Go Back

What is the Dodd-Frank Act? Regulations & Communication Compliance Overview 

What is the Dodd-Frank Act?

Picture it: June 2009 – The Great Recession. Spurred by the financial crisis of 2007-2008, with the collapse of the mortgage securities market because of cheap credit and relaxed lending standards, then President Obama proposes a “sweeping overhaul of the United States financial regulatory system, a transformation on a scale not seen since the reforms that followed the Great Depression”.  

The Dodd-Frank Act is born. 

Congressman Barney Frank (D-MA) and Senator Chris Dodd (D-CT) drafted legislation based on Obama’s proposal and one year later, on July 21, 2010, the Dodd-Frank Act transformed Wall Street. To date, it remains the most far-reaching changes to the USA’s national financial services industry. Designed to improve consumer protection and financial stability along with the intention of boosting the economy –analysts argue that the latter was not achieved. 

Opponents highlight the pending $27 billion gap in the economy as a result of the Dodd-Frank Act along with the need to hire 2,600 full-time Federal employees to ensure compliance – at a cost of $3 billion for the first five years alone as enough proof to call it a failure. Not to mention the estimated 24 million hours required annually by businesses to uphold Dodd-Frank compliance – for reference, that’s more time than it took to build the Panama Canal.  

With the introduction of this American legislative bill, organizational members of the financial services industry worldwide were put on notice. Wall Street was finally held accountable instead of taxpayers if a financial firm failed. American families were now afforded protection from abusive and unfair financial practices including over-extending credit.  

What Changed? 

In a word, everything. At the most simplistic level of changes, traditional banks were now required to keep more cash on hand and be subjected to regular stress testing to ensure banks used their earnings to build capital instead of paying dividends. Nontraditional credit intermediaries could now be declared to intervene when a firm’s failure posed a risk to the financial system. Interestingly, and perhaps most relatable, large financial institutions were forced to create and file “living wills” which specified how the institution could be resolved in the event of looming bankruptcy. Below, some of the biggest changes brought about by the Dodd-Frank legislation:  

  • the Office of Thrift Supervision (OTS) was eliminated 
  • the Federal Deposit Insurance Corporation (FDIC) absorbed the responsibilities of the OTS and was assigned new powers 
  • the Consumer Financial Protection Bureau (CFPB) was established to protect consumers with their purchases of mortgages, credit cards, and other financial products 
  • the Financial Stability Oversight Council and the Office of Financial Research were both established to work in collaboration towards the identification and neutralization of threats to the financial stability of the US 
  • the Federal Reserve became even more powerful with new rights to regulate leading financial institutions 
  • the Orderly Liquidation Authority was established to smoothly dissolve large corporations 
  • Corporate governance adjustments were made and imposed on all companies. 

Communication in Financial Transactions 

In continuation of the Dodd-Frank Act’s theme of simplified messaging so that the Jane-or-Joe-Average-Consumer could understand their financial choices, another important act was passed in 2010.  The House enacted the Plain Writing Act of 2010 which required all government entities to use “plain speak” in their messages intended for public consumption.  

Where things got a little dicey for financial institutions was at the intersection of communications and compliance. The big, new headache was that all conversations between regulated employees, such as those on the trading floor in the front office, with employees in the back- or middle-office had to be recorded. So did all conversations with consumers. Moreover, if a regulatory agency demanded evidence for an investigation into market abuse, the firm now had to demonstrate how they monitored and detected non-compliant behavior per the Dodd-Frank requirements. But that wasn’t all of it – firms also had to be able to reconstruct all activities related to non-compliance. They were also now required to show the regulatory agency investigating the incident a full timeline with all conversations, emails, texts, trades, and other activities mapped to illustrate, “Who said what to whom and who did what?” 

Key parts of the Dodd-Frank legislation as they related to communication include: 

  • §SEC DFA 951-954 – firms had to demonstrate fail-safes and operational redundancy to prevent the loss of voice call recordings 
  • §CFTC Regulation 23.2 – to prevent fraud, all firms were now required to have surveillance programs for voice, email, IM, and Chat in place to monitor for manipulative practices. Plus, firms were put on notice to provide evidence of said manipulations and clear resolutions to any risks identified.  
  • §764 SEA Section 15F(g)(1) – “swap dealers” external to the US had to maintain records of all daily trading activities include voice, IM, Chat, and email with the US banks they were dealing with 
  • §Section 764 SEA Section 15F(g)(4) – compliance departments were now tasked with reconstruction and to be ready to present all relevant communication in a clear timeline – on demand.  

Dodd-Frank Challenges 

Along the lines of, “what goes up, must go down,” attempts to repeal Dodd-Frank bank regulations began almost immediately after the bill was narrowly passed. The Financial Choice Act was passed in the House on June 9, 2017 undoing many of the provisions set forth nearly a decade earlier with Dodd-Frank. And then on May 24, 2018, then President Trump signed The Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRPCPA). In doing so, many of the protections provided by the Dodd-Frank legislation were rolled back. And, in some cases, unwound altogether.  

The “too big to fail” threshold for banks was raised from $50 billion to $250 billion and small banks with less than $10 billion in assets were no longer bound by the Volcker Rule. The latter serves as a Dodd-Frank compliance provision which limits banks from speculating about future market conditions. On the flipside, opponents argued that many banks were “too small to survive” under the new provisions given the onerous tracking and reporting compliance requirements. 

However, with the repeal of the Volcker Rule, commercial banks could now partake in proprietary trading and speculative activities to make a profit – without having to justify or explain the rationale of their activities to their customers. Essentially, all but a few behemoth banks were no longer subject to the Dodd-Frank requirements which governed how they communicated with customers. Here’s where things get a little muddy.  

While the Dodd-Frank Act remains in place, much of the trust that it built with consumers and banks has been lost based on recent legislation.  

Failure to Comply to the Dodd-Frank Regulations  

Unsurprisingly, there are legal and financial consequences for failing to comply with the Dodd-Frank requirements. What may be surprising to some is that the Act authorizes the SEC (Securities & Exchange Commission) to impose civil penalties. Of course, penalties cannot be imposed until the SEC has concluded a hearing on-the-record to determine if a violation of the act was in the public interest and worthy of a civil penalty. Each low-level violation, called “first-tier,” costs $7,500 per person or $75,000 per entity. Second-tier fines are $75,000 per person and $375,000 per corporation whereas third-tier fines are double those amounts.  

Banks are “damned if they do, damned if they don’t” regarding their adherence to Dodd-Frank requirements. Estimates suggest that banks are spending an additional $65+ billion per year to keep up with all the provisions covered by the Act. As of 2017, according to a report by the Boston Consulting Group, more than $321 billion in fines were levied on banks for failing to comply with regulations enacted within the prior decade. The fines included everything from financing terrorists to money laundering.  

In 2015, the CFPB, the FDIC, and the Office of the Comptroller of the Currency (OCC) participated in a coordinated audit of Citizens Bank. Harm caused to consumers by these “unfair and deceptive practices” and failure to demonstrate how they received and resolved complaints got the bank into troubled waters related to the protections afforded consumers by the Dodd-Frank Act. A fine of $18.5 million was levied for deceptive practices where Citizens Bank pocketed any difference between the amount that was written on a deposit slip versus the amount actually deposited.  

Of course, we all know about the recent $1.8 billion in fines levied on five of the world’s biggest banks for using WhatsApp and other non-approved eCommunications channels – then lying about using them. Among the big banks fined, Bank of America is repeatedly on the offenders’ list. In 2022, the Office of OCC levied a $125 million civil money penalty for its use of a prepaid card to disburse unemployment insurance.  

In parallel, CFPB issued a $100 million civil money penalty to compensate consumers who were harmed by the practice and their failure to clearly disclose the risks associated with usage of the card. Recently, the OCC also issued a $60 million penalty for repeatedly billing customers overdraft fees – on the same transaction. American Express also found itself in the cross-hairs of the OCC in receipt of a $10 million civil money penalty for its failure to capture and address consumer complaints. 

How to Stay Compliant  

Training employees in what to do – and what not to do – is the obvious low-hanging fruit of Dodd-Frank compliance. Policies, of course, are the right-hand of training and a required part of using training as a risk mitigation strategy. Regularly testing systems and internal controls with hypothetical scenarios is another sure-fire way to stay ahead of compliance requirements. Utilizing technology, such as encryption and multi-factor authentication, to ensure secure storage plays an essential role in safely archiving transaction data; especially relevant eComms data.  

Where it gets tricky is the ongoing surveillance of communications to prevent regulatory breaches. Shield’s InfoBarriers, detects signals of insider trading and material non-public information (MNPI) breaches to protect organizations. Our technology identifies insiders, monitors their communications closely, and identifies when MNPI has been leaked. Even if that breach is internal, between departments, the technology flags the transfer of privileged information. An unparalleled feature of the Shield monitoring platform is the ability to detect nuance in language, including interpreting “emoji speak,” and stitching together conversations that are deliberately – or inadvertently – spread over a series of different channels.  

Whichever monitoring solution you choose, it’s up to you. But your ability to uphold the 400+ regulations detailed in the Dodd-Frank Act will be challenged by the OCC and other governing bodies. If you are not prepared to comply with the regulations stipulated, talk to an expert about how to mitigate your organization and personal risk – without draining your assets to do so. 


Follow Us

Subscribe to Shield’s Newsletter

Capture everything. Deploy anywhere. Store in one place.