The Federal Court of Australia has handed down a landmark decision against TerraCom Limited, imposing a A$7.5 million penalty and A$1 million in costs after the coal miner admitted to breaching Australia’s strengthened whistleblower protections.
This case underscores how quickly whistleblowing issues can escalate from internal HR matters to multi-million dollar penalties and reputational crises. For compliance professionals, it’s a reminder that bribery risks and whistleblower protections are deeply intertwined: cover-ups, retaliation, or misleading communications may magnify—not minimise—corporate liability.
This case: ASIC v TerraCom Ltd (No 3) [2025] FCA 1017, marks the Australian Securities and Investments Commission’s (ASIC) first successful enforcement outcome under the updated whistleblower regime. Beyond its headline penalty, it provides an essential case study in how retaliation against whistleblowers, even through market announcements and shareholder communications, can amount to unlawful victimisation. For compliance professionals, the decision highlights the intersection of corporate bribery risks, ESG compliance, and whistleblower frameworks.
The whistleblower and the allegations
In 2019, Justin Williams, TerraCom’s Commercial General Manager, raised serious concerns about the manipulation of coal quality test results. He alleged that test certificates issued by ALS, TerraCom’s independent lab, were being unjustifiably altered to show more favourable results. These certificates were then used to invoice customers, raising suspicions of corporate bribery and fraud in international trade.
PricewaterhouseCoopers (PwC) was engaged to investigate. Its report did not dismiss Williams’ allegations as unfounded, noting unexplained discrepancies between lab reports and invoices. Despite this, TerraCom went on the offensive.
Between February and April 2020, TerraCom issued three public statements, including an ASX announcement and an open letter published in the AFR and The Australian, branding Williams’ claims as false, linking him to financial demands, and implying he was motivated by personal gain.
The court’s findings of corporate wrongdoing
Justice Jackman found that TerraCom’s announcements caused Williams detriment in the form of humiliation, distress, and reputational damage. The Court noted:
- TerraCom misrepresented the PwC findings by claiming his allegations were baseless, when in fact they were at least partially supported.
- The company portrayed him as someone making unfounded accusations for financial benefit.
- Senior leadership, including the CEO and CFO, were directly involved in approving these communications.
The contravention was deliberate, spanned multiple public statements, and arose directly from TerraCom’s suspicion that Williams had made a qualifying disclosure.
At its core, TerraCom’s failure was not just about manipulated coal quality reports, it was about how the company chose to respond when those allegations surfaced. Instead of engaging transparently with the whistleblower’s concerns, TerraCom mounted a public counterattack.
TerraCom’s ASX announcements and the open letter went far beyond defending the company. They portrayed Justin Williams as a disgruntled former employee making false allegations for personal gain, referencing a confidential $5 million mediation demand, and linking him to failed claims at other companies. By doing so, TerraCom crossed the line into victimisation, causing the whistleblower humiliation and reputational harm.
TerraCom told shareholders and the market that an independent investigation had cleared its executives. In reality, the PwC report did not find the allegations “unfounded” it identified inconsistencies and did not rule out misconduct. This selective framing created a misleading impression, undermining transparency and trust.
The judgment highlights that TerraCom’s CEO and CFO were directly tied to both the events and the company’s public statements. This places the misconduct squarely at the highest levels of governance, reinforcing the seriousness of the breach.
Taken together, these actions amounted to retaliation against a protected whistleblower, breaching section 1317AC(1) of the Corporations Act. They also demonstrated a governance culture more focused on defensiveness and reputation management than on integrity and compliance.
Why this matters for compliance teams
Whistleblower protections are non-negotiable
The Court reaffirmed that whistleblowers are protected even where allegations are later unproven or partially supported. Retaliation, whether intentional or through “tone and content,” risks heavy penalties. Compliance teams must train executives and comms teams on these rules.
Corporate bribery risks are embedded
The case is as much about corporate bribery risk as whistleblowing. Manipulating test results for export coal invoices is a red flag for:
- Foreign bribery exposure, if altered data is used to mislead overseas counterparties.
- Tariff and tax evasion risks, if misrepresented coal quality leads to altered customs duties.
- Fraud offences under Australian and foreign law.
The cost of non-compliance is rising
The $7.5m fine represented 30% of the statutory maximum penalty. ASIC explicitly framed this as necessary deterrence, sending a signal that retaliation against whistleblowers is not just reputationally risky, but a serious financial liability.
Red flags for compliance teams
This case highlights several red flags compliance teams should actively monitor:
Manipulation of third-party testing data (e.g. labs, auditors, certifiers).
Public rebuttals of whistleblower claims that go beyond fact-sharing into personal attacks.
Board-level involvement in downplaying allegations, especially in shareholder communications.
Failure to disclose partially supportive findings from internal or external investigations.
Patterns of redundancy or dismissal coinciding with whistleblowing activity.
Protecting your business from bribery and whistleblowing failures
Review and strengthen whistleblower frameworks
- Ensure the company has a robust whistleblower policy aligned with statutory obligations.
- Train executives and investor relations teams on the legal boundaries of public disclosures.
- Establish independent escalation channels for handling whistleblower complaints.
Enhance anti-bribery controls
- Audit reliance on third-party testing and certification.
- Deploy random checks to validate external lab or auditor results.
- Ensure accurate and consistent reporting between operational data and customer invoices.
Review governance of crisis communications
- Require legal and compliance pre-clearance before issuing market-sensitive announcements.
- Avoid “emotive” or “defamatory” language when addressing allegations.
- Focus on transparency and accuracy rather than reputational defence.
