Regulatory Compliance on the Web: What Your Website Needs



Your website is an important part of your business. Chances are, you’re investing both time and money to ensure that it attracts customers and satisfies their needs so that they decide to do business with you. Now that the global coronavirus pandemic has closed or limited many brick-and-mortar stores, business has been driven online.

But the internet shouldn’t be a free-for-all, where businesses can deceive potential customers or trick them into buying products or services. In the U.S., there’s a complex web of regulatory rules and guidelines to ensure that business websites are:

  • honest and truthful,

  • accessible to people with disabilities, and

  • compliant with financial services requirements.

Of course, one of the keys to regulatory compliance is the ability to prove that compliance—which means comprehensive record-keeping is key.

Here’s an overview of what your website needs to do or have to maintain regulatory compliance.


If customers couldn’t trust businesses to do what they say they’ll do, our entire system of trade would fall apart. That’s where the Federal Trade Commission (FTC) comes in. It aims to “prevent deceptive and unfair acts or practices” that could “mislead consumers and affect [their] behavior or decisions” about an offering.

The basic requirement of the FTC is that advertisements—anywhere, including on the internet—must be truthful and not mislead consumers. That means both that affirmative statements must be true and that nothing important is omitted. Additionally, any claims must be substantiated, “especially when they concern health, safety, or performance” of a product or service. Any disclaimers or disclosure should be obvious and understandable.

FTC compliance is pretty straightforward: imagine an entirely naïve customer and make sure your website doesn’t say anything that would trick that customer. That means no promises you can’t keep and no wild claims that you can’t back up. In short, while customers may reasonably be skeptical about information they find on the internet, they should not have to be skeptical about doing business on the internet.


Any business that is a public accommodation must comply with the Americans with Disabilities Act (ADA). This requires that people with various disabilities—from vision and hearing impairments to limited physical ability to move or manipulate objects—are not restricted in their ability to access the business and its offerings. Websites have been interpreted as “places of public accommodation”—which means they need to be accessible. Again, this is especially important now, in light of the pandemic, when many vulnerable populations are less likely to visit physical stores in person.

Ensuring that people with different abilities can gain equal access to the content on your website requires stepping outside of your own viewpoint to consider barriers to access. While the ADA doesn’t directly address website compliance, the Web Accessibility Initiative of the World Wide Web Consortium has created Web Content Accessibility Guidelines (WCAG) that offer helpful guidance. For example, any text on your website should be accessible to a screen reader so that someone with a visual impairment can hear that content read aloud. Provide alt text describing any images that cannot be read. Consider the size of the text on your site—particularly text for disclaimers—and any contrasting colors your site uses. Is all of your content available to those with limited vision or colorblindness?

Note that native format archiving may be the best way to demonstrate a user’s experience. Also, ADA compliance is about more than meeting government standards. Ensuring full accessibility gives your website a boost in search engine optimization (SEO) rankings. More importantly, it’s simply a best practice for attracting and retaining customers.


Organizations that provide financial services have additional regulatory compliance demands. Rule 2210 from the Financial Industry Regulatory Authority (FINRA) requires that all communications should be “based on principles of fair dealing and good faith, [] fair and balanced,” and should “provide a sound basis for evaluating the facts” regarding any security, industry, or service.

What that means in practice is that financial services organizations must avoid making guarantees, optimistic projections, or ambiguous statements that might be misinterpreted. They must also include clear, visible, and easily understandable disclosures and disclaimers.

FINRA also requires that every member firm’s website must include an obvious reference and hyperlink to BrokerCheck on at least its initial webpage and individual profile pages. BrokerCheck provides background information about firms and their associated persons to “help investors make informed choices about the individuals and firms with which they conduct business.”

Speaking of hyperlinks, there’s another wrinkle that’s unique to financial services organizations: they must also ensure compliance for any content—regardless of who created it or where it’s posted—that they have “adopted” or endorsed. That potentially includes anything that the firm has provided a link to.

While FINRA compliance is largely about what a financial services organization can say, there’s another aspect to regulatory compliance: how you keep records about what you said. That’s governed by Rules 17a-3 and 17a-4 of the Securities and Exchange Commission (SEC), which requires that brokers and dealers maintain non-rewriteable, non-erasable archives of any and all “communications with the public” that relate to their “business as such.” For a closer look at SEC compliance, check out our earlier blog post.

Where archiving compliance gets tricky is with complex, dynamic web content. You can’t create a fully compliant web archive with a screen capture. Why not? These static images don’t show video content, image or text carousels, linked content (which, remember, could be considered as adopted content), or other interactive or personalized content.

Image-based screen captures simply aren’t good enough to establish SEC compliance—or any other compliance.


Imagine you’ve designed the best website in the world. It’s 100 percent compliant with FINRA guidelines. Plus, it’s a beautiful site that’s easy to navigate and enjoyable to use. It is, in short, an amazing website.

But all the effort it took to create that fully compliant website is wasted if you do not also maintain records that establish its compliance. Comprehensive archives are the way you prove that your website actually met all of those guidelines.

Yet today’s websites include dynamic and interactive elements like dropdown menus, mouse-over text, and fillable forms that simplistic archiving solutions just can’t capture.

[View source.]

Written by:


Hanzo on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.