issue or take action include:
(a) Date, time and location;
(b) Names of person(s) involved, roles and their division;
(c) Your relationship with the person involved;
(d) The general nature of your concern;
(e) How you became aware of the issue; and
(f) Other information that you have to support your disclosure.
5.9External Reporting - Disclosures to ASIC, ATO, APRA
5.14. While the University encourages individuals to make disclosures under this policy, a person may also choose to make a disclosure directly to a regulator in the relevant jurisdiction.
5.15. In Australia ASIC, ATO and APRA are able to receive disclosures relating to reportable conduct that qualify for protection under the whistleblower laws.
5.10External Reporting - Public Interest Disclosures to IBAC in Victoria
5.16. In Victoria, IBAC is able to receive disclosures under the Public Interest Disclosures Act 2012 (Vic) relating to improper conduct which includes corrupt conduct and criminal conduct by public bodies or officers (“Victorian Scheme”).
5.17. The University is a public body for the purposes of the Public Interest Disclosures Act 2012 (Vic).
5.18. Anyone can make a public interest disclosure under the Public Interest Disclosures Act 2012 (Vic). A public interest disclosure must be made directly to IBAC. The University of Melbourne is not authorised to directly receive public interest disclosures.
5.19. Information about what can be reported, what happens if you make a report to IBAC and what protections may be available under the Victorian scheme is available from the IBAC website.
5.11Protections available to whistleblowers
5.22. A number of protections are available to an individual who discloses reportable conduct that qualifies for protection under the whistleblower laws including:
(a) protection of your identity and information disclosed (refer 5.25 and 5.26;
(b) protection against legal action;
(c) protection from detriment and reprisals (refer 5.27 and 5.28);
(d) compensation and other remedies.
5.23. A disclosure may also still qualify for protection if it turns out to be incorrect.
5.24. You could lose these protections if:
(a) your misconduct is revealed by the disclosure;
(b) you do not have reasonable grounds for making the disclosure;
(c) you disclose information to someone who is not an eligible recipient.
5.12Identity protection
5.25. If you make a disclosure, your identity (or information that could identify you) will only be shared where:
(a) you provide consent; or
(b) the University is permitted, or otherwise required by law.
5.26. The Whistleblower Disclosure Coordinator (or delegate) does not need your consent to share your disclosure if:
(a) the information does not include your identity;
(b) the University has taken all reasonable steps to reduce the risk that you will be identified from the information; and
(c) it is reasonably necessary for investigating the issues raised in the disclosure.
5.13Detriment
5.27. The University understands that individuals may be concerned about possible repercussions from reporting a concern. The University has no tolerance for any form of reprisal against or victimization of a person making a disclosure under this policy.
5.28. Any person who carries out or threatens reprisals will be subject to disciplinary action (including potential termination of employment) and in some circumstances, may also be subject to criminal liability.
5.14Legal advice
5.29. If you seek legal advice from a qualified legal practitioner in relation to the operation of the whistleblower provisions in the Corporations Act a disclosure of reportable conduct will also be protected.
5.15Investigation process
5.30. The University has appointed a Whistleblower Disclosure Coordinator to handle disclosures under this policy.
5.31. Once a disclosure is received, the Whistleblower Disclosure Coordinator (or delegate) will assess the disclosure carefully and seriously to determine whether it qualifies for protection and whether a formal investigation is required.
5.32. Either the Whistleblower Disclosure Coordinator (or delegate) or the Whistleblowing Committee will consider the nature and scope of the investigation, who should lead the investigation (internal or external), and the nature of any technical, financial or legal advice that may be required to support the investigation.
5.33. The Chair of the Whistleblowing Committee has oversight of investigations conducted under this policy.
5.34. The University may, in certain limited cases, refer the matter for investigation to a more appropriate body such as the Australian Federal Police, IBAC or the Australian Tax Office.
5.35. The University recognises the importance of ensuring employees mentioned in a disclosure are also treated fairly, including those who are the subject of a disclosure.
5.36. While a disclosure of reportable conduct may vary, all investigations will:
(a) Follow a fair and objective process;
(b) Be conducted as quickly and efficiently as circumstances permit;
(c) Determine whether there is enough evidence to substantiate the matters reported;
(d) Be independent of the person(s) concerned with the allegations.
5.37. Anyone approached as part of an investigation is required to provide assistance in a discreet and timely manner and to maintain confidentiality of the whistleblower’s identity (if known) at all times. Everyone involved in a whistleblowing investigation must maintain confidentiality and security and may commit an offence under the Corporations Act if they fail to do so.
5.16Communication
5.38. The University will provide feedback as appropriate on the progress and expected timeframes of the investigation and will notify you once an investigation has been completed. However, there are circumstances where it may not be appropriate for us to disclose details of the outcome of the investigation.
5.17Support available to whistleblowers
5.39. The University recognises that making a disclosure under this policy can be a difficult thing to do.
5.40. Although the University will endeavour to support all whistleblowers, it will not be able to provide the same practical support to non-Employees that it provides to current employees. Consequently, the processes in this policy will be adapted and applied to the extent reasonably necessary.
5.41. The University will support you where you have concerns about detrimental conduct or the investigation process.
5.18Employee Assistance Program
5.42. The University has established an Employee Assistance Program (EAP) that is available to University employees and their families and which provides professional, confidential coaching and support. Information on how to contact the EAP is available via the University Staff Hub.
5.19Training
5.43. The University will provide training about this policy for employees and officers and for individuals who may receive a disclosure under this policy.
5.20Publication
5.44. This policy is published on the University website and intranet and is accessible to all University employees, officers and members of the public.
5.21Reporting
5.45. The Chair of the Whistleblowing Committee will provide regular reports to the Audit and Risk Committee of Council on material incidents and on the operation of the Whistleblowing Policy.
5.22Breach of Policy
5.46. Failure to comply with this policy may lead to disciplinary action. This may include termination of employment or engagement. Failure to comply with relevant legislation may lead to personal liability.
66. Roles and responsibilities
| Role/Decision/Action | Responsibility | Conditions and limitations |
| General Counsel or delegate | In accordance with this policy |
| Eligible recipients | In accordance with this policy |
| Whistleblower Disclosure Coordinator or delegate | In accordance with this policy |
| Whistleblowing Committee. | In accordance with this policy |
77. Definitions
APRA means the Australian Prudential Regulation Authority.
ASIC means the Australian Securities and Investments Commission.
Associate is an individual who is an associate (as defined in the Corporations Act 2001 Cth) of any Related Body Corporate of the University, including a director or secretary of a Related Body Corporate.
Commonwealth laws means:
(a) the Corporations Act 2001 (Cth);
(b) the Australian Securities and Investments Commission Act 2001 (Cth);
(c) the Banking Act 1959 (Cth);
(d) the Financial Sector (Collection of Data) Act 2001 (Cth);
(e) the Insurance Act 1973 (Cth);
(f) the Life Insurance Act 1995 (Cth);
(g) the National Consumer Credit Protection Act 2009 (Cth);
(h) the Superannuation Industry (Supervision) Act 1993 (Cth); and
(i) an instrument made under any of the above Acts.
Controlled entities means all entities that are subject to the control of the University in terms of section 50AA of the Corporations Act 2001 (Cth).
Detriment is negative action taken against any person who in good faith, makes a Whistleblower disclosure or assists or participates in an investigation of the disclosure and as a result suffers detriment.
Examples of detriment can include, but are not limited to:
(a) dismissal of an Employee or alteration of an Employee’s position/duties to their disadvantage, or negative performance feedback that is not reflective of actual performance;
(b) any form of harassment, discrimination, intimidation, harm or injury (including psychological harm, reputational damage, damage to your business or financial position);
(c) threats to cause detriment.
Eligible recipient means a person authorised under the Commonwealth law. It includes:
(a) officers or senior managers of the University (refer below);
(b) The University’s auditor, actuary or tax agent;
(c) Any person authorised by the University to receive disclosures that qualify for protection.
Officer is defined in the Corporations Act 2001 and in the University this is taken as meaning a member of University Council and the University Secretary. In respect of a related body corporate this includes a director or company secretary.
Senior manager is defined in the Corporations Act 2001 (Cth) as ‘any person in the company who makes or participates in making, decisions that affect the whole or a substantial part of the business of the company or who has the capacity to significantly affect the organisation’s financial standing. In the University this is generally taken to mean a member of University Executive.
Employee means full-time, part-time and casual employees of the University.
IBAC means the Independent Broad-based Anti-corruption Commission.
Related body corporate means a related body corporate as defined in the Corporations Act (Cth) and includes the University’s subsidiaries listed here.
Victorian law means the Victorian legislation that provides for whistleblower disclosures (called public interest disclosures) to report certain conduct about or involving the University, mainly contained in the Public Interest Disclosures Act 2012 (Vic).
Whistleblower Laws means Part 9.4AAA of the Corporations Act 2001 (Cth) and Part IVD Protection for Whistleblowers of the Taxation Administration Act 1953.
Whistleblower disclosure coordinator is the General Counsel or delegate.
8POLICY APPROVER
Vice-President (Administration & Finance) and Chief Operating Officer
9POLICY STEWARD
General Counsel and Executive Director, Legal and Risk
10REVIEW
This policy is to be reviewed by 23 August 2025.
11VERSION HISTORY
| Version | Approved by | Approval Date | Effective Date | Sections modified |
| 1 | Vice-President (Administration & Finance) and Chief Operating Officer | 23 December 2019 | 1 January 2020 | New policy |
| 2 | N/A | N/A | N/A | Created in error. |
| 3 | General Counsel & Executive Director, Legal & Risk | 6 December 2021 | 15 December 2021 | Updated and added links to Whistleblower Portal. |
| 4 | Vice-President (Administration & Finance) and Chief Operating Officer | 23 August 2022 | 23 August 2022 | Substantial changes throughout and major review completed. |