Many financial institutions across the nation are receiving threatening letters claiming that their websites are not accessible as required by the Americans with Disabilities Act (“ADA”). The letters first went to financial institutions in California, New York and Pennsylvania. Now they are threatening financial institutions in Arkansas, Maryland, North Carolina and Georgia. Soon they will come to Virginia, West Virginia and South Carolina. The South Carolina Bankers Association
and West Virginia Bankers Association
already are addressing this with their members. You need to be prepared.
Carlson Lynch Sweet & Kilpela LLP, allegedly on behalf of a blind "tester," not even a customer of the financial institution, accuses the financial institution of not complying with the ADA, because the target financial institution websites are not accessible to blind people. They are demanding large sums to settle these matters.
Unsettled law on this subject makes it ripe for these kinds of claims. Title III of the ADA prohibits discrimination “on the basis of disability in the full and equal enjoyment of the goods, services, facilities, privileges, advantages or accommodations of any place of public accommodation.” Financial institutions are places of public accommodation, as indicated in regulations for ATMs. There are no federal regulations yet, however, for websites. What standards likely apply?
The Department of Justice (“DOJ”) clearly believes Title III of the ADA covers websites. Rulemaking was postponed until 2018, but DOJ has private standards that it likely would apply. Call this “Double Secret Probation” and consider DOJ to be Dean Wormer (from Animal House
, i.e., not your friend). Neither DOJ nor your financial regulator will help you with this.
DOJ already settled with several cities about making employment applications on city websites accessible to everyone. This probably includes providing text descriptions for non-text content, captioning pictures and tables, and providing audio descriptions. It likely also includes avoiding content that may cause seizures and making the entire process available from a keyboard. This all is consistent with WCAG 2.0, Level AA.
What should you do?
- Adopt a policy standard of accessibility for the financial institution. We recommend WCAG 2.0, Level AA. This requires that the site be perceivable, operable, understandable and robust. There are 12 specific guidelines for meeting this standard. If you do what is suggested in the previous paragraph and the recommended actions, you should meet this standard in general, but meeting the specific 12 guidelines is the best course. This is the same standard recommended by the South Carolina Bankers Association. It also is the standard that the “troll” letters ("Troll” is a slang term typically used to describe a third party suing a variety of persons for the same technical violation of a law or right.) typically mention in detail. The DOJ or federal regulators could develop a different standard tailored for financial institutions, but WCAG 2.0, Level AA is the best bet at this time. It should provide a ready defense against any "troll" letters you receive on this subject. Several vendors also offer this service.
- Appoint a person in your financial institution to oversee all electronic information technology accessibility and also review new technology in this area.
- Have your website team report to both the person in charge of website accessibility and your CEO, and make sure that the entire team understands this issue and its importance to the institution.
- Create a webpage dealing with accessibility and explaining how to engage the accessibility options. This should be a link on your homepage.
- Ensure that all your website vendor contracts address this issue.
You also may consider having your website audited by an expert in this field or have the services provided by a third party vendor. That may not be necessary, but it would help ensure that you are meeting the current minimum standard.
What if we get a letter?
If you receive a “troll” letter, review it carefully. Contact your regulatory counsel immediately and together review your current website accessibility and draft a response. Also contact your liability insurer, who should provide some degree of cyber insurance. If experience with patent trolls is any indication, “troll” firms will not risk a lawsuit with a financial institution that a court may deem compliant. It would set a minimum standard and some degree of certainty in the process. "Troll" firms thrive in an uncertain environment. That does not mean that you can do nothing. If you act reasonably to address this issue, and especially if you are in current compliance with WCAG 2.0, Level AA, it is doubtful that a troll firm will have any claim against you.
What if I still have questions?
If you have any questions about this risk or compliance standards, please feel free to call one of our financial institution regulatory lawyers