Skip navigation
missouri-flag.jpg

Missouri Regulators Send Warning Letter to Advisors Using Data Aggregation Tech

After Washington, Missouri is the second known state to send warning letters to advisors over the use of wealthtech tools that can access data in client retirement and banking accounts.

Missouri is the latest state to warn advisors about using popular wealth technology platforms that access client assets held in accounts such as 401(k) plans and banks.

In a letter sent to over 40 state-registered advisors, the Missouri Securities Division said using the tools, which rely on a client’s log-in credential to access the accounts with their permission, is “considered dishonest and unethical.”

The letter referred to technology in which the advisor accesses client accounts held in employer-sponsored retirement plans or “other savings, bank, or brokerage accounts” without the “knowledge or approval of the institution or plan administrator responsible” for that account. The practice raises issues around asset custody and the advisors’ ‘fiduciary duty.’

Madison Walker, communications and public relations specialist for the Missouri Secretary of State’s Office, said the Securities Division sent the notice on May 23 to about 45 firms in the state that either use the tools, have used them in the past or asked the state about them at some point. He said the topic first came to Missouri regulators’ attention from discussions last year held among members of the North American Securities Administrators Association. Fred Baldassaro, director of communications for the NASAA, said the group could not comment on individual state actions.

Access to data in client accounts held outside the financial advisor's custodian or brokerage firm helps advisors create more complete overall financial plans. Firms that use client log-in data, with permission, and presumably would fall under Missouri's warning, include Envesnet's Yodlee, Morningstar's ByAllAccounts, AllData from Fiserv (formerly CashEdge) and Pontera, used by many firms to access a client's workplace retirement plan data. 

Pontera was the named target of a similar warning letter sent to advisors in Washington by that state’s securities regulators, as CityWire first reported in December 2023 and again in February.

A spokesperson for Pontera said there is confusion over how the tools work. While the application uses log-in credentials, provided by the client, to give advisors access to the accounts, the data is secured and encrypted and not actually shared with the financial advisor.

“This memo challenges all credential-based technologies that state-registered advisors in Missouri currently use for account aggregation, budgeting and planning, all of which enable full-service and holistic fiduciary service for clients,” said Joseph A. Giannone, Pontera’s director of communications.

“We’re finding that there is confusion among certain states as to how many of these credential-based, client-permissioned technologies operate, and so we are in active dialogue with regulators who seek clarity,” he said. “Numerous states allowing state-registered advisors to manage client accounts held elsewhere via credential sharing view Pontera favorably as a way to ensure advisors don’t gain access to client credentials or client accounts and cannot obtain possession, control or withdrawal of funds.”

Mark Kissler, chief of licensing and examinations for the State of Washington Department of Financial Institutions Securities Division, said about 10 advisors in that state had been sent a letter telling them to stop using the application, and that the issue was an “ongoing conversation” with other state securities regulators.

“Other states are seeing this and are having to go down the same path of understanding what this is and how it applies to them and their regulations,” he said. “It’s coming up more and more.”

(Edit: This article has been edited to clarify the firms potentially impacted by the state's actions.)

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish