Regulatory Compliance on the Web: What Your Website Needs

| September 22 2020

Your website is an important part of your business. Chances are, you’re investing both time and money to ensure that it attracts customers and satisfies their needs so that they decide to do business with you. Now that the global coronavirus pandemic has closed or limited many brick-and-mortar stores, business has been driven online. 

But the internet shouldn’t be a free-for-all, where businesses can deceive potential customers or trick them into buying products or services. In the U.S., there’s a complex web of regulatory rules and guidelines to ensure that business websites are: 

  • honest and truthful, 

  • accessible to people with disabilities, and 

  • compliant with financial services requirements. 

Of course, one of the keys to regulatory compliance is the ability to prove that compliance—which means comprehensive record-keeping is essential. 

Here’s an overview of what your website needs to do or have to maintain regulatory compliance.


Advertising Claims Must Be Truthful

If customers couldn’t trust businesses to do what they say they’ll do, our entire system of trade would fall apart. That’s where the Federal Trade Commission (FTC) comes in. It aims to “prevent deceptive and unfair acts or practices” that could “mislead consumers and affect [their] behavior or decisions” about an offering. 

The basic requirement of the FTC is that advertisements—anywhere, including on the internet—must be truthful and not mislead consumers. That means both that affirmative statements must be true and that nothing important is omitted. Additionally, any claims must be substantiated, “especially when they concern health, safety, or performance” of a product or service. Any disclaimers or disclosure should be obvious and understandable. 

FTC compliance is pretty straightforward: imagine an entirely naïve customer and make sure your website doesn’t say anything that would trick that customer. That means no promises you can’t keep and no wild claims that you can’t back up. In short, while customers may reasonably be skeptical about information they find on the internet, they should not have to be skeptical about doing business on the internet.


Website Content Must Be Accessible

Any business that is a public accommodation must comply with the Americans with Disabilities Act (ADA). This requires that people with various disabilities—from vision and hearing impairments to limited physical ability to move or manipulate objects—are not restricted in their ability to access the business and its offerings. Websites have been interpreted as “places of public accommodation”—which means they need to be accessible. Again, this is especially important now, in light of the pandemic, when many vulnerable populations are less likely to visit physical stores in person. 

Ensuring that people with different abilities can gain equal access to the content on your website requires stepping outside of your own viewpoint to consider barriers to access. While the ADA doesn’t directly address website compliance, the Web Accessibility Initiative of the World Wide Web Consortium has created Web Content Accessibility Guidelines (WCAG) that offer helpful guidance. For example, any text on your website should be accessible to a screen reader so that someone with a visual impairment can hear that content read aloud. Provide alt text describing any images that cannot be read. Consider the size of the text on your site—particularly text for disclaimers—and any contrasting colors your site uses. Is all of your content available to those with limited vision or colorblindness?

Note that native format archiving may be the best way to demonstrate a user’s experience.  Also, ADA compliance is about more than meeting government standards. Ensuring full accessibility gives your website a boost in search engine optimization (SEO) rankings. More importantly, it’s simply a best practice for attracting and retaining customers.


Financial Services Organizations Must Meet Additional Requirements

Organizations that provide financial services have additional regulatory compliance demands. Rule 2210 from the Financial Industry Regulatory Authority (FINRA) requires that all communications should be “based on principles of fair dealing and good faith, [] fair and balanced,” and should “provide a sound basis for evaluating the facts” regarding any security, industry, or service. 

What that means in practice is that financial services organizations must avoid making guarantees, optimistic projections, or ambiguous statements that might be misinterpreted. They must also include clear, visible, and easily understandable disclosures and disclaimers. 

FINRA also requires that every member firm’s website must include an obvious reference and hyperlink to BrokerCheck on at least its initial webpage and individual profile pages. BrokerCheck provides background information about firms and their associated persons to “help investors make informed choices about the individuals and firms with which they conduct business.”

Speaking of hyperlinks, there’s another wrinkle that’s unique to financial services organizations: they must also ensure compliance for any content—regardless of who created it or where it’s posted—that they have “adopted” or endorsed. That potentially includes anything that the firm has provided a link to. 

While FINRA compliance is largely about what a financial services organization can say, there’s another aspect to regulatory compliance: how you keep records about what you said. That’s governed by Rules 17a-3 and 17a-4 of the Securities and Exchange Commission (SEC), which requires that brokers and dealers maintain non-rewriteable, non-erasable archives of any and all “communications with the public” that relate to their “business as such.” For a closer look at SEC compliance, check out our earlier blog post.

Where archiving compliance gets tricky is with complex, dynamic web content. You can’t create a fully compliant web archive with a screen capture. Why not? These static images don’t show video content, image or text carousels, linked content (which, remember, could be considered as adopted content), or other interactive or personalized content. 

Image-based screen captures simply aren’t good enough to establish SEC compliance—or any other compliance. 

Learn More about the web compliance essentials

Having trouble archiving your website for regulatory compliance? The Web Archiving Essentials Collection provides timely, detailed, practical information on how to stay compliant while using your CMS to provide an ideal user experience.


Get the guide today!



Every Business Website Must Be Able to Prove Its Compliance

Imagine you’ve designed the best website in the world. It’s 100 percent compliant with FINRA guidelines. Plus, it’s a beautiful site that’s easy to navigate and enjoyable to use. It is, in short, an amazing website. 

But all the effort it took to create that fully compliant website is wasted if you do not also maintain records that establish its compliance. Comprehensive archives are the way you prove that your website actually met all of those guidelines. 

Yet today’s websites include dynamic and interactive elements like dropdown menus, mouse-over text, and fillable forms that simplistic archiving solutions just can’t capture

That’s where Hanzo Dynamic Capture comes in. Our archiving solution crawls a source website, locating and capturing all of its content, and then generates a fully functional replica website that can be navigated as if it were live. You can replay videos, click through links, complete fillable forms, interact with any dropdown menus or charts, and navigate through the site, demonstrating its compliance and its accessibility. Regulators aren’t going to take your word for it that your website did all the great things it was supposed to do. With Hanzo Dynamic Capture, they won’t have to—you’ll be able to show them.  

Learn More About how hanzo can help

To learn more about Hanzo Dynamic Capture, our website archiving service contact us to schedule a demonstration.



Related posts

New Privacy Laws, Data Minimization, and Challenges with Collaboration Data

New Privacy Laws, Data...

2023 may be the year of privacy laws. Five states have new laws that go into effect this year, which will likely usher ...

Read More >
Hanzo Top 20 Ediscovery & Compliance Blogs of 2022, Part 2

Hanzo Top 20 Ediscovery &...

It’s been another interesting year in the world of legal technology, and we here at Hanzo have covered a variety of ...

Read More >
Hanzo Top 20 Ediscovery & Compliance Blogs of 2022, Part 1

Hanzo Top 20 Ediscovery &...

It’s been another interesting year in the world of legal technology, and we here at Hanzo have covered a variety of ...

Read More >

Get in Touch to Learn More

Hanzo’s purpose-built, best-in-class solutions can help your readiness to respond to the next discovery request, investigation, or audit. Contact us to learn more.

Contact Us