Get in touch

The $7.5 Million Wake-Up Call: Why the TerraCom Case Should Scare Complacent Boards

If you're a board member or senior exec still thinking that a whistleblower policy on the intranet is enough... this is your wake-up call.
Contact us

 

Last month, TerraCom Limited was hit with a $7.5 million penalty after the Federal Court found it breached whistleblower protection laws under the Corporations Act. It’s not just a slap on the wrist. It’s the first successful prosecution of its kind since the strengthened laws came into effect in 2019.

This decision isn’t just legal history. It’s a message — loud and clear — to every company in Australia: You can no longer afford to treat whistleblower protections as a box-ticking exercise.

Here’s what actually happened

A former employee of TerraCom raised serious concerns internally. Instead of treating the disclosure with the confidentiality and care required under the law, the company sacked the employee before embarking on a PR campaign to publicly discredit him. ASIC took action. The Federal Court agreed.
 
That $7.5 million penalty? It’s not just about the money. It’s about the precedent.
 
This is the regulator flexing — and rightly so. Because when organisations retaliate against people who speak up, they don’t just break the law. They break trust.
 
If you want to read ASIC’s announcement you can find it here: 25-179MR TerraCom to pay $7.5 million after ASIC whistleblower action | ASIC
 

A policy isn’t a program

This is the part that should make every CEO, CPO, GC, and CRO pause.
 
Most organisations do have a whistleblower policy. Some have even rolled out mandatory training or updated their codes of conduct.
 
But when the rubber hits the road. When someone actually raises a serious concern and one that qualifies as a protected disclosure – the cracks start to show.
  • Disclosures aren’t properly assessed to determine if they qualify as a protected disclosure of reportable conduct under the Act.
  • Investigations aren’t conducted appropriately or thoroughly enough given the seriousness of the issue – they can be rushed, biased, or worse, led by the very people implicated in the complaint (yes this does happen!)
  • Confidentiality gets compromised through careless internal chatter or clumsy handling. Such a simple concept yet hard to get right.
  • And whistleblowers are left isolated, unsupported, and exposed.
 
Sound familiar?
 
Here’s the thing: Having a policy is a start. But it’s the system around it that really matters.
 
Most policies are overly complex, wordy and prescriptive. Worse still too few organisations have gone to the next level of creating a whistleblower procedure for how matters will be assessed, investigated and managed.
 
The TerraCom case proves that regulators are no longer interested in what’s written in your policy. They’re looking at how you act when the stakes are high.
 

What does ‘good’ actually look like?

It’s not complicated. But it does require intent.
 
A well-run whistleblower program should include:
  • Internal and external reporting channels including the ability for people to make anonymous disclosures and engage in two-way communications with investigators.
  • Clearly identified key roles such as a Whistleblower Protection Officer (WPO), Whistleblower Investigations Officer (WIO) or simply a Whistleblower Officer (WO).
  • Clear triage and assessment protocols to determine if a report is a qualifying protected disclosure, tight SLAs for making an assessment and a risk assessment to ensure the whistleblower is supported and that any potential or actual conflicts are identified and managed in advance.
  • Independent investigations, free from bias or conflicts of interest and performed by a suitably experienced and capable professional.
  • Ongoing support mechanisms for whistleblowers — before, during, and after the process.  Think Whistleblower Protection Officer (WPO) and your Employee Assistance Program (EAP) for starters.
  • Rigorous confidentiality protections, not just lip service.
  • And most importantly, leaders who walk the talk — creating a culture where raising concerns is seen as a strength, not a threat.
 
Because at the end of the day, whistleblowers are not the problem and shouldn’t be seen as the problem.
 
They’re your early warning system. They flag potential risks and issues before they become full blown crises. But only if they feel safe enough to come forward.
 
Too often I hear resistance from senior executives or boards about a rise in complaints from whistleblowers if they lean into this process but the thing is, whilst you may receive some unfounded complaints or even vexatious complaints from time to time so what? If you have a robust whistleblower and investigations system in place, you will easily be able to identify and deal with those.
 
The better question executives and boards should be asking themselves is: “What are we not hearing about?” by not prioritising a more robust speak up program that is supported with frequent and clear messaging from the leadership team.
 
Check how your current Whistleblower Program stacks up with our 2 min quiz (click here: https://coreintegrity.scoreapp.com)
 

Doing nothing is not an option

The TerraCom judgment is already being talked about in boardrooms and legal teams across the country. But talk is not enough.
 
Now is the time to look under the hood of your current whistleblower setup and ask the hard questions:
  • Do we actually know what happens when someone speaks up? Beyond simply taking the report and assessing it as a protected disclosure, do we actually have confidence that the organisation will respond the right way, the first time?
  • Are we confident our processes stack up if regulators came knocking? Can we show a regulator our documented triage and assessment process, our risk assessment process and underlying investigation manual or procedure for how we deal with protected disclosures?
  • Are key executives across the business aware of our processes? Have we established a dedicated Whistleblower or Speak Up Committee that is responsible for, and has oversight, of how the organisation manages protected disclosures, the timeliness of whistleblower investigations and the application of sanctions, monitors trends and insights, cross-checks other organisational initiatives to ensure there is no conflict (such as planned redundancies)?
  • Have we stress-tested our program (not just the policy) end to end? When was the last time you had an expert come in and perform an end-to-end review of your whistleblower program not just your policy?
 
If you’re not sure, that’s a risk. A real one.
 
The solution is pretty simple.
 

Invest in a Whistleblower Program Review

We help organisations move beyond policy into practice — building end-to-end whistleblower programs that protect people, ensure independence, and comply with the law (not just on paper). It’s what we’ve been doing for years — before TerraCom made headlines.
 
If you’re serious about getting it right, we’ll help you audit your current setup and close the gaps fast.

Book a confidential call with us and let’s make sure your program is actually protecting your people and your business.

Contact us here
Facebook Instagram Twitter Linkedin
How good is your Whistleblower Program?
Take the quiz

Get your score in under 2 minutes

CI-Integrity-Advisory@2x

How good is your Whistleblower Program?

Get your score in under 2 minutes

Take the quiz

Let's chat

Leave us a message and we will get back to you to book a meeting:


 
 
 
 
 
 
 
*Required fields

Are you looking to submit a report? Please click here.

Call Now Button