Pontera has dragged its ongoing fight with Fidelity into the open, posting a letter on its website accusing the nation’s largest 401(k) record-keeper of restricting the choice of retirement savers.

​

Fidelity publicly announced over a year ago that it was taking action to prevent credential-sharing platforms, of which Pontera is one, from accessing and taking action in customer accounts at the company and has maintained that these platforms present a data security risk. 

​

Pontera is one of the only fintech tools on the market that help advisors manage held-away assets like 401(k)s. Clients input their 401(k) account login credentials into the platform, which allows the advisor to change allocations, rebalance and make other moves in held-away accounts without seeing the client’s credentials. 

Pontera’s open letter follows a recent move by Fidelity to have clients who use credential-sharing platforms reset their login credentials. The move, at least temporarily, caused some clients to question their use of the Pontera platform. 

​

‘We unapologetically stand for people’s right to choose how they get help with their family’s financial security,’ reads Pontera’s letter, signed by chief executive Yoav Zurel. ‘Fidelity does not appear to share those same values and is willing to leverage its massive market power to punish retirement savers – its own customers – operating under the guise of security to do so.’ 

​

[This statement by Pontera is 100% correct. Fidelity’s policy has nothing to do with security and it is potentially very harmful to 401(k) participants.]

​

The letter went on to accuse Fidelity of holding retirement savers captive for its own institutional economic interests, while also touting the fintech platform’s own data security practices and partnerships with other 401(k) record-keepers. 

​

To be sure, Fidelity does have its own in-house wealth management and financial planning offerings which it promotes to retirees and that competes with other RIAs. 

​

Yet the company, in a statement, attacked the merits of Pontera’s claims and said it is committed to data security for customers. 

​

‘If a customer chooses to work with an advisor to manage their 401(k), they can do so, as there are solutions and advisors available that leverage safe practices. Fidelity’s concerns are focused on how some advisors are gaining such access by using customer credentials,’ a Fidelity spokesperson said.

​

[The only “practices” in which Fidelity is referring are those Fidelity 401(k) administered plans where a Fidelity BrokerageLink (brokerage window) is available. First, only advisors on the Fidelity platform can utilize Fidelity BrokerageLink, again another form of Fidelity captive control over the market. Second, BrokerageLink provides many high cost mutual funds and high transaction fees. Simply a money grab by Fidelity.]

​

‘The practice of requiring a customer to share their login credentials with a third party – which are then stored with the third party – is widely regarded as unsafe and is not supported by Fidelity, particularly because it enables third parties to take actions, like executing trades, in all the customers’ Fidelity accounts,’ added the company spokesperson. 

​

[Another ridiculous statement by Fidelity. Login credential sharing is not only a widely accepted industry practice, it is acknowledged and regulated by the Securities and Exchange Commission (SEC) through their custody rule 206(4)-2. As for a fear of any access advisors have to client information or accounts, the advisor already has established a trust-based, contractual relationship with their clients that includes reviews and/or boundaries on the information and actions in which Fidelity is falsely sounding an alarm.]

​

A Pontera spokesperson said that an advisor using the platform ‘is only managing the accounts that they and the account owner (their client) have agreed to manage.’ 

​

Pontera has also said that Fidelity rejected a past offer to build an application programming interface (API), which broadly allows software applications to communicate with each other under defined conditions. 

​

[This statement by Pontera is 100% accurate. Fidelity has not taken logical steps to enable 401(k) participants the freedom to utilize the professional guidance of independent advisors. Rather, Fidelity has gone out of its way to create roadblocks. Fidelity is the only 401(k) administrator that has taken the draconian measure of disallowing 401(k) clients to share login credentials with an independent advisor. A practice that is widely accepted and is acknowledged and regulated by the SEC.]

​

The Fidelity-owned financial planning software eMoney, for instance, uses an API connection to integrate with multiple custodians, including Charles Schwab.

​

[Indeed, Fidelity’s eMoney software and Fidelity’s “Full View” feature on Fidelity.com leverage the login credentials of their clients’ other financial institutions to transfer financial data from those non-Fidelity financial institutions. Why is Fidelity not concerned about login credential sharing when it benefits Fidelity? A double standard and hypocritical to say the least.]

​

In a statement, a Fidelity spokesperson seemed to cast doubt on the API claim by Pontera. 

‘We can confirm that the fintechs created their business models and service offerings without consulting with Fidelity,’ the spokesperson said.

​

[Of course Fidelity can confirm this. Because they have rejected offers from many fintechs to work with Fidelity on applications that would allow independent advisors to assist 401(k) participants. Fidelity has intentionally not worked with these fintechs because they want to keep as many barriers in place as possible to hold this captive market hostage to utilizing only Fidelity offerings.]

​

In a phone interview, former Fidelity custody executive David Canter said that Fidelity has every right to protect sensitive customer data, calling Pontera’s letter ‘unnecessarily incendiary’ and troublesome. 

​

[David Canter is a former Fidelity Executive that is merely defending practices in place during his tenure at Fidelity. What is “unnecessarily incendiary” is Fidelity blocking 401(k) participants from working with independent investment advisors. Pontera is 100% correct that Fidelity is intentionally trying to limit competition under the guise of security, when in fact they can cite no security issues or breaches associated with login credential sharing of 401(k) accounts with independent advisors.]

​

‘Pontera is trying to get access where there’s no contractual right to do that,’ said Canter, who currently does consulting work with wealth firms. ‘Security of their client accounts is paramount and they have every right to protect it as they see fit.’

​

[Again, a ridiculous statement. The SEC acknowledges and regulates the practice of login credential sharing between clients and advisors. That is the law of the land. Fidelity has superseded this SEC regulated practice with a policy whose sole intent is to limit competition, not improve security.  If Fidelity truly considered “security of their client accounts” as paramount, they are looking in the wrong place. Fidelity’s client security issues are internal, not with the practices of independent advisors. In fact, in the past couple years alone at least three serious security issues have occurred internal to Fidelity. The Fidelity Insurance Company division suffered a cybersecurity breach in late 2023 that compromised more than 25,000 customer accounts. In Fidelity’s retail division, more than 76,000 customer accounts were compromised in a cybersecurity breach from August 17-19, 2024. Although personal information such as driver’s license, social security numbers, addresses, etc., were stolen, customers were not informed until two months later! In January 2025, Fidelity was fined by FINRA when it was determined that a Fidelity employee had been stealing from Fidelity customer accounts over an eight-year period, undetected by Fidelity.  The employee stole more than $750,000 of customer assets over that time period. Where are the examples of personal information or assets being stolen from 401(k) accounts as the result of credential sharing? There are not any!]

​

Fidelity, which had over 24m 401(k) plan participants as of the first quarter and administered $16.4tn in total assets as of June, is the only 401(k) record-keeper to publicly voice data security concerns with respect to credential-sharing platforms like Pontera.

​

[This is a very important point, and very telling about what is at the center of Fidelity’s incendiary policy.]

​

The fintech company has thus far struck formal partnerships with a handful of record-keepers, including 401GO and Manulife John Hancock. 

​

In the last two years, Pontera has publicly received scrutiny from regulators at the state level, with a small handful of states like Washington, Missouri and Colorado striking positions that its use constitutes an unethical business practice by advisors.

​

[Ultimately, all that limiting or restricting login credential sharing (a practice acknowledged and regulated by the SEC) accomplishes is to hurt 401(k) participants. There is a retirement crisis in America. Many Americans are simply not financially prepared for retirement. Defined Benefit Plans (401k) have largely replaced Defined Benefit Plans (traditional pensions). Limiting the access to professional advice for an individual’s 401(k) account only serves to make this retirement crisis worse. Fidelity’s only accomplishment with this policy is to hurt 401(k) participants. Fidelity wants to fatten their wallet at the expense of a more secure retirement for American workers.]

​

Other states have struck more accommodative positions, acknowledging the value to clients of the tool, while encouraging advisors to conduct proper due diligence. 

​

Most recently, Rhode Island issued guidance last week in support of advisors’ use of third-party platforms to manage held-away assets. 

​

[A wise and informed decision regarding login credential sharing.]

​

The New York City-based Pontera was formerly known as FeeX prior to a 2022 rebrand and has received funding from the Mark Zuckerberg-linked investment firm Iconiq, in late 2023. 

 

Responses [embedded in bold] were added to this article by:

​

Jacob Jung
Contributing Writer
Alliance for 401(k) Freedom

​

​​

Have questions or comments? Contact us today.