When a charitable entity doubles as a corporate Rolodex, the philanthropy starts to look like infrastructure.
Twenty-six million dollars in charitable donations since 2002. Health, education, community initiatives. On paper, an unblemished record of corporate philanthropy. But then, nobody reads the fine print on a foundation brochure. Not until they have a reason to.
What’s more interesting is who keeps showing up.
A single entity, tucked inside the corporate group, connects names that appear elsewhere in the story – across the oversight committees, the law firms, the investigation, and the employer of the person who raised concerns in the first place.
These connections do not appear to be disclosed in the annual report.
The charitable entity’s public filings reveal a board that reads less like a governance structure and more like a point of intersection. The company’s General Counsel – who also holds the title of General Manager, Corporate Security – sits alongside a non-executive director who also serves on the board of the complainant’s current employer. That director spent more than two decades at a law firm that assisted in the very merger transaction that brought the company into its current form. His personal website – for a consulting and speaking practice he operates separately – lists the company’s predecessor brand as a client.
Nobody files a conflict of interest declaration for a charitable board seat. In most circumstances, nobody needs to.
The General Counsel is not a peripheral figure in the whistleblower process. Under the company’s own published Whistleblower Policy, the Whistleblower Protection Officer is the General Manager, Corporate Security – the same title she holds. That role receives reports of improper conduct, appoints the external investigator, and manages the investigation. She also sits on the company’s Audit and Risk Committee – the committee that approved the Whistleblower Policy. And she sits on the Compliance Committee responsible for developing it.
She also sits on the board of the same charitable entity as the director described above – the one with three connections to the company, its predecessor entity, and its foundational transaction that do not appear to have been disclosed to the complainant.
She has held various positions within the company and its predecessor for more than seventeen years – predating the merger, predating the complainant’s employment, and predating every event in this story. She is not a recent appointment to a governance role. She is the architecture.
One would naturally expect a documented conflict management framework of the kind contemplated by ASIC’s Regulatory Guide 270.
The Investigator’s Pedigree
When an external investigator is appointed to examine protected disclosures, the selection is supposed to signal independence. Band 1 credentials, blue-chip pedigree, decades of experience navigating the intersection of corporate misconduct and regulatory scrutiny.
The investigator was presented as having no prior relationship with the company. The company, of course, didn’t always exist in its current form. Before the $15 billion merger that created it, a predecessor entity required Federal Court clearance – over the objection of the ACCC. The law firm that secured that clearance published a case note celebrating the result. It named its team. Among the partners listed was a litigation partner – quoted in the note, credited with the win, photographed for the brochure. That partner later departed the firm. He now practises elsewhere. His subsequent role and client relationships raise a question as to whether any prior involvement warranted disclosure as part of a robust conflicts assessment.
A robust conflicts process would ordinarily surface this history – and assess whether it warrants disclosure. Whether any such assessment was conducted is a question only the company can answer. Whether the complainant was informed is a question the complainant already has.
The Family Business of Fact-Finding
Australia’s whistleblower framework assumes that investigations will be conducted at arm’s length. Independent investigator. Independent process. Independent findings.
What the framework doesn’t regulate is who the investigator brings into the room.
When the complainant sat for an interview with the external investigator, he was not alone. A second person attended on the investigator’s side. No prior notice was given. No explanation was offered. No consent was sought. The complainant was not told who this person was, or on whose authority they were present. Whether the attendee was a colleague, an associate, or someone the investigator didn’t need to look far to find is a question he is welcome to clarify. One would expect there to be a file note.
The company’s own Whistleblower Policy commits to maintaining records of meetings and interviews “including details of those who attended.” Whether those records reflect this attendance – and in what terms – is a question the company can answer at a time of its choosing.
The policy also commits to ensuring that “confidential information regarding the investigation should only be communicated on a need-to-know basis.” One assumes the undisclosed attendee satisfied that threshold. One would be curious to see the documentation.
In corporate Australia, where professional relationships often overlap with personal ones, the line between “colleague” and “connection” can be remarkably thin. The question isn’t whether those overlaps exist. They always do.
The question is whether anyone discloses them.
The Other Network
The company builds networks. The more fascinating one is human.
At the centre of the chronology is a phone call. Not to a regulator. Not to a legal team. The company’s CEO, the day after a protected disclosure was formally acknowledged, personally contacted a board member of the complainant’s current employer.
The complainant’s employer assured him his position was not under review and advised him not to be concerned. One might pause to consider why that assurance was necessary. Phone calls from ASX-listed CEOs to board members of unrelated companies do not ordinarily require the recipient’s employer to reassure a staff member about their job security. Unless, of course, the nature of the call made job security a reasonable concern.
The complainant was then encouraged to contact the board member directly – to explore whether he might be able to help resolve the matter. He was, in effect, pointed toward the one person on his employer’s board with three undisclosed connections to the company on the other side of the dispute – connections his employer had no apparent reason to know about. Resolution was never a realistic prospect. The response confirmed as much.
That board member spent more than two decades at a law firm that assisted in the merger transaction that created the company. His personal consulting and speaking website lists the company’s predecessor brand as a client. Three connections to the company and its predecessor, none of which appear to have been disclosed to the complainant. Not before the phone call. Not after. Not at any point during the process that followed.
The board member’s response, relayed to the complainant, was to decline involvement entirely. No disclosure of his connections to the company. No disclosure of his decades-long association with a firm embedded in the company’s foundational transaction. No disclosure of the predecessor brand sitting on his own consulting website. Just a polite step backwards – the kind of response that takes on a different character once the surrounding context is understood.
A person with no apparent connection might reasonably be expected to ask why a telco CEO was calling them about a customer dispute. A person with three connections doesn’t ask that question. He doesn’t need to. What he needs to do – and what he didn’t do – is disclose them.
The investigator was appointed through a process overseen by the same individual who sits on the charitable entity’s board, who holds the designated Whistleblower Protection Officer role, who sits on the Audit and Risk Committee that approved the policy governing the process, and who sits on the Compliance Committee that developed it. Those roles don’t merely intersect. They converge – in a single person.
Former colleagues from the same firms. Directors from the same foundations. Lawyers from the same transactions. Different entities, different hats, different capacities – but always within reach of the same governance process. Always within one degree of the same charitable entity. And, on the material available, apparently undisclosed.
But then, corporate Australia is a small world. Everyone knows everyone. Nobody needs to declare anything. And if the same names keep appearing in different configurations around the same whistleblower process – well, that’s just networking. Isn’t it.
Independence isn’t the absence of a formal conflict. It’s the absence of a reasonable perception that the outcome could be influenced by relationships outside the process. ASIC’s guidance is clear on this point.
When the connections between the people managing, overseeing, and investigating a complaint can be traced through a single entity’s public records, the perception of independence becomes – to use the most charitable available description – at least open to serious question.
The Protocol That Wasn’t
The company’s own Whistleblower Policy – Version 4, approved September 2024, publicly available on its corporate website – commits to appointing investigators with no “conflict of interest in relation to the matters raised.” It promises “transparent communication.” It commits to telling the complainant “who is handling the matter” and “how you can contact them.” It references ASIC Regulatory Guide 270 in its compliance framework. The previous version was specifically updated in December 2023 to “ensure alignment” with that guide.
Curiously, Version 4.0 – the version in effect during the complainant’s disclosures – does not appear from the version control record to have been formally approved by the Audit and Risk Committee. The version control table records it as “to be noted at the next ARC meeting.” Versions 1.0, 2.0, and 3.0 all received formal approval. The version governing an active whistleblower process did not. Whether the committee has since noted it, and what they made of the process it was being used to govern, is unknown.
RG 270 contemplates that companies handling protected disclosures will implement conflict management frameworks – documented, disclosed, and available to the persons affected by them.
Through the company’s authorised external disclosure channel, the complainant requested confirmation that such protocols were in place.
No confirmation was provided.
Not “we’ve reviewed it and we’re satisfied.” Not “here’s the framework.” Nothing.
The policy promises “prompt action and transparent communication.” Five months after the complainant’s first disclosure, the only communication received about conflict management protocols was silence. One wonders what the policy’s drafters meant by “prompt.”
The Whistleblower Policy identifies the Whistleblower Protection Officer as the General Manager, Corporate Security. The person who holds that title is also the company’s General Counsel. She sits on the Audit and Risk Committee that approved the policy. She sits on the Compliance Committee that developed it. And she sits on the board of the charitable entity alongside the director with three undisclosed connections to the complainant’s employer.
Her own professional profile describes her as the escalation point for “regulatory inquiries, investigations and litigation” within the company. The complainant’s disclosures have generated an OAIC complaint, a TIO complaint, a TIO Systemics referral, and prospective Federal Court proceedings. One wonders whether the escalation point and the subject of the escalation have ever crossed paths in the same meeting. It would be remarkable if they hadn’t. It would be even more remarkable if anyone minuted it.
The person who wrote the policy. The person who approved it. The person who administers it. And the person whose own board relationships raise the very perception issue the policy was designed to manage.
One assumes impeccable separation of functions. The public record makes that assumption difficult to sustain.
The Question Nobody Asked
The charitable entity reports genuine good. Nobody suggests otherwise.
But entities like these invariably serve a dual purpose. They are vehicles for philanthropy, and they are vehicles for relationships. Low-profile positions that connect people across corporate boundaries without the scrutiny that attaches elsewhere.
Nobody files a conflict of interest declaration because they share a directorship on a charitable board. Nobody asks whether the relationships running through a philanthropic subsidiary might be relevant to a governance process happening somewhere else entirely.
Perhaps they should.
Because when you trace the lines – from the entity to the firms, from the firms to the companies, from the companies to the individuals, and from the individuals to the events that brought a $50 billing error to the doorstep of the Corporations Act – the picture that emerges is not one of conspiracy.
It’s one of proximity. Of infrastructure. Of a culture where a single charitable entity connects the person who appoints the investigator, the person who approved the policy governing the investigation, the person who developed that policy, and a person embedded in the complainant’s own workplace – a person with three separate, undisclosed connections to the company, its predecessor brand, and its foundational transaction. A person who, when called directly by the CEO the day after a disclosure was acknowledged, declined to engage – without disclosing a single one of those connections.
When the only phone call in the entire chronology went not to a regulator, not to a legal team, but to the one director sitting at the intersection of all three – the question isn’t whether the connections are improper.
It’s whether anyone disclosed them.
And when the documentary record of how that phone call came to be made – who suggested it, who authorised it, what was said, and what was intended – is eventually examined with the care it deserves, the company may wish it had answered the question when it was first asked. Politely. Through the proper channels. Before the Corporations Act became involved.
Someone asked.
📨 Right of Reply
All parties who consider themselves referenced in this article – including any company, entity, director, officer, adviser, or individual – are invited to provide clarification, comment, or correction in relation to any matter raised.
This invitation extends to any person or entity who considers that the publicly available records discussed in this article relate to them or their professional conduct. The author welcomes any response that provides additional context, corrects any factual matter, or offers an alternative interpretation of the public records examined.
Verified responses can be sent to vodafailed@gmail.com and will be published in full and in context, without editorial distortion, subject to legal and privacy considerations, alongside the original article, to ensure readers have access to all perspectives.
This right of reply remains open indefinitely.
⚖️ Disclosure, Disclaimer & Legal Notice
This article is general commentary examining questions of perceived independence, governance structure, and conflict management in the context of whistleblower processes at ASX-listed companies. It is informed entirely by publicly available corporate records, including ASIC company extracts, ACNC charity register filings, ASX disclosures, LinkedIn professional profiles, personal business websites, published law firm case notes, publicly available corporate policies, and other documents in the public domain.
It is not legal advice and does not constitute a statement of proven fact. It is not intended to be, and should not be construed as, an allegation of wrongdoing, breach of duty, or unlawful conduct against any individual or entity. The author does not assert that any individual has acted unlawfully, and any such finding is a matter for a court or regulator.
All views expressed are the author’s honest opinions, formed on reasonable grounds based on publicly available information and the author’s own experience. The author’s interpretations may differ from those of other reasonable observers. Readers are encouraged to form their own views and to seek independent professional advice where relevant to their circumstances.
This article does not name any individual. Where roles, positions, or professional histories are referenced, these are described by function rather than by name. Any identification of specific individuals is a matter of inference by the reader, rather than any express identification by the author.
The author’s description of procedural aspects of his own participation in any process – including who was or was not present during interactions involving the author – reflects the author’s personal experience and does not disclose the substance of any confidential process.
The author has an active dispute with TPG Telecom Limited (ASX: TPG) and has made protected disclosures under Part 9.4AAA of the Corporations Act 2001 (Cth). The author holds a very immaterial shareholding in TPG Telecom Limited. These interests should be considered when evaluating the commentary presented.
This article is published on the basis that questions of governance, perceived independence, and the structural management of whistleblower disclosures at ASX-listed companies are matters of legitimate public interest – to shareholders, regulators, employees, and the broader Australian community.
The author relies on protections afforded to honest opinion, fair comment, and publication in the public interest under the Defamation Act 2005 (NSW).
All entities and individuals retain the presumption of lawful conduct unless determined otherwise by a competent authority. Nothing in this article should be taken as an assertion or implication that any person has committed a criminal offence or civil wrong unless that finding has been made by a court, tribunal, or regulatory body with appropriate jurisdiction.
This article does not disclose any information obtained through confidential whistleblower processes, investigation proceedings, or privileged communications. All matters discussed are drawn from publicly available records or the author’s own personal experience as previously disclosed in prior publications.
The author has taken reasonable steps to ensure the accuracy of the information presented. If any factual matter is incorrect, the author welcomes correction and undertakes to amend the article promptly upon verification.
Previous posts in this series:
Post #65 – When The Music Stops
Post #66 – The $2B Problem TPG Can’t Afford
Post #67 – The Bonus Year: Thin Earnings, Thick Optics
Post #68 – Buying the Narrative
Post #69 – The Smart Money Just Left the Building
Post #70 – Who’s Watching the Watchers?
Post #72 – Marked Safe From the Whistleblower Policy