Is Our Bank Website ADA Compliant?

By: (CISA, CISSP, CRISC)

Publication: Nebraska Banker , January/February 2017

 

Nebraska Banker Jan- Feb 2017There has been a lot of attention on website ADA compliance over the past few months.  Several community banks have received demanding letters from law firms alleging the bank is violating the Americans with Disabilities Act (ADA).  Purportedly these letters claim that unless the bank modifies its website to meet the World Wide Web Consortium’s Web Content Accessibility Guidelines (WCAG), the bank will continue to violate ADA.  So, what does this mean?  Let’s take a look at some common questions banks are asking about ADA compliance.

What is ADA compliance?

The Americans with Disabilities Act (ADA) is a civil rights law that prohibits discrimination against individuals with disabilities.  The Internet, as it is known today, did not exist when the ADA was passed and signed into law on July 26, 1990.  In order to provide better ADA guidance for Internet websites, the Department of Justice (DOJ) initiated rulemaking concerning website accessibility in 2010; however, it has been repeatedly delayed, including a recent delay, pushing it to 2018.  Nevertheless, even with the stalled regulations, the DOJ appears to consider a website “accessible” if it complies with the Web Content Accessibility Guidelines (WCAG) based on previous investigations, settlements, and court filings.

What are some specific expectations for ADA compliant websites?

A few examples of how accessibility standards might apply to your bank’s website include:

  1. Providing text alternatives for all non-text content (e.g. pictures). The text can then be presented in other forms needed for accessibility (e.g. large print, braille, speech).
  2. Providing alternatives for time-based media (e.g. video, audio, slide-shows).
  3. Developing the site so it can be presented in different ways (e.g. simpler layouts) without losing information or structure.
  4. Making it easier for users to see and hear content (e.g. color, contrast, size).
  5. Making all functions available from a keyboard.
  6. Providing users enough time to read and use content.
  7. Not presenting content in ways known to induce seizures.
  8. Providing ways to help users navigate, find content, and determine where they are on the site.
  9. Making text content readable and understandable.
  10. Making web pages appear and operate in predictable ways (e.g. consistent navigation).
  11. Helping users avoid and correct mistakes (e.g. input error detection, error prevention, context-sensitive help).
  12. Maximizing compatibility with current and future user agents, including assistive technologies.

 

What can my bank do?

  1. Understand the requirements and expectations of ADA.  Recently there has been an abundance of opportunities (e.g. articles, webinars) to gain a better understanding of web accessibility guidelines.  Take advantage of these opportunities so you can know what is expected of your bank and how you can best provide equal access and opportunities through your website.
  2. Contact your web developer and online banking vendor or staff.  Most web designs and online banking providers know and understand ADA and WCAG guidelines and strive to develop non-discriminatory, accessible sites.  In addition, review contracts with web development companies to ensure ADA requirements are addressed.
  3. Conduct an ADA compliance review of your bank’s website.  Contact your IT audit or penetration testing company to see if they perform ADA compliance reviews.  In addition, there are a variety of scanning tools you can use or security firms you can hire to audit your website for ADA compliance.  An audit will give your bank an idea of where you stand and show you are taking pro-active steps toward website ADA compliance.

 

 

Russ Horn is the president for CoNetrix. CoNetrix is a provider of information technology consulting, IT/GLBA audits and security testing, Aspire IT hosting, and the developer of tandem, a security and compliance software suite.  Visit CoNetrix at www.conetrix.com.