AuditOne Advisory : How to comply with website ADA (section 508) as a financial institution

AuditOne Advisory

From Bud Genovese, Chairman

Your institution may have legal and monetary risk exposure due to new web content laws. Kevin Tsuei, Technology Practice Director, explains the law and how to proactively reduce risk, including a technical scan of your website, and remediation suggestions. This advisory should provide timely information to you, the board, management, and your risk management team. Please forward to applicable parties, thank you –Bud.

On January 9, 2017, the U.S. Access Board refreshed their accessibility requirements for websites, electronic documents, and software. This standard is often referred to as Section 508. One of the major changes involved adopting Web Content Accessibility Guidelines (WCAG) 2.0 Level A and Level AA criteria. These guidelines are maintained by World Wide Web Consortium (W3C), which is an international community (not a government regulated body). Their mission is stated on their website ( “The W3C mission is to lead the World Wide Web to its full potential by developing protocols and guidelines that ensure the long-term growth of the Web.”

What does this mean for Financial Institutions?

Since the adoption of WCAG 2.0 Level A and Level AA, numerous financial institutions, including community banks and credit unions, have received letters from law offices stating that their website is not compliant with the Americans with Disabilities Act (ADA). This has resulted in remediation and monetary compensation (through settlement or insurance claims) requirements. Note that the monetary compensation requirements have not been inexpensive; most institutions have a deductible in the five figures range.

To assist our clients with complying with the new Section 508 standards, we have developed an assessment product to not only scan institutions’ websites, but also to provide remediation steps for the Bank’s web developer to address. We are currently offering a free summary scan to any of our clients. This free scan will list the number of Level A and Level AA issues that are present on the Bank’s website. We will also provide a summary of the issues, but it will not contain any remediation steps or any other control enhancements that we perform with our assessment services.

We designed our assessment to evaluate the accessibility of the institution’s informational website against the new Section 508 standards (W3C’s WCAG 2.0 A and AA). In addition, we review the Bank’s Website Accessibility Policy and Procedures based on the ADA Best Practices Checklist from the US Access Board. The goal of the assessment is to provide an action plan that management can use to remediate accessibility issues, as well as resources to assist management with monitoring for continued compliance.

What is expected of Financial Institutions?

To date, there is no guidance from financial regulators. However, there are certainly legal and financial risks of non-compliance with Section 508. Besides ensuring the Bank’s informational website is compliant with Section 508, we recommend that the Bank develop a written policy addressing website accessibility. Some of the controls listed in the policy might include verification of compliance over new or changed contents, in-house and contractor training over this topic, periodic audit of its website along with an established remediation process, and a response process for when website visitors report accessibility issues.

In addition, it is important for management to publish their website accessibility policy on the institution’s website.  This policy should include an invitation for visitors to provide suggestions for improvement and a process to report any website accessibility problems (telephone, e-mail, etc.),

If you would like us to perform a free summary scan against the new Standard 508, please email Kevin Tsuei. Please be sure to provide your institution’s website URL.


AuditOne LLC – Company Overview

AuditOne LLC provides independent risk management services to financial institutions. Our sole focus is providing internal audit and credit review services to the financial institution industry. We have experience with all regulatory authorities and offer a full selection of audit services comprising Credit Review/ALLL, BSA/Compliance, IT/Information Security, ACH rules Compliance, Operations, Network Tests, Asset/Liability Management and various specialty areas. Our expertise is your edge. For more information on this article, please contact Jeremy Taylor, Co-CEO at Contact Us or Kevin Watson, Co-CEO at Contact Us and for information about all of our audit services see