We are in the process of updating our website - new design and information. I was not a part of this committee until today. The design has been built and they are now in the process of adding the content. I'm just curious if there is some type of "checklist" of compliance items to look at so to speak. I just want to make sure I cover all compliance issues before the site goes live - and being brought into the mix in the middle of creating it makes things difficult it seems.

What all should I be looking for and watching for? Does anyone know of a checklist or have a checklist I could use? Also - what about the ADA compliance for websites I've read about. Where can I find more information on this?

Thanks in advance!

There was one in the "Tools" 10 to 15 years ago, but I don't remember seeing anything since. Nevertheless, there are a several basic steps you can take to get some points on the board while you search for something more comprehensive.

Generally, most pages of a bank website deliver promotional information, so they are subject to one or more of the advertising rules for deposits, loans, and other services. If you review ads in other media, you might be up to speed on the different sets of regs for deposits, open-end credit, closed-end credit, housing loans and lines, credit cards, student loans, etc., etc., etc. It still won't hurt to do a quick refresher. Web-based ads are subject to the same principles as ads in any other medium, but there are occasional "extras"--like the so-called "one click rule."

Another common element of most pages is the logos and legends. There were 3 regulatory items when I last reviewed bank websites (circa 2007). Housing credit pages should display the EHL "doghouse", but you don't violate any rule if you plaster it on every page on the site. The FDIC membership statement is also allowed on all pages EXCEPT NDIP. Pages promoting NDIP must contain the necessary disclaimer. Your job is to review & approve the graphics and content of these items and declare which ones go on each page in the site.

Another page-by-page quickie is an eyeball test for diversity in any human images used on the site. Unless the regulators have developed preferences, I'd look at the site as a whole--as long as the forest is inclusive, the page-by-page presentation of trees shouldn't be a big issue. Housing credit pages could warrant an exception.

The single most popular way to violate the law with a bank website is with rateboards. I've seen stale rate info from time to time and it's always intolerable. Banks can and should do better. 9 out of 10 violations, however, will come from trigger term/triggered content errors and omissions. The concepts are the same, but the mechanics are different for deposits, open-end credit, and closed-end credit. Before you look at the first draft webpage, know what constitutes each type of trigger term and what must appear when triggered.

After you scan for the superficial stuff, the next level into the site is functionality. Other than reading your ad copy and rates, what can a site user do interactively? If you find credit application forms, then your review needs to consider COPPA, fair lending, and any other reg. that applies to requests for information. If accountholders can sign up for e-delivery of statements and anything else containing federal disclosures, then ESIGN enters the picture. If deposit accountholders can sign up for new types of electronic payments, then consider how Reg. E applies.

If this is beginning to sound like a lot of common sense, then you're on the right track! Go with the flow. There's no right or wrong way to review web content. Look at what's there and base your review and recommendations on whatever regs you determine to be relevant. Also, remember that web content can be dynamic--now you see it, now you don't! Be sure you understand what every given site visitor might see, hear, or experience

Thank you Richard! This is wonderful information and very helpful.

I appreciate your help!

Another immediate action item I should have mentioned is Adobe Acrobat.

The full version of Acrobat (not the free Acrobat Reader) is an essential tool for anyone who oversees a website. Acrobat's "capture" feature allow you to download, convert (to a standard .pdf format), and save any or all of most websites. The capture grabs every element of every page that is linked to the beginning point you declare. The resulting .pdf document is very close to a clone of the actual site...including links which all work the way they do on the live site.

For sites that consist mainly of a series of linked static pages, Acrobat is perfect. Most sites, however, contain some percentage of dynamic pages (created by the web server on the fly) using content that is stored in a database. No tool, Acrobat included, can clone the functionality of the server, so the engine and data that comprises a dynamic site will need to be documented and reviewed by alternate means. Nevertheless, some representation of this content can be woven into an Acrobat site capture.

Needless to say, the ability to do full-site date-stamped captures with one click will GREATLY simplify the process of today's validation reviews and tomorrow's documentation of ongoing compliance. Also, the ability to extract one or more pages from a site capture will be very handy any time you need to discuss site-related regulatory issues with vendors and your marketeers, business managers, and other content owners.

It would certainly be beneficial to make sure that your website pages are WCAG 2.0 compliant. It has become the de-facto standard for ADA compliance absent any specific regulations from the DOJ.

Don't forget speed bumps if your site links to third party sites. See the interagency guidance from April 2003. https://ithandbook.ffiec.gov/media/resources/3286/fdi-fil-30-2003_weblinking.pdf

Thank you all for the help. It's appreciated!