Brace For Increasing Website Scrutiny

Brace for Increasing Website Scrutiny

March 14, 2024

Originally published in CU Today on March 6, 2024. 

Credit unions should brace this year for greater regulatory scrutiny of their websites, and we're sharing some of the common mistakes credit unions are making on their digital face and ways to correct them.

“Regulators are paying more attention to website compliance in the financial services industry,” said Darron Dunn, chief service officer at ViClarity. “It's low-hanging fruit that generates easy fines while advancing consumer protection.”

Dunn reminded that as COVID drove all things digital, regulators came to better understand websites need greater scrutiny.

The New Norm

“The mass push to everything digital really escalated during COVID and it's become the new norm,” he said. “Within the credit union website it's become very important to be compliant. And this means more than just the content—the pretty graphics, the words. You do loans. You have deposits. All that stuff. But the compliance pieces that are within the website itself (must meet) all the rules and regulations. It’s not just the member looking at the website as their first point of contact. Potential new members are starting with the credit union’s website, which means the regulators now are all watching the credit union’s website.”

Ratcheting Up Attention

Dunn expects regulators to ratchet up their attention to credit unions’ online presence as the year advances. National Credit Union Administration Chairman Todd Harper said the agency will be increasing scrutiny on credit union overdraft programs, including overdraft information posted on websites.

“Pretty much, in the past, regulators were not actively engaging with a credit union’s website. Instead, they were waiting for complaints,” he said.

The Common Mistakes

Dunn said there are a “handful” of common website missteps credit unions are making that could get them in hot water in 2024.

“There's some simple things that we generally see,” Dunn said. “If there is a complaint, the easy one is disclosures. For example, credit unions talking about their credit cards, their card offers, their rates…When they talk about those things on their website they need to have a link to a disclosure about the credit card terms and conditions. Plus, simple things like the link doesn't work, or the credit union links to the disclosure but the disclosure online may not actually match the disclosure that is going out to the cardholder in the cardholder agreement. That's a violation.”

Dunn said he is not just talking about one product.

“You can take that to loans, deposits…,” he said. “I use the example of credit cards, but whenever you talk about terms and conditions on the website it is vitally important those disclosures are within the website, are easily accessible to the member and match what is being mailed out.”

The Importance of One Click

Dunn stressed easy access to the disclosures, typically in one click, is important.

“We've all run across websites where it seems like we go down to a rabbit hole to get the information. You don't want to do that,” he said.

Oh No on the Logos

The most common website errors credit unions are making are with logos, Dunn said.

“If they're federally insured, or even privately insured, they need to have logos on the website that talk about their insurance,” Dunn reminded. “That needs to be in an appropriate place, and there are size requirements. The logo has to be visible and readable. The Fair Housing logo, that's another one. If they're doing mortgage lending or home equity lending, they need to have the Fair Housing logo posted. Again, there are certain locations that are required along with size requirements. A lot of times logos either get forgotten or they're tucked in and they're not where they need to be and are not at the right sizes.”

A Link to Trouble

Errors, too, are often made with links to third-party partners.

“Let's say the credit union partners with someone for additional products and services,” Dunn said. “The member sees that, they click a link and it moves them to a website that's not the credit union’s site. They need to have what we call a speed bump, a notice that lets the person know they are leaving the credit union’s website. Many times we see those speed bumps either are not in place or the link to them is broken.”

What happens when a credit union makes website mistakes and regulators find them?

“It all depends. Most of the time a complaint will come in about a logo is missing or links aren't working to disclosures,” Dunn said. “If the credit union resolves them quickly, not much generally can come out of it. However, there is the potential for the governing agencies to fine the credit union if they so choose.”

If the problem spotted by the regulator is considered deceptive, the fines get larger and the attention greater.

UDAPP Issues

“There is a UDAAP (unfair, deceptive, or abusive acts or practices) trigger that is monitored by the Consumer Financial Protection Bureau,” Dunn explained. “Generally, the first warning is a slap on the wrist. And, in this case, there are other concerns, such as a class-action suit.”

Dunn said the CFPB and lawyers are zeroing in on “trigger terms” such as the “best rate in town.” He said a credit union would have to support such a claim with a link to disclosures that help the consumer understand the offer clearly.

“Finally, make sure your online disclosures match your paper disclosures, or the other mechanisms in which you provided disclosure information to the member. They have to match,” Dunn restated.

Looking for help making sure your website stays in compliance? ViClarity's expert audit team provides website and social media reviews that will keep you in compliance. Contact our team to learn more or schedule a website review. 


Recent/Related Articles

The Third-Party Risk Management Imperative Facing All Credit Unions

June 28, 2024

Cybersecurity is a bigger issue than ever before and the widespread reliance on third-party partnerships and vendors brings great risk. Our CEO, Ogie Sheehy, breaks down key elements of a successful third-party risk management program.

The Top 8 Risk Reports for GRC Leaders

May 20, 2024

With factors ranging from the economy to the environment to artificial intelligence playing a part, it is essential for financial institutions, insurers and other regulated businesses to have a sound risk management program in place, and here are 8 reports that help GRC leaders become more strategic.