Dodd-Frank Whistleblower Lawyers — SEC § 21F, CFTC § 748, CFPB § 1057

Practice Area · Dodd-Frank Whistleblower Programs · 15 U.S.C. § 78u-6 · 7 U.S.C. § 26 · 12 U.S.C. § 5567

Three parallel federal whistleblower programs. Monetary awards of 10%–30% of $1M+ sanctions. Six-year anti-retaliation framework with double back pay. The Dodd-Frank framework is the most consequential federal whistleblower-incentive architecture in U.S. history — and it works alongside SOX § 806 as the dual-track strategy for securities-fraud whistleblowers.

The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, Pub. L. No. 111-203 (July 21, 2010), was enacted in the aftermath of the 2008 financial crisis and created the most consequential federal whistleblower architecture in modern U.S. history. Three parallel programs operate under Dodd-Frank: (1) the SEC whistleblower program under Section 922 of the Act, codified at Section 21F of the Securities Exchange Act of 1934 (15 U.S.C. § 78u-6), which provides monetary awards of 10%–30% of monetary sanctions exceeding $1 million for original information leading to successful SEC enforcement actions; (2) the CFTC whistleblower program under Section 748 of the Act, codified at 7 U.S.C. § 26, which provides parallel monetary awards for Commodity Exchange Act violations; and (3) the CFPB consumer financial services whistleblower protection under Section 1057 of the Act, codified at 12 U.S.C. § 5567, which provides anti-retaliation protection for consumer financial services employees. The SEC and CFTC programs also include anti-retaliation provisions at 15 U.S.C. § 78u-6(h) and 7 U.S.C. § 26(h) respectively, providing direct federal court access, double back pay, attorneys fees, and a six-year statute of limitations — substantially longer than the SOX § 806 180-day administrative filing deadline. The Supreme Court’s decision in Digital Realty Trust, Inc. v. Somers, 138 S. Ct. 767 (2018), limits the Dodd-Frank § 21F(h) anti-retaliation provision to employees who reported to the SEC — making coordinated SOX § 806 and Dodd-Frank § 21F(h) strategy essential. Anonymous filing through counsel is permitted under SEC Rule 21F-9 and CFTC Rule 165.4 and is the dominant mode of practice for Dodd-Frank whistleblower matters.

By the trial team at Doyle Dennis Avery LLP Reviewed by Jeffrey I. Avery · Board Certified, Labor and Employment Law, Texas Board of Legal Specialization

Dodd-Frank Whistleblower Architecture

Three parallel programs with bounty and anti-retaliation features

◆SEC whistleblower program — § 21F. 15 U.S.C. § 78u-6 · 10%–30% of $1M+ sanctions · Original information requirement · Anonymous submission through counsel · 17 CFR Part 240

◆CFTC whistleblower program — § 748. 7 U.S.C. § 26 · Parallel award structure · Commodities, derivatives, swaps, manipulation · 17 CFR Part 165

◆CFPB whistleblower protection — § 1057. 12 U.S.C. § 5567 · Consumer financial services workers · Anti-retaliation only · OSHA-administered under 29 CFR Part 1985

◆SEC anti-retaliation — § 21F(h). 15 U.S.C. § 78u-6(h) · Direct federal court access · Reinstatement · Double back pay · Attorneys fees · Six-year SOL

◆Digital Realty Trust v. Somers (2018). Dodd-Frank § 21F(h) anti-retaliation limited to SEC reporters — making coordinated SOX § 806 strategy essential

◆Anonymous submission. SEC Rule 21F-9(c) and CFTC Rule 165.4 permit anonymous filing through counsel · Identity disclosed only at award stage

◆FCPA coordination. FCPA enforcement actions have generated some of the largest SEC whistleblower awards · See SOX § 806 page for FCPA-SOX integration

◆Board certified in Labor and Employment Law (Avery) and Personal Injury Trial Law (Doyle) by the Texas Board of Legal Specialization

The Statutory Framework

The four pillars of the Dodd-Frank whistleblower architecture

The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 was enacted in the aftermath of the 2008 financial crisis as the most comprehensive financial regulatory reform statute since the New Deal. The Act addressed a wide range of regulatory subjects — systemic risk oversight, derivatives regulation, mortgage origination standards, credit rating agency reform, executive compensation, consumer financial services, and many other topics. Among its most consequential provisions were the whistleblower frameworks, which reflected congressional recognition that the financial crisis exposed substantial gaps in the pre-2010 whistleblower architecture and that more aggressive whistleblower incentives were necessary to surface complex financial fraud.

The Dodd-Frank whistleblower architecture comprises four operative provisions:

Pillar 1 · SEC Whistleblower Program

Section 922 of Dodd-Frank · 15 U.S.C. § 78u-6 (Section 21F of the Exchange Act)

The headline Dodd-Frank whistleblower program. Section 922 added Section 21F to the Securities Exchange Act of 1934, creating both a monetary award program for whistleblowers (10%–30% of monetary sanctions exceeding $1 million) and an anti-retaliation provision for employees who report to the SEC. Implementing regulations at 17 CFR §§ 240.21F-1 through 240.21F-18. The program is administered by the SEC Office of the Whistleblower within the Division of Enforcement.

Pillar 2 · CFTC Whistleblower Program

Section 748 of Dodd-Frank · 7 U.S.C. § 26 (added to Commodity Exchange Act)

The CFTC whistleblower program, modeled directly on the SEC program. Section 748 added a parallel framework to the Commodity Exchange Act creating monetary awards of 10%–30% of monetary sanctions exceeding $1 million and an anti-retaliation provision at 7 U.S.C. § 26(h). Covers commodities trading, derivatives, futures contracts, swaps, and other CFTC-jurisdictional matters. Implementing regulations at 17 CFR Part 165. Administered by the CFTC Whistleblower Office within the Division of Enforcement.

Pillar 3 · CFPB Whistleblower Protection

Section 1057 of Dodd-Frank · 12 U.S.C. § 5567

The consumer financial services whistleblower protection. Section 1057 protects employees of mortgage lenders, debt collectors, payday lenders, credit reporting agencies, consumer credit providers, and other entities subject to CFPB jurisdiction from retaliation for reporting violations of federal consumer financial law. Unlike the SEC and CFTC programs, there is no monetary award provision under § 1057 — only anti-retaliation protection. The statute is administered by OSHA under 29 CFR Part 1985.

Pillar 4 · Anti-Retaliation Provisions

15 U.S.C. § 78u-6(h) · 7 U.S.C. § 26(h) · 12 U.S.C. § 5567(c)

The Dodd-Frank anti-retaliation provisions across all three programs. The SEC and CFTC anti-retaliation provisions (§ 21F(h) and § 26(h)) provide direct federal court access, reinstatement, double back pay, attorneys fees, and a six-year statute of limitations. The CFPB anti-retaliation provision is OSHA-administered with the standard 180-day filing deadline. The Supreme Court’s decision in Digital Realty Trust, Inc. v. Somers, 138 S. Ct. 767 (2018), substantially narrowed the § 21F(h) provision by limiting coverage to SEC reporters.

The SEC Whistleblower Program

Section 922 / Section 21F — The federal whistleblower bounty framework

The SEC whistleblower program under Section 922 of Dodd-Frank and Section 21F of the Exchange Act is the most prominent and most heavily utilized federal whistleblower program. Since the program’s launch in 2011, it has generated billions of dollars in monetary sanctions on the underlying enforcement actions and has paid out substantial cumulative awards to whistleblowers — including multiple individual awards exceeding $100 million. The program’s structural features have made it the model for subsequent federal whistleblower programs including the CFTC program, the IRS whistleblower program (which predates Dodd-Frank but was substantially expanded thereafter), and the more recent AML/sanctions whistleblower program.

The award framework

SEC Whistleblower Award — Statutory Provision

15 U.S.C. § 78u-6(b)(1) — Awards

“In any covered judicial or administrative action, or related action, the Commission, under regulations prescribed by the Commission and subject to subsection (c), shall pay an award or awards to 1 or more whistleblowers who voluntarily provided original information to the Commission that led to the successful enforcement of the covered judicial or administrative action, or related action, in an aggregate amount equal to —

“(A) not less than 10 percent, in total, of what has been collected of the monetary sanctions imposed in the action or related actions; and

“(B) not more than 30 percent, in total, of what has been collected of the monetary sanctions imposed in the action or related actions.”

The award framework has four critical elements that must each be satisfied for a whistleblower to qualify: (1) the whistleblower must have voluntarily provided the information; (2) the whistleblower must have provided original information; (3) the information must have led to the successful enforcement of a covered action; and (4) the resulting monetary sanctions must exceed $1 million. Each element has been the subject of extensive SEC rulemaking, ARB and federal court interpretation, and practitioner attention.

“Voluntarily” provided information

Under SEC Rule 21F-4(a), the submission is “voluntary” only if it is made before: (i) a request, inquiry, or demand from the Commission, Congress, any other authority of the federal government, a state Attorney General or securities regulatory authority, any self-regulatory organization (such as FINRA), or the Public Company Accounting Oversight Board; or (ii) the whistleblower has any pre-existing legal or contractual duty to report the information to the Commission. The “voluntary” requirement is critical — employees who provide information only after a regulatory inquiry has begun or in response to a subpoena are generally not eligible for awards.

“Original information” — the most heavily litigated requirement

Original Information — Statutory Definition

15 U.S.C. § 78u-6(a)(3) and SEC Rule 21F-4(b)

“The term ‘original information’ means information that —

“(A) is derived from the independent knowledge or analysis of a whistleblower;

“(B) is not known to the Commission from any other source, unless the whistleblower is the original source of the information; and

“(C) is not exclusively derived from an allegation made in a judicial or administrative hearing, in a governmental report, hearing, audit, or investigation, or from the news media, unless the whistleblower is a source of the information.”

The “original information” requirement is the most heavily litigated element of the SEC whistleblower program. Three key concepts structure the analysis: (1) independent knowledge — facts known by the whistleblower that are not derived from publicly available sources, which under SEC Rule 21F-4(b)(2) means knowledge gained through the whistleblower’s own experiences, communications, and observations; (2) independent analysis — under SEC Rule 21F-4(b)(3), evaluation of information that may be publicly available but that, through the whistleblower’s own analytical work, reveals previously unknown information of a kind that is meaningful for the SEC; and (3) the “original source” exception — even where information has reached the SEC through other channels, the whistleblower may still qualify as the original source if the whistleblower voluntarily provided that information directly or indirectly to the SEC.

The post-July 21, 2010 effective date requirement is also significant — information provided to the SEC before the Dodd-Frank enactment date is not eligible for awards under Section 21F.

“Led to the successful enforcement”

Under SEC Rule 21F-4(c), the whistleblower’s information must have “led to” the successful enforcement action. The standard has two principal pathways: (1) the information caused the SEC to open an investigation (or reopen a closed investigation) that resulted in a successful enforcement action; or (2) the information significantly contributed to the success of an existing investigation that resulted in a successful enforcement action. The “led to” standard is fact-intensive and has been the subject of substantial litigation, particularly in cases where the SEC was already investigating related matters at the time of the whistleblower’s submission.

The $1 million threshold

The award is available only if the SEC enforcement action results in monetary sanctions exceeding $1 million, including civil penalties, disgorgement, and prejudgment interest. The threshold is calculated on the basis of total monetary sanctions in the covered action — disgorgement plus civil penalties plus interest — and applies on an aggregated basis if multiple defendants or multiple violations are addressed in a single action. Related actions by other federal agencies, state regulators, or SROs may also be included in the sanctions calculation under 17 CFR § 240.21F-3(b), substantially expanding the universe of qualifying matters.

Submission process

The SEC submission process operates through two principal forms:

Form TCR

Tip, Complaint, or Referral

The initial submission form (officially titled “Tip, Complaint, or Referral”). The TCR must be submitted under penalty of perjury and provides the SEC with the initial information for evaluation. The TCR may be filed by the whistleblower directly or, in the case of anonymous filings, by counsel on the whistleblower’s behalf. Detailed instructions and the submission portal are maintained by the SEC Office of the Whistleblower.

Form WB-APP

Whistleblower Award Application

The award application form, filed after the SEC publishes a “Notice of Covered Action” announcing a final monetary sanction exceeding $1 million in a matter where a whistleblower may potentially qualify. The Form WB-APP must be filed within 90 days of the Notice of Covered Action publication date. The SEC then evaluates the application against the eligibility and award-determination criteria.

Anonymous submission through counsel

SEC Rule 21F-9(c) permits anonymous submission of TCR forms through an attorney. The attorney submits the TCR on the whistleblower’s behalf and represents to the SEC that the attorney has verified the whistleblower’s identity. The whistleblower’s identity is then disclosed to the SEC only at the time of award claim (on Form WB-APP), and even then the SEC must continue to protect the whistleblower’s identity to the maximum extent possible under 15 U.S.C. § 78u-6(h)(2). Anonymous submission is one of the most important practical features of the SEC whistleblower program — it permits the whistleblower to preserve confidentiality during the initial reporting period when retaliation risk is highest.

Eligibility exclusions

Under SEC Rule 21F-8(c) and 17 CFR § 240.21F-4(b)(4), several categories of whistleblowers are excluded from award eligibility:

SEC, DOJ, CFTC, and law enforcement personnel — members, officers, or employees of the SEC, DOJ, an appropriate regulatory agency, a self-regulatory organization, or a law enforcement organization are excluded.
Persons convicted of criminal violations related to the SEC enforcement action are excluded.
Auditors of public companies who learned of violations through audit engagements are generally excluded under SEC Rule 21F-4(b)(4)(iii), with limited exceptions for information disclosed to prevent securities violations that would result in financial loss or where the auditor has reported through internal channels and waited the required time period.
Attorneys whose information was obtained through privileged communications are excluded under SEC Rule 21F-4(b)(4)(i), with limited exceptions for disclosure permitted by state attorney conduct rules or required by court order.
Compliance and internal audit personnel are excluded under SEC Rule 21F-4(b)(4)(iii) where information was obtained in connection with internal compliance, audit, or legal functions — unless the compliance or audit officer reasonably believed disclosure was necessary to prevent the entity from causing substantial injury to the financial interests of the entity or investors, or reasonably believed that the entity was impeding investigation, or the officer has reported through internal channels and at least 120 days have elapsed.

The compliance and audit exceptions are critical and frequently litigated. Counsel handling SEC whistleblower matters for compliance and internal audit personnel must carefully evaluate whether the 120-day waiting period applies, whether one of the substantive exceptions applies, and how the timing of internal reporting interacts with the submission to the SEC.

Award determination factors

Under SEC Rule 21F-6, the SEC determines the specific award percentage (between the 10% floor and 30% ceiling) based on positive and negative factors:

Positive factors — significance of the information; assistance provided by the whistleblower; law enforcement interest in deterring violations; and participation in entity compliance systems before reporting.
Negative factors — culpability of the whistleblower in the underlying violation; unreasonable reporting delay; interference with internal compliance and reporting systems.

Confidentiality protections

Section 21F(h)(2), 15 U.S.C. § 78u-6(h)(2), imposes strict confidentiality protections on whistleblower information. The SEC may not disclose any information that could reasonably be expected to reveal the identity of a whistleblower, except in connection with an enforcement action, to the extent disclosure is required to enable the SEC to enforce its laws, or in connection with various inter-agency information-sharing arrangements with appropriate confidentiality protections. The confidentiality protections are complemented by SEC Rule 21F-7 and the SEC’s policies regarding the disclosure of whistleblower-related information in connection with enforcement actions.

Tax treatment

SEC whistleblower awards are generally taxable as ordinary income. The Tax Cuts and Jobs Act of 2017 created a deduction for attorney’s fees and costs paid in connection with whistleblower award claims under 26 U.S.C. § 62(a)(21), permitting whistleblowers to receive the deduction “above the line” rather than as a miscellaneous itemized deduction subject to substantial limitations. Counsel handling Dodd-Frank whistleblower matters routinely coordinate with tax counsel to address the tax treatment of awards and fees.

The Anti-Retaliation Provision

Section 21F(h) — Direct federal court access with six-year SOL and double back pay

The Dodd-Frank anti-retaliation provision under Section 21F(h) of the Exchange Act, codified at 15 U.S.C. § 78u-6(h), is distinct from the award program and provides separate remedies. The anti-retaliation provision has structural features that make it materially more favorable to whistleblowers in several respects than the parallel SOX § 806 anti-retaliation provision — but materially more restrictive in one critical respect (the SEC-reporting requirement after Digital Realty Trust).

Dodd-Frank Anti-Retaliation Provision

15 U.S.C. § 78u-6(h)(1)(A) — Protected Activity

“No employer may discharge, demote, suspend, threaten, harass, directly or indirectly, or in any other manner discriminate against, a whistleblower in the terms and conditions of employment because of any lawful act done by the whistleblower —

“(i) in providing information to the Commission in accordance with this section;

“(ii) in initiating, testifying in, or assisting in any investigation or judicial or administrative action of the Commission based upon or related to such information; or

“(iii) in making disclosures that are required or protected under the Sarbanes-Oxley Act of 2002 (15 U.S.C. 7201 et seq.), this chapter, including section 78j-1(m) of this title, section 1513(e) of Title 18, and any other law, rule, or regulation subject to the jurisdiction of the Commission.”

The three protected-activity categories

Section 21F(h)(1)(A) defines three categories of protected activity:

Category (i) — Providing information to the SEC under § 21F. This is the core category and the one that, after Digital Realty Trust, is required for § 21F(h) coverage.
Category (ii) — Initiating, testifying in, or assisting in SEC investigations or proceedings based on or related to the information.
Category (iii) — Making disclosures required or protected under SOX § 806, the Exchange Act, 18 U.S.C. § 1513(e) (witness retaliation), or any other law subject to SEC jurisdiction. This is the category that was the focus of Digital Realty Trust — the Supreme Court held that the statutory definition of “whistleblower” at § 78u-6(a)(6) limits coverage to individuals who reported to the SEC, narrowing the apparent breadth of category (iii) to require SEC reporting.

Digital Realty Trust, Inc. v. Somers — the SEC-reporting requirement

The Supreme Court’s unanimous decision in Digital Realty Trust, Inc. v. Somers, 138 S. Ct. 767 (2018), substantially narrowed the Dodd-Frank § 21F(h) anti-retaliation provision. Somers was a former vice president at Digital Realty Trust who alleged that he was terminated after reporting suspected securities law violations to senior management — but before he could report to the SEC. He sued under Dodd-Frank § 21F(h)(1)(A)(iii) on the theory that his internal disclosure was a “disclosure that is required or protected under” SOX § 806 and therefore protected.

The Supreme Court rejected the argument. Justice Ginsburg’s opinion for a unanimous Court held that the statutory definition of “whistleblower” at 15 U.S.C. § 78u-6(a)(6) — “any individual who provides… information relating to a violation of the securities laws to the Commission, in a manner established, by rule or regulation, by the Commission” — controls the scope of § 21F(h). Because § 21F(h) protects only “whistleblowers” as defined in the statute, and because that definition requires reporting to the SEC, an employee who reported only internally is not a “whistleblower” for § 21F(h) purposes and is not protected by § 21F(h).

The Dual-Track Strategy Imperative

SOX § 806 + Dodd-Frank § 21F(h) = the coordinated whistleblower framework

The practical consequence of Digital Realty Trust is that internal-only reporters cannot rely on Dodd-Frank § 21F(h) for anti-retaliation protection. Their anti-retaliation framework is SOX § 806, which under 18 U.S.C. § 1514A(a)(1)(C) explicitly protects internal reporting to “a person with supervisory authority over the employee (or such other person working for the employer who has the authority to investigate, discover, or terminate misconduct).”

The optimal practitioner approach is the dual-track filing strategy: (1) report internally to preserve SOX § 806 protection and to comply with any internal-reporting requirements imposed by company policy; and (2) simultaneously or shortly thereafter file with the SEC to preserve Dodd-Frank § 21F bounty eligibility and Dodd-Frank § 21F(h) anti-retaliation coverage. The dual-track filing maximizes both potential monetary awards and the available anti-retaliation frameworks.

The interaction between SOX § 806’s 180-day OSHA filing deadline and Dodd-Frank § 21F(h)’s six-year statute of limitations also creates strategic considerations. The longer Dodd-Frank limitations period can preserve claims that would otherwise be time-barred under SOX § 806, where the employee has filed with the SEC. Counsel handling securities whistleblower matters must carefully evaluate the timing implications of each framework.

Remedies under § 21F(h)

Dodd-Frank Anti-Retaliation Remedies

15 U.S.C. § 78u-6(h)(1)(C) — Relief

“Relief for an individual prevailing in an action brought under subparagraph (B) shall include —

“(i) reinstatement with the same seniority status that the individual would have had, but for the discrimination;

“(ii) 2 times the amount of back pay otherwise owed to the individual, with interest; and

“(iii) compensation for litigation costs, expert witness fees, and reasonable attorneys’ fees.”

The Dodd-Frank remedies framework has distinctive features:

Double back pay — the statutory doubling of back pay is unique among federal whistleblower frameworks. Most federal whistleblower statutes provide back pay at the actual rate; Dodd-Frank § 21F(h) provides twice the back pay otherwise owed. This is a substantial enhancement particularly for high-earning securities industry employees.
Reinstatement with seniority — standard reinstatement remedy with restoration of seniority status. Front pay may be available where reinstatement is not feasible.
Attorneys fees and costs — the explicit attorneys fees and costs provision makes the framework economically viable for employee litigation even where damages might otherwise be insufficient to justify private counsel investment.
No statutory punitive damages — unlike STAA, FRSA, and SPA, Dodd-Frank § 21F(h) does not provide for punitive damages. The double back pay framework partially compensates for the absence of punitive damages.

Direct federal court access — no OSHA exhaustion

Section 21F(h)(1)(B)(i) provides that an individual who alleges discharge or other discrimination in violation of subparagraph (A) “may bring an action under this subsection in the appropriate district court of the United States.” Unlike SOX § 806, STAA, FRSA, SPA, and other AIR21-family statutes that require initial OSHA administrative filing with subsequent kick-out provisions, the Dodd-Frank § 21F(h) anti-retaliation claim is filed directly in federal district court without OSHA administrative exhaustion. The direct federal court access is a substantial procedural advantage — the case proceeds on federal court rules and timelines from the outset, with full discovery, jury trial, and federal court remedies.

Six-year statute of limitations

Dodd-Frank § 21F(h) Statute of Limitations

15 U.S.C. § 78u-6(h)(1)(B)(iii)

“An action under this subsection may not be brought —

“(I) more than 6 years after the date on which the violation of subparagraph (A) occurred; or

“(II) more than 3 years after the date when facts material to the right of action are known or reasonably should have been known by the employee alleging a violation of subparagraph (A);

“(III) in no event shall such action be brought more than 10 years after the date on which the violation occurs.”

The Dodd-Frank § 21F(h) statute of limitations framework is one of the most plaintiff-favorable in federal employment law. The six-year primary period is substantially longer than: SOX § 806’s 180-day OSHA filing deadline; FRSA’s 180-day deadline; STAA’s 180-day deadline; SPA’s 180-day deadline; and the typical four-year residual federal limitations period under 28 U.S.C. § 1658. The three-year discovery rule further protects employees who may not initially recognize the connection between their SEC reporting and subsequent adverse employment actions, and the ten-year repose creates an outer bound that still substantially exceeds most employment-law limitations periods.

The practical effect of the six-year SOL is that Dodd-Frank § 21F(h) claims can preserve causes of action that would have been time-barred under SOX § 806 — provided the employee reported to the SEC and thus qualifies for § 21F(h) coverage under Digital Realty Trust. The interplay between the SOX § 806 180-day deadline and the Dodd-Frank § 21F(h) six-year deadline is a critical strategic consideration in nearly every securities-fraud whistleblower matter.

The CFTC Whistleblower Program

Section 748 of Dodd-Frank — 7 U.S.C. § 26

Section 748 of Dodd-Frank, codified at 7 U.S.C. § 26, created the CFTC whistleblower program modeled directly on the SEC program. The CFTC program operates with the same award structure (10%–30% of monetary sanctions exceeding $1 million), the same anonymous submission framework, the same “voluntary,” “original information,” and “led to” requirements, and a parallel anti-retaliation framework. The principal difference is subject matter — the CFTC program addresses violations of the Commodity Exchange Act and CFTC regulations, including commodities trading, futures, swaps, derivatives, and other commodity-related matters.

CFTC Whistleblower Award — Statutory Provision

7 U.S.C. § 26(b)(1) — Awards

“In any covered judicial or administrative action, or related action, the Commission, under regulations prescribed by the Commission and subject to subsection (c), shall pay an award or awards to 1 or more whistleblowers who voluntarily provided original information to the Commission that led to the successful enforcement of the covered judicial or administrative action, or related action, in an aggregate amount equal to —

“(A) not less than 10 percent, in total, of what has been collected of the monetary sanctions imposed in the action or related actions; and

“(B) not more than 30 percent, in total, of what has been collected of the monetary sanctions imposed in the action or related actions.”

Subject-matter coverage

The CFTC whistleblower program covers any violation of the Commodity Exchange Act, CFTC regulations, and related federal commodity laws. Common categories of CFTC enforcement actions generating whistleblower awards include:

Commodity price manipulation — schemes to manipulate the price of commodities, commodity futures, or commodity options, including manipulation of benchmark prices.
Benchmark rate manipulation — manipulation of benchmark interest rates (LIBOR, SOFR), foreign exchange benchmark rates, ISDAFIX, and other financial benchmarks.
Spoofing — placing bids or offers without the intent to execute, often to manipulate prices in commodity futures and swap markets, criminalized at 7 U.S.C. § 6c(a)(5).
Wash trading — coordinated trades between affiliated parties or counter-party arrangements creating false appearance of trading activity.
Fraud in connection with swaps — false or misleading statements to swap counterparties, manipulation of swap pricing, undisclosed conflicts of interest.
Position limit violations — violations of CFTC and exchange position limits on commodity futures contracts.
Cryptocurrency and digital asset fraud — Bitcoin, Ethereum, and other digital asset trading where covered by the CFTC’s commodities jurisdiction.
Foreign exchange manipulation — manipulation of foreign exchange spot, forward, and derivative markets, particularly the dealer-to-dealer market.
Energy market manipulation — natural gas, electricity, crude oil, and refined products market manipulation.
Ponzi and pyramid schemes involving commodities or commodity pools.
Commodity pool operator and commodity trading advisor fraud — fraud by CPOs, CTAs, and other registered commodity intermediaries.

CFTC anti-retaliation under § 26(h)

The CFTC anti-retaliation provision at 7 U.S.C. § 26(h) closely tracks the SEC § 21F(h) framework — direct federal court access without OSHA exhaustion, double back pay, attorneys fees, and a six-year statute of limitations. The CFTC anti-retaliation provision was the subject of Murray v. Allianz Life Insurance Co., 922 F.3d 79 (2d Cir. 2019), and similar lower-court decisions interpreting the scope of CFTC whistleblower protection. The CFTC implementing regulations at 17 CFR Part 165 closely parallel the SEC implementing regulations at 17 CFR Part 240, Subpart F.

The CFPB Whistleblower Protection

Section 1057 of Dodd-Frank — 12 U.S.C. § 5567

Section 1057 of Dodd-Frank, codified at 12 U.S.C. § 5567, created the CFPB consumer financial services whistleblower protection. Unlike the SEC and CFTC programs, Section 1057 does not include a monetary award provision — it is purely an anti-retaliation framework. Section 1057 is administered by OSHA under 29 CFR Part 1985 and operates substantially like the OSHA-administered AIR21-family statutes (SOX § 806, STAA, FRSA, SPA, FSMA), with a 180-day filing deadline and federal court kick-out provisions.

CFPB Whistleblower Protection

12 U.S.C. § 5567(a) — Prohibited Acts

“No covered person or service provider shall terminate or in any other way discriminate against, or cause to be terminated or discriminated against, any covered employee or any authorized representative of covered employees by reason of the fact that such employee or representative, whether at the initiative of the employee or in the ordinary course of the duties of the employee (or any person acting pursuant to a request of the employee), has —

“(1) provided, caused to be provided, or is about to provide or cause to be provided, information to the employer, the Bureau, or any other State, local, or Federal, government authority or law enforcement agency relating to any violation of, or any act or omission that the employee reasonably believes to be a violation of, any provision of this title or any other provision of law that is subject to the jurisdiction of the Bureau, or any rule, order, standard, or prohibition prescribed by the Bureau;

“(2) testified or will testify in any proceeding resulting from the administration or enforcement of any provision of this title or any other provision of law that is subject to the jurisdiction of the Bureau, or any rule, order, standard, or prohibition prescribed by the Bureau;

“(3) filed, instituted, or caused to be filed or instituted any proceeding under any Federal consumer financial law; or

“(4) objected to, or refused to participate in, any activity, policy, practice, or assigned task that the employee (or other such person) reasonably believed to be in violation of any law, rule, order, standard, or prohibition, subject to the jurisdiction of, or enforceable by, the Bureau.”

Covered employers and employees

CFPB Section 1057 covers employees of “covered persons” and “service providers” under the CFPB’s statutory jurisdiction. The CFPB’s jurisdiction reaches a wide range of consumer financial services entities:

Mortgage lenders and servicers — banks, non-bank mortgage lenders, mortgage servicers, mortgage brokers, real estate settlement service providers.
Debt collectors — third-party debt collectors covered by the Fair Debt Collection Practices Act, debt buyers, debt collection law firms.
Payday lenders and other small-dollar lenders — payday lenders, title lenders, auto-title lenders, installment lenders.
Credit reporting agencies — consumer reporting agencies under the Fair Credit Reporting Act, including the three nationwide CRAs and specialty CRAs.
Consumer credit providers — credit card issuers, auto lenders, personal loan providers, student loan lenders and servicers.
Money transmitters and remittance providers — money transmitters, prepaid card issuers, remittance providers.
Banks, thrifts, and credit unions — depository institutions with $10 billion or more in assets are subject to CFPB jurisdiction, and certain provisions apply to smaller institutions.
Service providers — entities that provide a material service to a covered person, including IT vendors, debt collectors engaged by lenders, and similar service providers.

Procedural framework — 180-day OSHA filing

Section 1057(c) requires complaints to be filed with the Secretary of Labor (OSHA) within 180 days of the alleged violation. The OSHA process and federal court kick-out provisions closely parallel the SOX § 806 framework under 29 CFR Part 1980. The implementing regulations are at 29 CFR Part 1985.

Remedies

Section 1057(d) provides for reinstatement with seniority status, back pay with interest, and compensatory damages. The provision does not include the double back pay or punitive damages provisions found in some other federal whistleblower statutes. Attorneys fees and litigation costs are recoverable as part of the compensatory damages framework.

Common SEC and CFTC Tip Categories

What kinds of violations generate Dodd-Frank whistleblower awards

The SEC and CFTC whistleblower programs do not impose subject-matter limits within their respective jurisdictions — any SEC-enforceable or CFTC-enforceable violation can in principle generate an award. In practice, certain categories of violations recur frequently and have generated the largest awards.

1. FCPA Violations — among the largest awards

Foreign Corrupt Practices Act violations under 15 U.S.C. §§ 78dd-1, 78dd-2, 78dd-3 (anti-bribery) and § 78m(b)(2) (accounting provisions) have generated some of the largest SEC whistleblower awards. FCPA enforcement actions typically involve substantial penalties — frequently $100M+ — which translates to substantial whistleblower awards under the 10%–30% framework. Common FCPA whistleblower scenarios include:

Subsidiary employees identifying improper payments to foreign government officials disguised as consulting fees, agent commissions, charitable contributions, or other expense categories.
Internal audit and compliance employees identifying intermediary payment schemes where third parties have connections to foreign officials.
Accountants identifying misclassified expenses associated with bribery payments.
Executives identifying systemic FCPA violations in foreign operations.
Acquisition diligence teams identifying legacy FCPA exposure at target companies.

See the SOX § 806 page for detailed treatment of how FCPA reports also trigger SOX § 806 anti-retaliation protection through multiple statutory pathways.

2. Financial Reporting and Accounting Fraud

Material misstatements and accounting irregularities at SEC-registered companies are a core category of SEC whistleblower tips. Common patterns include:

Revenue recognition fraud — premature revenue, channel stuffing, sham sales, side agreements not disclosed to auditors, improper percentage-of-completion estimates, bill-and-hold abuse.
Expense capitalization fraud — improper capitalization of operating expenses (WorldCom-style fraud).
Asset valuation fraud — goodwill impairment avoidance, intangible asset overvaluation, mark-to-market manipulation.
Off-balance-sheet liability concealment — special-purpose entities (Enron-style), undisclosed contingent liabilities under ASC 450.
Related-party transaction concealment — undisclosed RPTs under ASC 850 and Regulation S-K Item 404.
Accounting estimates manipulation — cookie-jar reserves, big-bath accounting, manipulation of bad debt and warranty reserves.
Disclosure deficiencies — MD&A misstatements, risk factor inadequacies, 8-K disclosure failures, going concern omissions.
Internal controls failures — material weakness concealment, false Section 302/404 certifications, segregation of duties failures.

3. Investment Adviser and Hedge Fund Fraud

SEC enforcement actions against investment advisers, hedge funds, private equity funds, and other registered or exempt advisers are a substantial category of whistleblower-eligible matters:

Misappropriation of client assets — outright theft, unauthorized borrowing, undisclosed personal use of client assets.
Conflicts of interest non-disclosure — undisclosed compensation arrangements, undisclosed cross-trades, undisclosed soft dollar arrangements.
Valuation manipulation — manipulation of NAV calculations, mismarking of illiquid positions, level 3 asset overvaluation.
Side letter abuse — preferential treatment of select investors through undisclosed side letters.
Performance fee manipulation — manipulation of high-water marks, performance fee calculations, hurdle rate computations.
Cherry-picking — allocating profitable trades to favored accounts and unprofitable trades to disfavored accounts.
Form ADV and Form PF misstatements — material misstatements in investment adviser registration filings.
Private fund fee and expense abuse — improper allocation of fund expenses, undisclosed monitoring fees, broken-deal expense abuse.

4. Insider Trading and Tipping

Insider trading enforcement remains an SEC enforcement priority, generating both substantial penalties and whistleblower awards:

Classical insider trading — trading by corporate insiders (officers, directors, employees, immediate family members) on the basis of material non-public information.
Misappropriation theory insider trading — trading by persons who misappropriated material non-public information from the source.
Tipping — providing material non-public information to others who trade, in violation of Rule 10b-5.
Pre-merger trading — trading in advance of M&A announcements based on inside information.
Selective disclosure violations — Regulation FD violations involving selective disclosure of material non-public information to analysts or large investors.
Rule 10b5-1 plan abuse — manipulation of Rule 10b5-1 trading plans, including improper plan modifications, multiple overlapping plans, and trading outside plan parameters.
Expert network insider trading — insider trading through expert networks that improperly facilitated transfer of material non-public information.

5. Market Manipulation

Market manipulation enforcement under both SEC and CFTC jurisdiction generates substantial penalties and whistleblower awards:

Pump-and-dump schemes — coordinated efforts to artificially inflate stock prices followed by insider selling.
Spoofing and layering — placing orders without intent to execute, to create false appearance of supply or demand. Criminalized for commodity futures under 7 U.S.C. § 6c(a)(5).
Wash trading — coordinated trades between affiliated parties creating false volume.
Marking the close — concentrated end-of-day trading to influence closing prices.
Microcap and penny stock manipulation — pump-and-dump and other manipulation in microcap and penny stock markets.
Benchmark rate manipulation — manipulation of LIBOR, SOFR, ISDAFIX, foreign exchange benchmarks, and similar rates (primarily CFTC jurisdiction with SEC overlap for affected securities).

6. Offering Fraud, Ponzi Schemes, and Affinity Fraud

Securities offering frauds and Ponzi schemes remain a substantial category of SEC enforcement:

Unregistered securities offerings — offering and selling securities without proper registration or exemption.
Material misstatements in offering documents — false or misleading statements in private placement memoranda, prospectuses, or offering circulars.
Ponzi schemes — investment programs paying returns to existing investors from contributions of new investors rather than from genuine investment returns.
Affinity fraud — schemes targeting members of identifiable groups (religious, ethnic, professional, geographic communities).
Microcap and shell company manipulation — schemes involving shell companies, reverse mergers, and manipulation of shell company securities.
Regulation A and Regulation D abuse — fraud in offerings purportedly conducted under Regulation A or Regulation D exemptions.

7. Cryptocurrency and Digital Asset Fraud

An increasingly prominent category — SEC and CFTC enforcement of cryptocurrency and digital asset fraud has expanded substantially:

Unregistered securities offerings — ICOs and token offerings sold as unregistered securities.
Misappropriation of customer assets — crypto exchange operators misappropriating customer crypto assets.
Market manipulation — wash trading, spoofing, and manipulation of cryptocurrency markets.
Fraud by crypto promoters — false statements about token use cases, project status, team credentials.
Insider trading in tokens — trading by crypto platform employees on advance knowledge of token listings.
Stablecoin reserve misrepresentation — misrepresentation of stablecoin reserves and backing.
DeFi protocol fraud — fraud in decentralized finance protocols, including rug pulls and protocol exploits.

8. Broker-Dealer Misconduct

SEC and FINRA enforcement of broker-dealer misconduct generates substantial whistleblower-eligible matters:

Suitability violations — unsuitable recommendations under FINRA Rule 2111 or Regulation Best Interest.
Excessive trading and churning — excessive trading in customer accounts to generate commissions.
Unauthorized trading — trading in customer accounts without authorization.
Anti-money laundering failures — broker-dealer AML compliance failures under the Bank Secrecy Act.
Best execution failures — failures of best execution obligations under FINRA Rule 5310.
Books and records violations — broker-dealer recordkeeping failures, including off-channel communications (text messages, WhatsApp) not properly preserved.
Net capital violations — broker-dealer net capital rule violations.

9. Cybersecurity Disclosure Failures

Under the SEC’s 2023 cybersecurity disclosure rules (effective late 2023), public companies must timely disclose material cybersecurity incidents and provide ongoing cybersecurity risk management disclosures. Common cybersecurity-related whistleblower tips include:

Form 8-K Item 1.05 failures — failure to timely disclose material cybersecurity incidents within the required four-business-day window.
Risk factor inadequacies — failure to disclose material cybersecurity risks in risk factor disclosures.
Cybersecurity governance disclosure failures — failure to provide required disclosures about board and management cybersecurity oversight.
Misstatements about cybersecurity programs — material misstatements about the strength of cybersecurity controls, encryption practices, or breach response capabilities.
SolarWinds-type concealment — concealment of known cyber vulnerabilities or incidents from investors and customers.

10. ESG and Greenwashing Misrepresentation

An emerging category — material misstatements about environmental, social, and governance practices:

Greenwashing in fund marketing — material misstatements about ESG investment strategy or process by investment funds.
Carbon emissions misstatements — material misstatements about company carbon emissions, climate commitments, or climate-related risks.
Supply chain misrepresentation — material misstatements about supply chain ESG practices.
ESG metric manipulation — manipulation of ESG metrics reported in voluntary or required disclosures.
SPAC ESG misrepresentation — misrepresentation of ESG characteristics in SPAC business combinations.

Multi-Framework Coordination

How Dodd-Frank coordinates with other federal frameworks

Dodd-Frank rarely operates in isolation. Counsel handling Dodd-Frank whistleblower matters routinely coordinate with several other federal and state frameworks.

Coordination 1 · SOX § 806

Sarbanes-Oxley § 806 — 18 U.S.C. § 1514A

SOX § 806 is the essential complement to Dodd-Frank § 21F. SOX § 806 covers internal reporting to supervisors or persons with authority to investigate misconduct — coverage that Dodd-Frank § 21F(h) does not provide after Digital Realty Trust. SOX § 806 also provides separate anti-retaliation remedies through OSHA administrative process with federal court kick-out under § 1514A(b)(1)(B). The dual-track filing strategy — internal reporting under SOX § 806 plus SEC reporting under Dodd-Frank § 21F — is the standard practitioner approach.

Coordination 2 · FCA Qui Tam

Federal False Claims Act — 31 U.S.C. § 3729 et seq.

Where the underlying fraud involves false claims against the federal government — Medicare, Medicaid, defense contracts, federal grants — the federal False Claims Act qui tam framework operates alongside Dodd-Frank. The FCA framework provides relator share recoveries (15%–30%) similar in structure to the SEC bounty framework, plus anti-retaliation protection under 31 U.S.C. § 3730(h). FCA actions are filed under seal in federal court, with the government given the option to intervene.

Coordination 3 · IRS Whistleblower

IRS Whistleblower Program — 26 U.S.C. § 7623

For tax-related violations, the IRS whistleblower program under 26 U.S.C. § 7623 provides monetary awards similar to the SEC framework — generally 15%–30% of collected proceeds for cases involving tax, penalties, interest, and additions exceeding $2 million. IRS and SEC whistleblowers may simultaneously file under both programs where the underlying conduct involves both tax and securities violations.

Coordination 4 · AML/BSA Whistleblower

Anti-Money Laundering Whistleblower Improvement Act

The Anti-Money Laundering Whistleblower Improvement Act of 2022 substantially expanded the FinCEN whistleblower program at 31 U.S.C. § 5323. The program covers violations of the Bank Secrecy Act and federal sanctions laws and provides awards of 10%–30% of monetary sanctions exceeding $1 million. Operates through the FinCEN Whistleblower Office.

Coordination 5 · NDAA § 4712

NDAA § 4712 federal contractor whistleblower — 41 U.S.C. § 4712

Where the company is a federal contractor or subcontractor, the NDAA § 4712 federal contractor whistleblower protection at 41 U.S.C. § 4712 may apply alongside Dodd-Frank. NDAA § 4712 protects employees of federal contractors and subcontractors from retaliation for reporting violations of law, gross mismanagement, gross waste of federal funds, abuse of authority, or substantial danger to public health or safety.

Coordination 6 · State-Law Claims

Parallel state-law claims

State-law claims frequently accompany Dodd-Frank matters. Common parallel claims include: tortious interference; breach of contract; intentional infliction of emotional distress; defamation; and state-law whistleblower protection statutes. For Texas-based matters, the Sabine Pilot wrongful-discharge cause of action may apply where the employee was discharged for refusing to perform an illegal act.

Coordination 7 · FINRA Proceedings

FINRA Code of Arbitration and Form U5 expungement

For securities-industry employees, FINRA arbitration proceedings and Form U5 disclosure matters may operate alongside Dodd-Frank claims. Form U5 expungement requires separate FINRA proceedings under FINRA Rule 13805 and presents particular complexity in retaliation matters where the U5 disclosures themselves may reflect retaliatory conduct.

Comparison Across Federal Whistleblower Frameworks

How Dodd-Frank compares to other federal whistleblower statutes

Statute	Monetary Award	SOL	Forum	Distinctive Features
Dodd-Frank § 21F (SEC)	10%–30% of $1M+ sanctions	6 years + 3-year discovery	Federal court direct	Anonymous through counsel · Double back pay · Digital Realty requires SEC reporting
Dodd-Frank § 26 (CFTC)	10%–30% of $1M+ sanctions	6 years + 2-year discovery	Federal court direct	Commodities, derivatives, swaps · Anonymous through counsel
Dodd-Frank § 1057 (CFPB)	None (anti-retaliation only)	180 days OSHA	OSHA administrative	Consumer financial services workers · No bounty
SOX § 806	None (anti-retaliation only)	180 days OSHA	OSHA + 180-day kick-out	Internal reporting protected · Arbitration unenforceable · Jury trial
FCA Qui Tam	15%–30% relator share	6 years + 3-year tolling	Federal court under seal	Government intervention · Treble damages
IRS § 7623	15%–30% of collected proceeds	Statutory framework	Tax Court for award disputes	$2M threshold for mandatory awards · Tax violations

Common Factual Patterns

What Dodd-Frank whistleblower matters typically look like

Pattern 1 — FCPA report and SEC bounty pursuit

An employee at a publicly traded company (or a subsidiary) identifies FCPA anti-bribery or accounting violations — typically improper payments to foreign government officials disguised as consulting fees, agent commissions, or charitable contributions. The employee engages counsel and files anonymously with the SEC under Form TCR. The matter is investigated by the SEC and DOJ, ultimately resulting in a substantial enforcement action. The employee files Form WB-APP within 90 days of the SEC’s Notice of Covered Action and pursues an award under § 21F. The matter may also implicate SOX § 806 anti-retaliation protection if the employee was internally retaliated against.

Pattern 2 — Internal reporting, SEC report, and dual-track retaliation

An employee initially reports financial reporting irregularities internally to supervisors, compliance, or the audit committee. Internal reporting is followed by retaliation. The employee then files with the SEC under § 21F. The retaliation produces two anti-retaliation claims: a SOX § 806 claim under 18 U.S.C. § 1514A (covering both internal and SEC reporting) and a Dodd-Frank § 21F(h) claim (covering only the SEC reporting under Digital Realty Trust). Counsel coordinates both claims, often filing the OSHA SOX § 806 complaint within the 180-day deadline and reserving the Dodd-Frank § 21F(h) claim for federal court filing within the six-year SOL.

Pattern 3 — Compliance or internal audit officer reporting

A compliance officer or internal audit employee identifies violations and faces the eligibility-exclusion analysis under SEC Rule 21F-4(b)(4). The matter typically turns on: (a) whether the compliance/audit officer reported through internal channels and waited the 120-day period before reporting to the SEC; (b) whether one of the substantive exceptions applies (substantial injury to investors, entity impeding investigation, etc.); and (c) whether the information was obtained through compliance/audit functions or independently. The analysis is fact-intensive and frequently determinative of eligibility.

Pattern 4 — Insider trading or tipping report

An employee identifies suspected insider trading by officers, directors, or other employees, or identifies Regulation FD violations involving selective disclosure to analysts or large investors. The employee files anonymously with the SEC under Form TCR. The matter typically involves trading patterns, communication records, and access to material non-public information. Subsequent SEC enforcement may produce both individual and entity-level penalties, generating award eligibility under § 21F.

Pattern 5 — Investment adviser fraud report

An investment adviser employee — at a firm advising registered funds, separately managed accounts, or private funds — identifies misappropriation, conflicts of interest, valuation manipulation, or other fraud. The employee files with the SEC under § 21F. The matter may implicate Lawson v. FMR LLC (571 U.S. 429 (2014)) coverage under SOX § 806 in addition to Dodd-Frank § 21F coverage, given that investment advisers are typically contractors of publicly traded fund families.

Pattern 6 — CFTC commodities or derivatives violation report

An employee at a commodities trading firm, futures commission merchant, swap dealer, or derivatives trading firm identifies manipulation of commodity prices, benchmark rate manipulation, spoofing, wash trading, or similar violations. The matter is reported anonymously to the CFTC under the § 748 program. Common matters involve large bank derivatives operations, energy trading firms, and high-frequency trading firms.

Pattern 7 — CFPB consumer financial services retaliation

An employee of a mortgage lender, debt collector, payday lender, credit reporting agency, or other consumer financial services entity identifies violations of consumer financial law — UDAAP violations, FCRA violations, RESPA violations, TILA violations, FDCPA violations, ECOA violations, or similar. The employee reports internally or to the CFPB. The employer retaliates. The CFPB anti-retaliation claim under § 1057 is filed with OSHA within 180 days. The matter does not provide a monetary award component (CFPB has no bounty program), but the OSHA process provides standard reinstatement, back pay, and attorneys fees remedies.

Pattern 8 — Compliance refusal and retaliatory termination

An employee refuses to participate in conduct the employee reasonably believes violates federal securities law — refusing to sign Section 302 or 404 certifications, refusing to participate in fraudulent revenue recognition, refusing to mislead auditors. The refusal itself is protected activity. Retaliation follows. The matter implicates both SOX § 806 (internal refusal protected) and potentially Dodd-Frank § 21F(h) (if the employee subsequently reported to the SEC).

Why It Matters

The structural significance of the Dodd-Frank whistleblower framework

The bounty framework dramatically expanded whistleblower incentives. Before Dodd-Frank, federal securities-fraud whistleblowers operated almost exclusively under SOX § 806 — which provides anti-retaliation protection but no monetary award. The Dodd-Frank § 21F bounty framework created a substantial financial incentive for whistleblowers to come forward with information about complex securities and commodities fraud. The result has been a substantial increase in the volume and quality of whistleblower tips received by the SEC and CFTC, and a corresponding increase in enforcement activity addressing complex financial fraud.

Anonymous submission through counsel transformed practical access. The pre-Dodd-Frank whistleblower frameworks generally required identification of the whistleblower to the regulatory or enforcement agency. The Dodd-Frank framework permits anonymous submission through counsel under SEC Rule 21F-9(c) and CFTC Rule 165.4, dramatically reducing the practical retaliation risk during the initial reporting phase. Anonymous submission is now the dominant mode of practice for Dodd-Frank whistleblower matters, particularly for senior employees, compliance officers, and similar professionals for whom identity exposure would be career-limiting.

The six-year statute of limitations for § 21F(h) is materially more plaintiff-favorable than SOX § 806. The Dodd-Frank § 21F(h) six-year primary period, combined with the three-year discovery rule and ten-year repose, creates a substantially longer limitations period than the SOX § 806 180-day OSHA deadline. The longer limitations period is particularly important for employees who do not initially recognize the connection between their reporting and subsequent adverse actions, or whose retaliation manifests through subtle long-term career consequences rather than immediate termination.

Digital Realty Trust created the dual-track imperative. The Supreme Court’s holding that Dodd-Frank § 21F(h) covers only SEC reporters made coordinated SOX § 806 and Dodd-Frank § 21F(h) strategy essential. Internal-only reporters must rely on SOX § 806; SEC reporters can layer both frameworks. The dual-track approach — filing internally to preserve SOX § 806 protection and simultaneously filing with the SEC to preserve Dodd-Frank coverage — has become the standard practitioner strategy.

The three Dodd-Frank programs together provide comprehensive coverage of the financial sector. The SEC program covers securities markets; the CFTC program covers commodities, derivatives, and swaps; the CFPB program covers consumer financial services. Together with the related IRS, FCA, and AML/sanctions programs, the federal whistleblower architecture now provides substantial coverage of nearly every category of financial sector fraud — and substantial incentives for insiders to surface that fraud.

The Dodd-Frank framework demonstrates the effectiveness of well-designed whistleblower-incentive structures. The substantial enforcement activity generated by the SEC and CFTC programs — and the substantial whistleblower awards paid out — have established that well-designed whistleblower-incentive frameworks can produce meaningful enforcement results. The Dodd-Frank model has been adopted by subsequent whistleblower programs (AML, sanctions) and serves as the template for further federal whistleblower expansion.

The Firm

How the firm approaches Dodd-Frank whistleblower matters

Doyle Dennis Avery LLP represents employees in Dodd-Frank whistleblower matters across the SEC § 21F program, the CFTC § 748 program, the CFPB § 1057 anti-retaliation framework, and the coordinated SOX § 806 dual-track strategy required by Digital Realty Trust v. Somers. The firm’s Dodd-Frank practice draws on its broader federal whistleblower practice, including its SOX § 806 practice, its FRSA practice anchored on Garza v. Union Pacific Railroad Company, and its STAA practice anchored on Johnson v. Pilot Water Solutions.

The firm’s Dodd-Frank practice is selective by design — these matters are most successful where the whistleblower has genuinely original information not previously known to the SEC or CFTC, where the underlying violations are material and likely to generate substantial monetary sanctions exceeding the $1 million threshold, where the whistleblower has documentation or other support for the report, where the timing supports an inference that the whistleblower’s information will contribute meaningfully to enforcement, and where the whistleblower’s eligibility profile (in particular for compliance or audit personnel) supports an award claim under SEC Rule 21F-4(b)(4). Where the matter meets the firm’s criteria, the firm typically proceeds on a contingent-fee basis with the firm bearing the cost of submission preparation and award pursuit.

The firm’s Dodd-Frank practice routinely coordinates across multiple federal frameworks. Common coordination scenarios include: dual-track SOX § 806 and Dodd-Frank § 21F filings for securities fraud matters; integration with FCPA-SOX analysis for foreign corruption matters (see the SOX § 806 page for detailed FCPA coverage); coordination with federal False Claims Act qui tam filings for fraud against the federal government; coordination with IRS whistleblower filings where tax violations accompany securities violations; and coordination with state-law claims including Sabine Pilot for Texas matters.

Recognition & Representative Authority

Federal whistleblower practice across the Dodd-Frank framework and the broader federal architecture

The firm’s SOX § 806 practice — the essential complement to Dodd-Frank § 21F(h)

Doyle Dennis Avery LLP — SOX § 806 Practice · Dual-track coordination strategy under Digital Realty Trust v. Somers, 138 S. Ct. 767 (2018)

The firm’s SOX § 806 practice is the essential complement to its Dodd-Frank § 21F(h) practice. After Digital Realty Trust, internal-only reporters cannot rely on Dodd-Frank § 21F(h) — their anti-retaliation framework is SOX § 806 under 18 U.S.C. § 1514A(a)(1)(C). The firm’s coordinated SOX § 806 / Dodd-Frank § 21F(h) practice provides the dual-track strategy required for securities-fraud whistleblower matters across the spectrum of reporting modes.

Johnson v. Pilot Water Solutions — Pending matter before a Department of Labor Administrative Law Judge

U.S. Department of Labor · Office of Administrative Law Judges · STAA refusal-to-operate matter · Briefing applies Murray v. UBS Securities contributing-factor framework

The firm’s pending Surface Transportation Assistance Act matter on behalf of a commercial driver. The firm’s briefing applies the Supreme Court’s decision in Murray v. UBS Securities, LLC, 601 U.S. 23 (2024) — the SOX § 806–anchored contributing-factor decision — to the STAA context through the shared AIR21 burden-shifting framework. While Dodd-Frank § 21F(h) does not use the AIR21 framework directly, the firm’s experience with the related federal whistleblower causation doctrines transfers to Dodd-Frank anti-retaliation work.

Garza v. Union Pacific Railroad Company, et al., OSHA Case No. 301037983 (OSHA Secretary’s Findings, Aug. 6, 2025)

U.S. Department of Labor · OSHA · Dallas Region · FRSA matter · UP objection filed; ALJ proceedings pending

The firm’s pending Federal Rail Safety Act matter on behalf of locomotive engineer Juan Garza against Union Pacific Railroad Company. The OSHA Secretary’s Findings Order issued August 6, 2025, found reasonable cause to believe Union Pacific violated FRSA and awarded $184,869.60 in back pay, $10,428.41 in interest, $10,000 in compensatory damages, $150,000 in punitive damages, reasonable attorney’s fees, and $3,750 in expert witness fees. While FRSA operates under the AIR21 framework rather than Dodd-Frank § 21F(h), the firm’s experience with federal whistleblower causation, damages, and remedial frameworks transfers across federal whistleblower work.

Federal whistleblower litigation across the OSHA-administered statute family and direct-court whistleblower frameworks

Doyle Dennis Avery LLP — Federal Whistleblower Practice

The firm represents workers in federal whistleblower retaliation matters across the OSHA-administered statute family (SOX § 806, STAA, FRSA, SPA, FSMA, CPSIA, NTSSA, CFPB § 1057) and the direct-court whistleblower frameworks (Dodd-Frank § 21F(h), Dodd-Frank § 26(h), FCA § 3730(h), NDAA § 4712). The shared procedural architecture and the cross-statute causation doctrines under Murray v. UBS Securities, LLC, 601 U.S. 23 (2024), make the firm’s experience across the broader federal whistleblower-statute family applicable to Dodd-Frank matters.

Newberne v. North Carolina Department of Public Safety, Wake County Superior Court, No. 02-CVS-4500

Wake County Superior Court · Verdict Sept. 28, 2016 · Final Judgment Feb. 16, 2017 · ~$1.97 million on willful violation finding

Whistleblower retaliation matter with a damages framework that transfers to Dodd-Frank § 21F(h) double-back-pay analysis. The willful violation finding and the resulting damages structure illustrate the available range when employer conduct supports enhanced damages.

Alleyton Resource Co. v. Ball, No. 14-19-00816-CV (Tex. App.—Houston [14th Dist.] June 3, 2021)

Fourteenth Court of Appeals · $1,706,187 verdict including $750,000 in exemplary damages on gross negligence finding

The firm’s verdict in a Texas workers’ compensation retaliation matter — affirmed by the Fourteenth Court of Appeals; petition for review denied by the Texas Supreme Court. The firm’s trial and appellate experience in obtaining and defending substantial damages findings transfers to Dodd-Frank § 21F(h) matters where double back pay and broad compensatory damages are at stake.

Multi-statute coordination across federal whistleblower frameworks

Doyle Dennis Avery LLP — Practice Approach

The firm’s federal whistleblower practice routinely coordinates Dodd-Frank claims with: SOX § 806 internal-reporting protection (the dual-track strategy required by Digital Realty Trust); the federal False Claims Act qui tam framework; the IRS whistleblower program under 26 U.S.C. § 7623; the AML/sanctions whistleblower program under the AML Whistleblower Improvement Act of 2022; NDAA § 4712 federal contractor whistleblower; FINRA Code of Arbitration Procedure parallel proceedings; Form U5 expungement matters; state-law tortious interference claims; Sabine Pilot Texas wrongful-discharge claims; and other applicable federal and state frameworks.

Frequently Asked

What employees ask about Dodd-Frank whistleblower matters

What is the Dodd-Frank whistleblower program?

The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 created three parallel federal whistleblower programs: (1) the SEC whistleblower program under Section 922 of Dodd-Frank, which added Section 21F to the Securities Exchange Act of 1934 (15 U.S.C. § 78u-6); (2) the CFTC whistleblower program under Section 748 of Dodd-Frank, codified at 7 U.S.C. § 26; and (3) the CFPB consumer financial services whistleblower protection under Section 1057 of Dodd-Frank, codified at 12 U.S.C. § 5567. The SEC and CFTC programs provide monetary awards of 10%–30% of monetary sanctions exceeding $1 million. All three programs include anti-retaliation provisions.

How does the SEC whistleblower award program work?

Under Section 21F (15 U.S.C. § 78u-6) and implementing regulations at 17 CFR §§ 240.21F-1 to 240.21F-18, the SEC pays monetary awards to whistleblowers who voluntarily provide original information that leads to the successful enforcement of an SEC action resulting in monetary sanctions exceeding $1 million. The award is 10%–30% of total monetary sanctions collected. Submissions are made on Form TCR (Tip, Complaint, or Referral). Award applications are made on Form WB-APP within 90 days of the Notice of Covered Action. Anonymous submissions are permitted if made through an attorney under SEC Rule 21F-9(c).

What is original information under Section 21F?

Under 15 U.S.C. § 78u-6(a)(3) and SEC Rule 21F-4(b), “original information” means information derived from the whistleblower’s independent knowledge or independent analysis that is not already known to the SEC from any other source (unless the whistleblower is the original source), is not exclusively derived from publicly available sources, and is provided for the first time after July 21, 2010. The original information requirement is the most heavily litigated element — claims often turn on whether the whistleblower has provided genuinely new information.

What does Digital Realty Trust v. Somers hold?

Digital Realty Trust, Inc. v. Somers, 138 S. Ct. 767 (2018), holds that the Dodd-Frank anti-retaliation provision under Section 21F(h) applies only to whistleblowers who reported to the SEC — not to employees who reported only internally. The Court grounded the analysis in the statutory definition of “whistleblower” at 15 U.S.C. § 78u-6(a)(6). The practical consequence is that internal-only reporters must rely on SOX § 806 (which covers internal reporting under 18 U.S.C. § 1514A(a)(1)(C)) rather than Dodd-Frank § 21F(h), making coordinated SOX § 806 and Dodd-Frank § 21F(h) strategy essential.

What anti-retaliation protection does Dodd-Frank provide?

Section 21F(h)(1) provides anti-retaliation protection for whistleblowers who provide information to the SEC, assist in SEC investigations, or make disclosures protected under SOX § 806, the Exchange Act, or other SEC-jurisdiction laws. Remedies include: (1) reinstatement with seniority status; (2) two times the back pay otherwise owed, with interest; and (3) compensation for litigation costs, expert witness fees, and reasonable attorneys’ fees. The statute of limitations is six years from the violation date, with a three-year discovery rule and ten-year repose. Claims are brought directly in federal court without OSHA exhaustion.

Can I file a Dodd-Frank whistleblower complaint anonymously?

Yes. SEC Rule 21F-9(c) permits anonymous submission through an attorney. The attorney submits Form TCR on the whistleblower’s behalf and must verify the whistleblower’s identity before submission. The whistleblower’s identity is disclosed to the SEC only when claiming an award on Form WB-APP, and the SEC must continue to protect the identity to the maximum extent possible under 15 U.S.C. § 78u-6(h)(2). The CFTC program at 7 U.S.C. § 26(g) and CFTC Rule 165.4 provides similar anonymity. Anonymous submission is the dominant mode of practice.

What is the CFTC whistleblower program?

Section 748 of Dodd-Frank, codified at 7 U.S.C. § 26, created the CFTC whistleblower program modeled on the SEC program. The CFTC pays monetary awards of 10%–30% of monetary sanctions exceeding $1 million for original information leading to successful CFTC enforcement actions. Covers Commodity Exchange Act violations including commodity price manipulation, benchmark rate manipulation (LIBOR, SOFR), spoofing, wash trading, fraud in connection with swaps, foreign exchange manipulation, and other commodities matters. Implementing regulations at 17 CFR Part 165. Anti-retaliation under 7 U.S.C. § 26(h).

What is the CFPB whistleblower protection?

Section 1057 of Dodd-Frank, codified at 12 U.S.C. § 5567, protects employees of consumer financial services companies — mortgage lenders, debt collectors, payday lenders, credit reporting agencies, consumer credit providers, and other entities subject to CFPB jurisdiction — from retaliation for reporting violations of consumer financial law. Unlike the SEC and CFTC programs, the CFPB program does not include a monetary award provision. It is administered by OSHA under 29 CFR Part 1985 with a 180-day filing deadline.

What kinds of violations generate SEC whistleblower awards?

Common categories include: FCPA violations (which have generated the largest awards); financial reporting fraud (revenue recognition, expense capitalization, off-balance-sheet liabilities, cookie-jar reserves); investment adviser and hedge fund fraud; insider trading and tipping; market manipulation (pump-and-dump, spoofing, wash trading); offering fraud and Ponzi schemes; cryptocurrency and digital asset fraud; broker-dealer misconduct (including off-channel communications); cybersecurity disclosure failures; and ESG misrepresentation.

Who is excluded from the SEC whistleblower program?

Under SEC Rule 21F-8(c) and 17 CFR § 240.21F-4(b)(4), the principal exclusions are: (1) SEC, DOJ, CFTC, FINRA, and law enforcement personnel; (2) persons convicted of criminal violations related to the SEC action; (3) auditors of public companies who learned of violations through audit engagements (with narrow exceptions); (4) attorneys whose information was obtained through privileged communications (with limited exceptions); (5) compliance and internal audit personnel whose information was obtained through compliance functions — unless they reasonably believed disclosure was necessary to prevent substantial investor injury, reasonably believed the entity was impeding investigation, or reported internally and waited 120 days.

How do Dodd-Frank and SOX § 806 work together?

SOX § 806 (18 U.S.C. § 1514A) and Dodd-Frank § 21F (15 U.S.C. § 78u-6) are complementary frameworks. SOX § 806 provides anti-retaliation protection for both internal and external reporting. Dodd-Frank § 21F provides: (a) monetary award incentives for SEC reporting; and (b) anti-retaliation protection limited to SEC reporters per Digital Realty Trust. Counsel handling securities-fraud whistleblower matters routinely files both internally (preserving SOX § 806 protection) and to the SEC (preserving Dodd-Frank § 21F bounty eligibility and anti-retaliation coverage). The dual-track approach maximizes both potential monetary awards and the available anti-retaliation frameworks.

What is the statute of limitations for Dodd-Frank anti-retaliation?

Under 15 U.S.C. § 78u-6(h)(1)(B)(iii): six years from the violation date; three years from when material facts were known or reasonably should have been known; and a ten-year repose. The six-year primary period is substantially longer than the SOX § 806 180-day OSHA filing deadline — a significant practical advantage of the Dodd-Frank framework for SEC reporters. The interplay between the SOX § 806 180-day deadline and the Dodd-Frank § 21F(h) six-year deadline is a critical strategic consideration.

Reviewed By

Jeffrey I. Avery · Partner, Doyle Dennis Avery LLP

◆ Board Certified in Labor and Employment Law by the Texas Board of Legal Specialization · Texas Bar No. 24085185 · Federal court counsel in Dodd-Frank § 21F SEC whistleblower, CFTC § 26, CFPB § 1057, SOX § 806, and broader federal whistleblower matters · Anonymous TCR submission and Form WB-APP award practice · Coordinated dual-track SOX § 806 and Dodd-Frank § 21F(h) strategy under Digital Realty Trust v. Somers, 138 S. Ct. 767 (2018) · Multi-framework coordination across Dodd-Frank, federal False Claims Act qui tam, IRS whistleblower program, AML/sanctions whistleblower program, NDAA § 4712, FINRA proceedings, and state-law parallel claims

Common Questions

What people ask before reaching out.

How do I know if I have a case?+

We evaluate every case evaluation submission. The threshold question is whether the adverse action you experienced was motivated, in whole or in part, by protected activity — reporting misconduct, refusing to violate the law, asserting workers’ compensation rights, reporting harassment, or engaging in other legally protected conduct. The exact framework depends on the statute that applies, but the analytical question is the same. We will tell you what we see in your case and what makes it strong or difficult.

How is the firm paid?+

We work on a contingency-fee basis in qualifying retaliation and employment matters. There is no upfront cost to you. We are paid only if we recover for you, as a percentage of the recovery. If we do not recover for you, you do not owe us a fee. Litigation expenses are typically advanced by the firm and reimbursed from any recovery. The specific contingency rate and expense terms are disclosed in writing in the engagement agreement before representation begins.

Will my employer find out I contacted a lawyer?+

No. Communications during a case evaluation are confidential under the attorney-client privilege from the moment you contact us, regardless of whether we ultimately take your case. We do not contact your employer, send notices, or take any action without your authorization. Many of our matters proceed for months in a fully confidential posture before any external action is taken. The decision about when and how to surface a claim is made strategically, with your input, at the right moment.

What happens after I submit the case evaluation form?+

A senior attorney typically reviews submissions within one business day. If your matter fits the firm’s practice and presents a viable claim, we will contact you to discuss next steps. If your matter does not fit our practice, we will tell you that directly and, where possible, point you toward attorneys who handle the relevant area. We aim to give every submission a substantive response, not silence.

How quickly will I hear back?+

We aim to respond to every case evaluation submission within one business day. Time-sensitive matters — particularly those approaching statute of limitations deadlines — receive priority response. If you have an imminent deadline or have already received a right-to-sue letter or similar timing-critical document, please note that in your submission so we can prioritize accordingly.

See more questions on the full FAQ page or start your case evaluation.

Do You Have Information About Securities, Commodities, or Consumer Financial Services Fraud?

Dodd-Frank provides monetary awards of 10%–30% of $1M+ sanctions — and the six-year anti-retaliation framework with double back pay.

If you have original information about securities fraud, FCPA violations, market manipulation, insider trading, investment adviser fraud, broker-dealer misconduct, accounting fraud, cybersecurity disclosure failures, or other SEC-enforceable violations; about commodities fraud, derivatives fraud, swap manipulation, benchmark rate manipulation, spoofing, wash trading, or other CFTC-enforceable violations; or about mortgage lending fraud, debt collection violations, credit reporting violations, consumer credit fraud, or other CFPB-jurisdictional violations — and particularly if you have been retaliated against for reporting such conduct or are considering whether to report — you may have claims under the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. The SEC and CFTC programs provide monetary awards of 10%–30% of monetary sanctions exceeding $1 million. The anti-retaliation provisions provide direct federal court access, reinstatement, double back pay, and a six-year statute of limitations. Anonymous submission through counsel is permitted under SEC Rule 21F-9(c) and CFTC Rule 165.4. Coordinated SOX § 806 strategy under Digital Realty Trust v. Somers may be essential for internal-reporting matters.

Speak with our team →

Past results do not guarantee a similar outcome in any future matter. Every case is different, and outcomes depend on the specific facts and applicable law.

This page is attorney advertising. The content is for informational purposes only and does not constitute legal advice. Reading this page does not create an attorney-client relationship.

Statutory citations are current as of the date of publication. 15 U.S.C. § 78u-6, 7 U.S.C. § 26, 12 U.S.C. § 5567, 17 CFR Part 240 Subpart F, 17 CFR Part 165, 29 CFR Part 1985, 18 U.S.C. § 1514A, and other referenced provisions may be amended; current statutory text should be consulted for any specific application. The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, Pub. L. No. 111-203, may have been the subject of subsequent legislative amendments, including the Anti-Money Laundering Whistleblower Improvement Act of 2022 and other amendments. U.S. Supreme Court decisions referenced — including Digital Realty Trust, Inc. v. Somers, 138 S. Ct. 767 (2018) — represent the current state of relevant Supreme Court precedent. SEC and CFTC implementing regulations and program guidance are subject to revision; the SEC Office of the Whistleblower and the CFTC Whistleblower Office maintain current program guidance. Anonymous submission procedures and forms (Form TCR, Form WB-APP, and equivalent CFTC forms) are subject to administrative revision. Dodd-Frank whistleblower matters frequently involve coordination with SOX § 806, FCA qui tam framework, IRS whistleblower program, AML/sanctions whistleblower program, NDAA § 4712 federal contractor whistleblower protection, FINRA proceedings, and parallel state-law claims; counsel will analyze the appropriate multi-framework strategy for any specific matter. The award eligibility rules under SEC Rule 21F-4(b)(4) and CFTC Rule 165.2 — particularly the exclusions and exceptions applicable to auditors, attorneys, and compliance/internal-audit personnel — are fact-intensive and require specific evaluation.