Dodd-Frank Wall Street Reform & Consumer Protection Act

What Is the Dodd-Frank Act?

The Dodd-Frank Wall Street Reform & Consumer Protection Act (Dodd-Frank Act) is a comprehensive U.S. federal law introduced in response to the 2008 financial crisis. Its primary purpose is to reduce systemic risk, enhance corporate accountability, and protect investors from fraud.

The Act builds on earlier legislation, such as the Sarbanes-Oxley (SOX) Act, which focused on internal whistleblowing. Dodd-Frank expands on this by extending anti-retaliation protections, introducing direct reporting mechanisms to regulators, and establishing the SEC Whistleblower Program to incentivize financial crime reporting via monetary awards for original tips.

Dodd-Frank broadly applies to publicly traded U.S. companies, financial institutions (e.g., banks, investment firms, and hedge funds), and subsidiaries and affiliates of regulated companies. Unlike other whistleblowing regulations of its kind, its protections apply not only to employees but also to contractors, consultants, and other individuals who provide information to regulators.

Who Is Responsible for the Dodd-Frank Act?

Several regulatory bodies are involved in enforcing the Dodd-Frank Act. The Securities and Exchange Commission (SEC) oversees the Whistleblower Program, conducts investigations, and prosecutes securities law violations. The Commodity Futures Trading Commission (CFTC) handles violations related to derivatives and commodities markets. 

Federal courts receive and adjudicate whistleblower retaliation claims and can enforce remedies if the SEC fails to pay out valid awards under its scheme. While the Dodd-Frank Act does not include standalone criminal offenses, violations of other securities laws discovered through the whistleblower program may be criminally prosecuted by the Department of Justice (DOJ).

What Are the Possible Penalties Under the Dodd-Frank Act?

The Dodd-Frank Act prescribes both corporate penalties and remedies for whistleblowers affected by retaliatory action. Companies and individuals found to have violated the securities laws may face significant fines often reaching millions of dollars, disgorgement of profits obtained through misconduct, regulatory sanctions (e.g., bans), and criminal liability.

Whistleblowers who experience retaliation are entitled to reinstatement to the same or a comparable position of equal seniority, double back pay with interest, and compensation for legal fees. Additionally, whistleblowers who bring forward original information leading to the discovery of a relevant violation worth at least $1,000,000 may receive between 10% and 30% of the collected sanctions.

What Does the Dodd-Frank Act Require?

Under the Dodd-Frank Act, employers (and third parties) are prohibited from retaliating against whistleblowers who make protected disclosures or assist in SEC investigations. This includes retaliation through demotion, harassment, or even unlawful contractual clauses that require staff to waive their whistleblowing rights. 

Additionally, organizations must be prepared to promptly respond to SEC inquiries and maintain accurate records and documentation to demonstrate compliance. Dodd-Frank’s anti-retaliation protections apply specifically to individuals who report violations to the SEC. Internal-only reports are generally not covered under Dodd-Frank’s whistleblower protections and may instead fall under other laws, such as the Sarbanes-Oxley Act.

However, failure to implement effective internal reporting mechanisms increases the likelihood that employees will bypass internal channels entirely and report directly to regulators. As a result, companies are recommended to establish anonymous whistleblowing procedures, encourage internal reporting, thoroughly investigate all reports, and maintain accurate audit trails.

To qualify for Dodd-Frank anti-retaliation protections, individuals must report a violation to the SEC via its Tips, Complaints, and Referrals (TCR) Portal. However, whistleblowers may report internally first and still retain award eligibility if they submit the same information to the SEC within the applicable timeframe.

If a report is made only through internal channels, the individual does not qualify for Dodd-Frank protections, but may still be protected under other laws, such as the Sarbanes-Oxley Act. Whistleblowers may still be eligible for a financial award if they later submit original information to the SEC that leads to a successful enforcement action.

Claims must generally be submitted within 6 years of the violation, or within 3 years of when the facts were known or reasonably discoverable, but no later than 10 years after the violation. All disclosures must be made in good faith and be based on original information. Knowingly misleading tips, or those made after the deadline, automatically invalidate all claims submitted by the reporter.

Although the initial tip to the SEC may be made anonymously, whistleblowers must identify themselves to receive the monetary award.

Why Is the Dodd-Frank Act Important?

The Dodd-Frank Act plays a crucial role in detecting financial fraud and securities violations early, strengthening corporate accountability and governance, protecting investors and market integrity, and encouraging a culture of transparency. But more than that, it has fundamentally transformed whistleblowing in the United States.

By introducing monetary incentives and direct regulatory access, the Act contributed to a significant increase in the volume and quality of reported misconduct. Importantly, it also shifted the balance of power toward whistleblowers, making it riskier for organizations to ignore or mishandle internal reports.

How Does FaceUp Help Comply with the Dodd-Frank Act?

Since the Dodd-Frank Act primarily focuses on external reporting to the SEC, it does not directly require businesses to implement internal whistleblowing mechanisms. However, the Act provides organizations with several reasons to do so.

FaceUp gives employees easy access to multiple anonymous reporting channels, including web forms, hotlines, and mobile iOS/Android applications in 113 languages. The platform’s case management system also automatically creates accurate audit trails.

For covered US-based companies, this means you can encourage internal reporting, investigate and address potential misconduct early, and reduce the risk of regulatory penalties.