ADA Compliance for Banks, Credit Unions, and Fintech

Financial institutions face accessibility risk on two independent fronts that no other consumer-services industry has to navigate together. On one side, banks and credit unions have been a steady target of Title III private litigation since the National Federation of the Blind's landmark 2000 settlement with Bank of America and the parallel cases that established WCAG-conformance baselines for major banking sites. On the other side, the federal banking regulators — the OCC, FDIC, NCUA, Federal Reserve, and CFPB — have all issued supervisory guidance treating digital accessibility as a fair-banking and consumer-protection issue, with examination findings that can affect a bank's CRA rating or trigger consent orders. The result is that an inaccessible mobile deposit screen can produce both a private settlement and a Matter Requiring Attention in the next exam cycle.

This page is informational and is not legal advice. ADA, federal regulations, and state-law obligations vary by jurisdiction and business type — consult qualified counsel for case-specific guidance.

How the regulators view accessibility

The Office of the Comptroller of the Currency has incorporated digital accessibility into its consumer compliance examination procedures. OCC examiners look at how a national bank or federal savings association serves customers with disabilities through digital channels, including online account opening, mobile banking, bill pay, and remote deposit capture. Findings can be cited as Matters Requiring Attention or, in serious cases, included in formal agreements that constrain expansion plans and dividend payments.

The Consumer Financial Protection Bureau treats inaccessibility as a potential UDAAP issue — unfair, deceptive, or abusive acts and practices — under the Dodd-Frank Act. The CFPB has cited digital accessibility in supervisory highlights and brought enforcement actions where a covered entity's digital channels effectively excluded customers with disabilities from a product they advertised broadly. The combination of a Title III lawsuit and a CFPB enforcement action can produce overlapping remediation orders that conflict on timeline; coordinating a single technical response is critical.

The National Credit Union Administration has issued letters to credit unions reminding them that ADA Title III applies to their websites and that accessibility of online services is examined as part of fair consumer-financial-services compliance. State-chartered institutions face similar guidance from state banking departments — particularly New York DFS, California DFPI, and Massachusetts Division of Banks.

Account opening and KYC: the most-litigated banking surface

Online account opening is where banking accessibility litigation lives. The funnel typically includes identity-verification (often Jumio, Onfido, Socure, Persona, or LexisNexis-powered) plus electronic signature (DocuSign or Adobe Sign), funding instructions (ACH micro- deposit verification or Plaid-powered instant verification), and disclosure delivery. Each of those layers can fail independently.

Identity-verification flows require the applicant to take a photo of their ID and a selfie. The photo-capture interface frequently has no accessible alternative for blind users, no skip-to-content path for keyboard-only users, and no clear error messaging when the image fails the liveness check. A blind applicant can be stuck on the same screen for thirty minutes with no indication that they need to retry.

E-signature pads embedded in account opening present a hard accessibility problem. The ESIGN Act permits alternative methods of capturing assent — typed full name plus checkbox affirmation is generally sufficient — but many banks force the canvas-based signature anyway, then provide no keyboard or screen-reader alternative. The fix is straightforward: detect assistive-technology use or simply offer a parallel typed-name path with the same legal weight.

Disclosure delivery at the end of account opening is the silent failure. The required disclosures — the deposit account agreement, the privacy notice, the funds-availability disclosure, the electronic-communications consent — are typically presented as PDFs in an iframe or downloadable link. Most are not tagged. Reg E and Reg DD both require effective delivery of disclosures, which courts and regulators have begun interpreting to mean accessible delivery to customers with disabilities.

Mobile banking apps and remote deposit

Mobile banking apps are increasingly the primary customer channel and increasingly the source of accessibility complaints. The patterns we see in app audits across community banks, regionals, and national institutions:

• Login and 2FA flows where the OTP input field is six separate single-digit boxes that VoiceOver announces as "edit text" six times in a row with no context. The correct pattern is a single input with autocomplete="one-time-code" and a clear label.
• Biometric login fallbacks that route users into PIN entry without announcing the change. Face ID and Touch ID failures should produce an accessible error and an obvious next step.
• Remote deposit capture camera screens that require physical alignment of a check within a visual frame. Most apps have no audio guidance for positioning, no haptic feedback when the check is centered, and no accessible alternative path (mailing the check, depositing in branch).
• Transaction history tables rendered as VStack/LinearLayout columns instead of accessible-table equivalents, breaking the row-and-column relationship that screen reader users need to compare transactions.
• Funds-transfer screens where the account picker is a custom wheel control with no keyboard equivalent on web and no accessibility-element grouping on native.
• Push-notification settings where the category checkboxes lack descriptive labels, leaving blind users unable to tell what category they are opting into.

Security controls that exclude disabled customers

Banking is unique in that some of the worst accessibility failures originate from security controls that were specifically chosen to reduce fraud. CAPTCHA challenges, particularly the legacy distorted-text and image-grid variants, frequently lock blind users out of login or account opening entirely. Behavioral-biometric tools that compare typing cadence and mouse movement patterns can flag screen-reader users as anomalous and force them through additional friction layers.

The compliant approach combines accessible challenge mechanisms (audio CAPTCHA where any CAPTCHA is used; better, risk-based scoring that reserves friction for genuinely anomalous sessions), explicit assistive-technology tolerance in fraud models, and a documented escalation path — typically a phone or in-branch alternative — for any customer who cannot complete a digital flow because of a disability. That escalation path itself has to be equivalent: hours, wait times, and authentication strength should match the digital channel.

Documents, statements, and notices

Banks generate enormous volumes of customer-facing documents: monthly statements, tax forms (1099-INT, 1098), loan disclosures, ATM/debit card agreements, change-in-terms notices. Most are produced through a statement-rendering engine — Broadridge, Doxim, NCR D3, FIS Statement Express — that outputs PDFs without proper tag structure. Customers with vision impairments who use the bank's online statement archive cannot read their own monthly statements.

The remediation path is to enable accessible-PDF generation in the statement vendor (most modern platforms support it but ship with it disabled), and to provide an HTML statement view for customers who request it. Reg E and Reg DD both contemplate alternative-format delivery on request, and several FDIC-supervised institutions have entered into consent agreements that specifically require accessible statements going forward.

Cost and timeline reality for banking

Banking remediation costs are higher than ecommerce because the regulated environment requires more rigorous testing, documentation, and change-control. Institutions also tend to run accessibility work through their existing IT governance process, which adds time but reduces re-work.

What to do today

If you are a community bank or credit union running a vendor-hosted online banking platform (Q2, Alkami, Jack Henry Banno, NCR Voyix, FIS Digital One), pull your vendor's VPAT and ask your account team for a current WCAG 2.1 AA conformance statement. If they cannot produce one or it is more than twelve months old, that is your first action item. Vendor-hosted gaps are still your liability under both Title III and OCC supervisory standards.

Then audit three flows on your own marketing site: the account-opening landing page, the loan-application form, and the rate-and-fee disclosures page. Marketing sites sit outside the vendor banking core and are typically where the most easily-found violations live. A free scan takes two minutes and tells you whether you have a plaintiff-attorney-detectable problem before someone else finds it.