Avoid the Bank Website Shakedown

May 22, 2017 | Financial Services, Security-GRC | 0 comments

Threats of lawsuits are landing at banks across the state of Ohio, alleging websites are violating the Americans with Disabilities Act of 1990.

The threatening letters often come from lawyers who have made a business of working through different industries seeking ADA settlements.

Complying with ADA regulations is complicated, though, because the Department of Justice began the website accessibility rulemaking process in 2011, but no formal regulations have been released. They’re not expected until next year. That leaves banks in a difficult position.

However, hundreds of federal lawsuits have been filed, and many cases are settled before a suit is ever filed. So what you should do?

Don’t freak out. But don’t stay comfortable.

Two cottage industries have arisen:

  1. Lawyers threatening lawsuits for alleged ADA violations.
  2. Questionably qualified IT professionals offering mitigation.

“The last thing you want to do is waste time or money with a firm that promises compliance but doesn’t deliver at 100%,” said Gary Baney, who heads web and app development for ASMGi.

As a highly regulated entity, a bank must be careful whom control of websites they allow access to. Opening your site up to a firm that doesn’t have a history of strict security compliance may open you up to more risk than even ignoring the website issues altogether.

Take practical steps to mitigate

Baney recommends taking practical steps to address issues, whether you run your own website or use one of the third-party bank website development firms. Not only will the DOJ be eventually defining regulations, changes will help any disabled customers you currently have. In addition, having a plan you’re actively working is the first step to any defense you may need to provide in this evolving landscape.

  1. Assess your site
    While there are no regulations, the DOJ has accepted the WCAG 2.0 AA standards in settlements. If you have an internal IT audit staff, perform the audit yourself. Or hire a reputable firm. There are free tools online to get a baseline check, but an audit should go further than that.
  2. Designate a compliance officer
    If it is not a specific person’s responsibility, then it is no one’s responsibility. You need to hold someone accountable for it, internal to the bank or to a trusted partner.
  3. Assess vendor contracts
    Even if your website is not developed by your bank, you are still responsible. Your assessment should include any external contracts. The contract should include specific language, not vague references to ADA compliance.
  4. Create a plan
    Any deviance from your adopted standards should be listed in priority order and you should plan to address them one-by-one. You will also need to bolster training and augment your change management process to include compliance with your newly adopted standards.
  5. Build a feedback loop
    Part of your plan should include creating a space for customers to report website accessibility issues.
  6. Start mitigating
    Remediate your existing site in a methodical matter. Depending on your IT team’s size, bandwidth and competency, you may be able to do it internally or you may need assistance from a third-party firm.
  7. Reassess and continuously improve
    Your plan should include regular reassessments and mitigation of any issues found.

This blog post originally appeared in CBAO’s Community Banker. If you’re interested in hearing more about auditing, remediating or consulting, please call banking practice lead Laura Liu at 216-373-8074 or e-mail her!

View/Add comments

Related Posts

Navigate the blog