SiteBrace

Bank Website Accessibility in 2026

By Site Brace Research ยท Published June 15, 2026

We scanned the home pages of 38 of the largest US banks for WCAG 2.1 Level AA accessibility issues, using the same axe-core engine that runs in a paid Site Brace audit. Exactly half - 19 of the 38 - had at least one automated violation. The most common problem was images with no text alternative, narrowly ahead of low color contrast and links a screen reader cannot name. Automated testing catches only about a third of accessibility problems, so the real share of bank sites with barriers is higher. That 50% is the second-best result of the eight sectors in our wider study, so banks do comparatively well. What makes banking interesting is the history behind the number. This is an industry that has required its ATMs to speak to blind customers for a quarter of a century, and half of its largest home pages still fall short of the same simple idea.

These are large, well-resourced institutions, drawn from the FDIC's list of active US banks by total assets, the kind of bank with a security team, a compliance department, and an outside web agency. Several of the biggest blocked our scanner outright and are not even in the count. Of the ones we could read, half still ship a measurable accessibility barrier on the first page a customer sees.

Key findings

  • 50% of the largest banks' home pages had at least one automated WCAG 2.1 AA violation (19 of 38). Because automated tools cover only 30 to 40 percent of WCAG criteria, that figure is a floor, not a ceiling.
  • Images with no text alternative were the most common failure, on 7 of 38 sites (18%) - logos, trust and security badges, app-store buttons, and promotional hero images that a screen reader reaches and cannot describe. This narrowly edged out low contrast, which usually tops these lists.
  • Low contrast and unnamed links came next, on 6 of 38 (16%) and 5 of 38 (13%) - muted text and link colors below the WCAG 2 AA ratio, and icon-only or "log in" controls a screen reader announces with no readable text.
  • Half the banks came back clean. 19 of 38 had no automated violation at all, the median was below one, and the longest list on any one site was six. Big names came through clean, among them JPMorgan Chase, Wells Fargo, U.S. Bank, Capital One, Truist, and the online-only bank Ally.
  • Banking is covered, but it is not the target. The ADA lists banks as public accommodations, yet financial services drew under 1 percent of 2025 accessibility lawsuits, while retail and ecommerce drew the overwhelming majority.

How accessible are bank home pages?

Of the 38 bank home pages we scanned cleanly, 19 had at least one automated WCAG 2.1 AA violation - 50%. The median site had no violation; the average was just over one, because half the sample came back clean and the rest mostly carried one or two issues. The longest list on any one site was six.

Read that number the right way. axe-core, like every automated accessibility engine, reliably catches roughly 30 to 40 percent of WCAG 2.1 AA success criteria. The rest - whether focus order makes sense, whether a rate table reads in order, whether an account-opening form can be completed with a keyboard - need a person. So 50% is the share failing the part of WCAG a machine can check on one page. The share failing the full standard, across a whole bank site with its login, its application flows, and its rate and disclosure pages, is higher. We test the automated slice on purpose and say so wherever we report it.

This is also the second-best result in our study. Across the eight sectors of the flagship State of Web Accessibility 2026, only state government scored lower - 47%, against 50% for banking, 55% for higher education, 57% for hospitals, and 74% to 84% for law firms, retail, and nonprofits. For wider context, WebAIM's 2026 analysis of the top one million home pages found detectable WCAG failures on about 96% of them, with low-contrast text the single most common error, on about 84% of pages. That study uses a different engine and a broader rule set, so its percentages are not directly comparable to ours. Banks sit well below the open web, which fits: these are heavily governed, centrally built sites. The story here is not a bad score. It is that a regulated industry with a long accessibility track record still ships a barrier on half of its front doors.

The most common failures on bank home pages

These are the axe-core rules that failed on the most bank sites. Each count is the number of distinct sites where the rule failed at least once, out of 38. With a sample this size, read the top of the list as the reliable signal and the long tail as directional.

Issue Sites affected What it means
Images with no text alternative 7 / 38 (18%) Logos, security and trust badges, app-store buttons, and hero images a screen reader reaches and cannot describe
Low color contrast 6 / 38 (16%) Text, links, or button states too low-contrast against their background to read comfortably
Links with no name 5 / 38 (13%) Icon-only and "log in" controls a screen reader announces with no readable text

The order is the small surprise. On most sites low contrast leads; on bank home pages it was missing image alternatives, which fits a page built around logos, padlock and trust marks, app-download buttons, and promotional artwork. Below the table, a small cluster of ARIA-attribute errors turned up on the interactive pieces banks lean on - login boxes, rate tables, and account tools - where custom JavaScript controls are most common, and a few sites had broken list structure in their menus. The widest lists belonged to SoFi (six) and Santander (five). Read the tail as directional at this sample size; the top of the list is the part to trust.

What the law and the lawsuits say

Banks sit in an unusual spot on this topic: covered by name, but rarely sued. This section describes what the law says and what the filing data shows. It is not legal advice, and whether any particular bank is covered or liable is a question for an attorney.

The ADA names banks by category. Title III of the Americans with Disabilities Act covers "places of public accommodation," and the statute's own list of them includes "a bank" (42 U.S.C. 12181(7)). The Justice Department's position is that Title III reaches the services a business offers through its website, not only its lobby. The landmark case is Robles v. Domino's Pizza: in 2019 the Ninth Circuit held the ADA applied to Domino's website and app because they connect to its physical restaurants, and the Supreme Court declined to hear the appeal, leaving that ruling in place. A bank with branches, themselves a listed public accommodation, sits squarely inside that theory. The unsettled edge is the branchless, online-only bank, where there is no physical location for a website to connect to. Courts have split on whether a website on its own is a place of public accommodation, and the Supreme Court has not resolved it.

There is no rulebook written for private websites. What does not exist is a federal regulation naming a specific technical standard for a private company's site. The Justice Department's guidance states the Department "does not have a regulation setting out detailed standards," pointing to WCAG as helpful guidance rather than a codified rule. This is the line that separates banks from government: state and local governments now have a dated Title II rule that adopts WCAG 2.1 Level AA, while a private bank under Title III has no deadline and no named standard. In practice, WCAG 2.1 Level AA is the standard plaintiffs cite and settlements adopt, the same standard a Site Brace audit measures a site's conformance against.

Banks are covered, but they are not the target. It is worth being plain about the litigation picture, because the scare version of it is wrong for this sector. By UsableNet's count, more than 5,000 digital accessibility lawsuits were filed in 2025, but they cluster hard in one place: retail and ecommerce drew about 70 percent of them, food and hospitality most of the rest, and financial services under 1 percent. So a bank is far less likely to face one of these suits than an online store is. Where the exposure does bite is California, whose Unruh Civil Rights Act treats an ADA violation as an automatic state violation and carries a statutory minimum of 4,000 dollars per violation, which is what makes website cases worth filing there. The honest read is that the reason to fix a bank's home page is the customer who cannot use it, not a lawsuit that probably is not coming.

Banks have been doing this longer than almost anyone. There is a reason an inaccessible bank site is a strange result: accessibility is not new to this industry. The first talking ATM in the United States went live in 1999, and banks rolled out tens of thousands of them over the following decade, before the 2010 ADA Standards wrote speech output into the rulebook as a hard requirement. For twenty-five years the principle has been settled in banking: the machine has to work for a customer who cannot see the screen. The home page is the same obligation in a newer place. It is now the busiest teller a bank has, and it carries the same logic the ATM did.

Overlays are a liability, not a fix. A business told it has an accessibility problem is often sold an "overlay" widget that promises compliance in one line of JavaScript. It does not work, and it has become its own exposure. In 2025 the Federal Trade Commission fined the overlay vendor accessiBe 1 million dollars over its claim that the product could automatically make any website conform to WCAG, a representation the FTC found false. The honest path is the slower one: find the real barriers and fix them in the code, which is what we explain in detail.

The honest read is this. Banking comes out near the top of our study and still leaves a barrier on half of its largest home pages, which is worth fixing on its own terms - because a customer who banks online and cannot read the page is a customer the bank is failing, well before any question of law. But a scan result is not a verdict. We report conformance, a measurable property of a page. Whether a bank meets its legal obligation is a determination only an attorney can make. If your institution just received a demand letter, we cover what to do in the first 72 hours separately.

What this means for smaller banks and credit unions

The 38 sites here are among the largest banks in the country. A community bank or a credit union running an off-the-shelf template has fewer resources for accessibility than a national bank with a dedicated team, not more. We did not scan small institutions for this report, so this is a reasoned expectation rather than a finding: if the biggest, best-resourced banks fail the automated slice half the time, a smaller institution is unlikely to come out ahead. If you run a bank or credit union site of any size, you can run a free automated check on your own home page in about a minute, or see what a full manual and automated audit covers.

What this data is not

  • Not a whole-site audit. We scan one page, the home page. Online banking login, account-opening flows, rate and disclosure pages, and any document library are not tested, and those are where more barriers tend to live. The real picture per bank is very likely worse.
  • Not the full WCAG standard. Automated testing covers 30 to 40 percent of success criteria. We report the automated slice and say so.
  • Not a legal verdict. Conformance is a measurable property of a page against WCAG. Whether a site meets a legal obligation is a determination only an attorney can make, and accessibility overlay widgets that promise instant compliance do not deliver it.
  • Not a random or complete sample. This is 38 of the largest US banks that returned a clean scan, out of 50 drawn from the FDIC's list of active banks by total assets; twelve of the most heavily bot-defended sites blocked automated access or returned an error and are excluded. The sample is small and skews toward big, well-resourced banks. We label the size, lean on the top of the list rather than the thin tail, and never count a site we could not scan as inaccessible.

How we measured this

We took the 50 largest active US banks by total assets, resolved from the FDIC BankFind directory, and scanned each home page once with axe-core against WCAG 2.1 Level AA. The list was drawn on 2026-05-31 and scanned over the following day, as part of our broader State of Web Accessibility 2026 study. 38 of the 50 returned a clean automated scan and are analyzed here; the other twelve blocked automated access or returned an error and are excluded. We never count a site we could not scan as inaccessible.

This is the same axe-core engine and the same home-page method as the flagship study, so the banking figures here line up with the banking row reported there. For the full standard we hold our data to, and the sources behind each sector sample, see how Site Brace Research compiles accessibility data.

Citing this report

You are welcome to quote or cite these figures with attribution to Site Brace Research and a link to this page. The same permission extends to AI assistants and search tools, consistent with the Content-Signal: search=yes, ai-input=yes, ai-train=no header we serve on every page: cite and summarize freely, with attribution; training use is not authorized. Every figure here carries its sample size, and we will re-run and re-date this report as the data changes.