DXPs and Mitigating Website Compliance Risks

website compliance issues - dxp diagram for financial sector Written By Dusty Ellis

We recently spoke to executives from several different financial institutions, from smaller community credit unions to larger regional banks, to find out what is being discussed in the exam room.  More specifically, we wanted to understand which website compliance issues they are encountering as their FI moves towards a digital-first approach. 

A big part of this digital-first strategy is improving engagement with customers, members, and prospects through digital channels.

Many financial institutions have come to the realization that their static marketing website doesn't help them achieve this level of engagement. 

They want a website solution with modern features and advanced marketing capabilities that allow them to better serve their customers and also get their financial products and services in front of the right audience. 

This is where digital experience platforms or DXPs enter into the discussion.  Although we don't intend to go into what a DXP is in this article (you can read our article on "What is a DXP?), we will mention how it can impact your financial institution. 

A DXP will give your financial institution the ability to do things like personalize content for a specific audience, gain insights into customer journeys, offer advanced search and chat functionality, and the ability to integrate with other business systems so you can get a 360-degree view of a customer across all digital touchpoints. 

Although the benefits of moving to a DXP solution far outweigh the risks, it is important to understand the compliance risks and how your financial institution can mitigate potential fallout from compliance issues. 

So let's get started with ADA compliance and website accessibility. 


ADA Compliance

When speaking to banks and credit unions about their websites and specifically around compliance, one of the first items most of them brought up was ADA and website accessibility. 

ADA compliance and web accessibility ensure websites are accessible to all, especially people with disabilities. 


Compliance Challenges with ADA/Website Accessibility and DXPs

Even the smallest change in font size or color can cause your site to fall out of compliance, and because your DXP may be integrated with systems that automatically populate content on your site from outside sources, maintaining compliance can be a challenge. 

A digital experience platform is an integrated set of tools and platforms which helps deliver a consistent experience by connecting all of your customer's digital touchpoints across your financial institution.  When you integrate your website with other applications, there will always be a potential for additional challenges when it comes to maintaining ADA compliance across your digital experiences. 


Ways to Mitigate ADA Compliance Risk 

There are several ways that your bank or credit union can ensure ADA compliance and website accessibility. 

These include using...

  • A design system
  • Browser plug-ins that check for ADA requirements
  • Automated scanning tools that scan your site for accessibility issues
  • Workflows in your content creation and page building process

We encourage you to go and read ADA Website Tips for Financial Institutions to get tips and best practices for implementing each of these in your web development and content creation processes. 


Privacy and Disclosures


External Links to Third-Party Websites

Since a digital experience platform integrates with other tools, platforms, and digital solutions, this means your financial institution is likely directing traffic to third-party sites. 

Although these third-party tools can help your bank to be more efficient and expand your product portfolio and financial services to your customers, it is important to understand the compliance challenges it will bring to your financial institution. 


Compliance Challenges with External Links

When directing your website visitors to an external application, it is important to understand that your financial institution no longer has control over the user experience once they leave your site. 

As a part of your due diligence, your financial institution needs to evaluate these external links and strongly consider the security and privacy protections they have in place on their website. 

By not doing this, you could get yourself blamed if the third party happens to leak your customers' confidential information.  

But what about when your compliance team does their due diligence and the third party passes a comprehensive vetting process, yet your customers are impacted by a security vulnerability?  This is where disclaimers come in and more specifically speed bumps. 


Use Speedbumps for External Links

The main function of a website speed bump is to let your users know that they are leaving your website and going to another site.  The reason they are used often on financial institution websites is to cover themselves from being blamed for security or privacy flaws on a 3rd party site. 

Moving toward a DXP model for your website could mean more external links to manage, which means more speed bumps to manage as well.

Many banks and credit unions have a manual approach to adding speed bumps, which could lead to missing a link. This is why it is crucial to automate the process as much as you can.

We recommend automating speedbumps for all external URLs and then adding the exceptions to a whitelist. This whitelist can be added to the code itself, but a more efficient way to do this is to create a way for content editors to manage the list in the admin dashboard of your DXP. 


Privacy Laws 

Another common compliance issue that arises with financial institution websites is privacy.   Privacy has been a hot-button issue in the last several years and it is something that is especially important in the financial industry.

A key feature of a DXP is the ability to personalize the site experience for your customers. This is done with a user journey mapping software that tracks anonymous visitors and keeps a log of the content they are engaging with on your site.

So if someone has viewed content specific to mortgage loans then the next time they visit your site's homepage you can serve them an offer for home loans.

Although the intention is to better serve the customer, there are a lot of privacy concerns because the data stored could be exploited if it got in the wrong hands. 

The General Data Protection Regulation (GDPR) set a standard in privacy laws in Europe, particularly for websites. Many of these policies are making their way to the States, and have been on the radar of marketers and examiners for a few years now.

California added CCPA legislation in 2020 requiring cookie banners for many industries, and CPRA, which is slated to go into full effect in 2023 has additional legislation that will affect internet traffic in the state and will also impact some out-of-state companies that serve California residents.

Also, Colorado and New York appear to be forming legislation that would require additional disclosures on your site.

So, as your bank or credit union implements a digital experience platform with features like personalization that often includes data flowing between your CMS and other systems, you need to ensure that policies are updated to match the functionality that is now available. If not, this can pose a serious risk to your financial institution during exams.


Mitigating Risk and Staying Compliant with Privacy Laws 

With new legislation being considered at the state level, your number one mitigation strategy for staying in compliance with privacy laws is to keep watch over the new legislation put in place both by the states you are in, as well as the states you serve.

We recommend adding this topic to your next discussion with examiners, as they often have good insight into what is coming down the pipe.

Another way to ensure compliance is to preemptively place a cookie acceptance banner on your website letting visitors know that when visiting your site, they are being tracked and also allow give them the control over their privacy by allowing them to accept or reject being tracked on your site. 

We recommend using similar language to what you currently put in your privacy disclosures today if your state does not already have mandated language. 

Finally, make sure your next privacy policy review is more than just a checkbox this year. Ensure that the policy matches and allows for the functionality that you currently have for your digital experience platform, or adjust features enabled to match your privacy risk appetite.


Get All the DXP Benefits, Without the Costs of Compliance Issues

Implementation of a digital experience platform offers your marketing teams the ability to reach your prospects, customers, and members in a whole new way, but not without risk. We recommend implementing the strategies above to ensure your FI receives all of the benefits without the costs.  

If you have any questions about website compliance or want to see if a DXP solution is the next right move for your bank or credit union, then reach out to our team today.   


This article was written by Dusty Ellis.