ADA compliance a risk management issue not simply a digital concern

Lawrence Shaw, CEO of Insurtech solution provider AAAtraq, explains why the move to remote working and with it an increase in digital business presents new risks for those US firms around access to their websites.

As global business models become ever more digitalized firms, are facing new risks as clicks increasingly replace bricks. Despite the move online the responsibility of companies to ensure access to their business for those with disabilities has not diminished.

It would be inconceivable to open a new building that did not comply with the regulations laid down by the American Disabilities Act (ADA). The same principle is true of websites and their content. Organizations that fail in their ADA obligations are increasingly finding themselves open to the risk of brand reputation damage and litigious approaches by aggressive lawyers.

Content failure is now a tangible risk for firms, ranking alongside hacking as a key concern for a business’ cyber strategy alongside data protection and privacy. The risks are now a topic at board level for many organizations, as they seek to embed ADA compliance into their cyber considerations, in the same way as if the firm was planning the construction of a new building. Failure to do so exposes companies to liabilities that have the potential to cause significant damage.

Content failure can encompass a range of previously ignored threats to a business. These include the misuse of trademarks, using IP and images without the requisite permissions, broken links on the site, inaccessible documents and SEO failures.

Any of these issues can result is serious consequences for a business, its reputation and its brand.

Risk managers have a responsibility to consider the existing and emerging risks their organization faces from content failure, and that has to include the requirements to comply with the ADA online as well as in their physical locations and operations.

COVID-19 has accelerated the speed of change

The global move to remote working has increased the pace of change to digital and remote operation. This has created the need for rapid digital and cyber maturity. The “new normal” post COVID will see a continued move away from physical premises with staff likely to work on a remote basis either full time or for significant parts of the working week.

Growing digital maturity will bring greater regulatory focus and increased demands for compliance and the need to establish the digital equivalent of disabled spaces, ramps and such ‘accommodations’.

Compliance cannot be left to digital teams

Despite the clear threat that breaches already pose, the majority of US organizations are not taking the issue of ADA compliance seriously. Digital teams and webmasters are almost always left to deal with the problem, and they are not taking the necessary steps to ensure their organisation is compliant.

Any compliance failure is fundamental to a company’s organizational risk and as such should be firmly on the risk manager’s radar.

The problem is hidden from those managing organizational risk

The role of digital teams and webmasters is to create and maintain fully functioning and compliant websites that service the needs of users on behalf of their employer organizations. When online content is not compliant, and hasn’t been for years, those managing sites can find it difficult to admit there is a problem.

Organizations with the foresight to investigate and challenge this compliance issue will often be met with defensive digital teams hiding behind technical responses:

“We’ve added an accessibility widget that will make our website fully accessible.” Or “The content management system makes our site compliant.” And even “We’ll address the situation in the next website update.”

Even where a digital team understands there is a problem, they might be reluctant to admit it. After all, the ADA has been in place since 1990 and all websites should by now be complying with the regulations. All organizations have a duty to ensure those with disabilities are not restricted in their access to online services and information, and those that are not making this possible are failing in their fundamental duties.

ADA compliance has now become a tangible corporate risk

Five years ago, people started talking about the need to eliminate content failure and become digitally compliant. Two years ago, the issue became more important. Now, we are in the midst of a digital revolution, and the fact that so much of the online world remains non-compliant has the potential to derail any progress that has been made.

Digital projects that do not address compliance will pay the price  

It has long been said that a reputation can take years to build and one minute to lose. For brands in the digital age, and with the rise of social media that statement has never been more pertinent.

The damage to the company brand ADA non-compliance can pose is considerable.

We have a perfect storm on the horizon. ADA claims are simple to bring, against vulnerable targets. That ease of ‘earning’ fuels what is an exponentially growing market.

Initial demands with early claim settlement can be under $10,000. A legal fight can cost over $50,000. Repeated and drawn-out fights more than twice this.

Being drawn into lengthy and expensive litigation can also serve to hamper greater digital adoption and the impact that can have on turnover.

Risk managers need to assess the risk for themselves

An independent risk management assessment service is needed to ensure those responsible for their organization’s exposures can understand for themselves the extent of the problem.

Risk managers need to easily understand their current level of risk and clearly see the pathway to compliance their organisation needs to take. Monitoring progress against that plan without being hoodwinked by those providing digital services is also requirement.

Moreover, with insurance premiums on the rise organisations will be keen to present a favourable risk management picture at renewal to minimize any rate increases. Those with a robust process to monitor and improve their risk from ADA non-compliance will be viewed favourably by their insurer.

The risk of ADA non-compliance is a growing threat for businesses as they grow their digital footprint and that risk is still largely being ignored. It is a threat that risk managers need to ensure is adequately addressed and should be part of a company’s organisational risk management programme. Firms have two choices. Comply now or face litigation and then comply. Ignoring the issue is no longer an option.

Risk managers need to easily understand their current level of risk and clearly see the pathway to compliance their organisation needs to take. Monitoring progress against that plan without being hoodwinked by those providing digital services is also requirement.