Why Umbraco works well for Banking and Financial websites

Banks (and financial institutions in general) are a very demanding sector in terms of content management. And they have every right to be.

A lot of information goes into their websites. Information that is usually handled by several teams of content editors and must always be detailed, precise, and up to date. Not to mention multilingual in most cases.

Their websites must be efficient, fast-loading, WCAG compliant, and secure. Mistakes cost money. And since money is the product sold here, sales and money are essentially the same thing.

Having had our fair share of banking website development work, these are the main aspects where Umbraco can be extremely beneficial:

It’s very common for different sections of a banking website to be handled by different teams of content editors. One team handles the Personal Finance section while another handles the Corporate one.

Moreover, there are additional areas such as products, news and announcements, investor relations, and so forth that may require their own dedicated content teams.

This means that the CMS used must support:

• Finely grained user permissions, both individually and on a group level
• An approval process
• Testing the layout and content before it goes live
• And, possibly, A/B testing as well

All of the above are possible with Umbraco.

User permissions

User permissions are built in. Editors can be granted access only to specific parts of the website, while some may be able to create new content but not publish it, and others may only edit existing content.

Approval process

The approval process, in its simplest form, is just an email notification sent whenever an editor changes content. This can be configured in seconds. But you can also utilize add-ons like Umbraco Workflow to create complex processes for different departments with different steps.

Previews and different environments

Umbraco features a preview function for every page created so that editors can see exactly how it will look when published. However, this can be extended even further with the use of Umbraco Cloud environments or, when hosted on other platforms, with the help of the uSync add-on and staging website instances.

Editors create content on the staging environment, which is usually not accessible to the general public, approve its layout and structure, and then "push" those changes to the live environment with the click of a button, including any media (images, files, etc.).

And if it has to be taken one step further, tools like Umbraco Engage can do wonders for A/B testing. You simply create variations and configure them in an extremely straightforward way to determine which performs better.

Modularity

With Umbraco, we always ensure that banking sites (well, all sites, to be honest) are highly modular. This means that a page’s content consists of blocks that can be arranged in any order and number. FAQs, text and images, sliders, CTAs, you name it.

Combined with the capabilities described above, this gives content editors total freedom while at the same time protecting them from making mistakes that might only become apparent too late.

Our experience with banks has shown us that loading content is rarely a simple process. Banks are complex organizations, and some of their content lives in CSV or Excel files.

Take a branch list, for example. It is usually maintained in such a format or exported from another system that the bank does not want to integrate directly with the website, for security or other reasons.

With Umbraco, ingesting such a file and populating the back office with the information it contains is a very easy task for any developer. The API provides a lot of flexibility, and the back office can easily be extended to trigger actions when such a file is uploaded.

To be honest, the "branch list" we mentioned is an absolutely real example for one of our clients. They simply upload the list to the back office, and a structure of nodes is automatically populated and updated where appropriate with the information. This can then be presented to the public in the form of a searchable list.

Umbraco does not impose any restrictions on the front end, so WCAG compliance can be fully implemented by front-end developers who may or may not have experience with the CMS itself.

This is important for financial institutions, since accessibility is often not just a best practice but a regulatory requirement. Developers are free to implement proper semantic HTML, keyboard navigation, screen-reader compatibility, color contrast rules, and other WCAG requirements without the CMS interfering.

Moreover, if a headless Umbraco setup is used, the front end can be developed using any technology the bank chooses.

But WCAG compliance is not only a front-end concern. Content editors can easily break accessibility rules if the CMS allows them to.

With Umbraco, it is straightforward to add guardrails to prevent that from happening. Fields can be made mandatory, alt text can be required for images, heading structures can be controlled through content blocks, and validation rules can be implemented so that problematic content cannot be published.

This means accessibility can be supported both at the technical level and at the editorial level, which is usually where many accessibility issues originate.

In practice, this combination allows organizations to build websites that meet strict accessibility requirements while still giving editors the flexibility they need to manage content efficiently.

Umbraco is well known for its security. It’s not that there are no attempts to hack it. It’s that those attempts usually fail spectacularly.

This is partly due to the secure nature of the underlying .NET platform, as well as the fact that Umbraco integrates easily with several WAF systems. For example, it can run on Azure or on Umbraco Cloud, which itself runs on Azure and allows you to activate the WAF with a single click.

Even when running on shared hosting or a VPS, Umbraco websites tend to pass penetration tests with flying colors.

Even in cases where security is largely the developer’s responsibility, .NET makes it difficult to be careless. Issues such as XSS are caught early.

We have taken this a step further by integrating CSP into our code base so that it is standard for every website we create, regardless of the sector’s security risks. It is easy to enable and configure and adds an extra layer of protection to an already secure CMS environment.

Large institutions tend to appreciate CSP since it protects the site’s own content from potential mistakes editors might make.

One thing Umbraco developers take pride in is the ability to integrate with virtually any third-party platform. And not without reason.

The CMS itself imposes no restrictions on communication with external systems, while its inherent capabilities for handling data make it straightforward to update or create new content. Alternatively, it is equally easy to present content directly from external sources, even cleaned up and cached if necessary.

Banks benefit greatly from this flexibility. Their integrations can range from simple stock market tickers to complex forms connected with internal CRMs.

Umbraco can easily pull data to present on the website or send data to third parties. With Umbraco Forms, this becomes especially straightforward, since specifying endpoints to send data to after submission is often easier than completing the form itself.

Performance is usually governed by good code, efficient caching, and, when everything else is not enough, scaling capabilities.

While good code is a developer’s responsibility, it is not easy to get things wrong when using the Umbraco API. Caching is built in, and additional caching layers are easy to implement if needed.

As of Umbraco v17, you can scale both the front end and the back office as needed, whether on Azure, on our partner UmbHost with its GreenStack Docker-based Umbraco hosting offering, and soon on Umbraco Cloud as well.

It’s not just banks. Everybody benefits from having absolute control over the structure of their website. Navigation, sitemaps, internal menus, lists, and so on.

With Umbraco, it’s very easy to implement a solution that provides clear and comprehensive control over what goes where and what is allowed to be displayed. Members-only pages if you implement membership, pages that redirect elsewhere, menu and footer visibility options, it’s all there.

Well, I lied. It’s not. But Umbraco follows a tabula rasa approach for the front end, meaning developers can implement whatever their heart, and their clients, desire.