For years, employees with workplace retirement plans like 401(k)s were largely expected to choose investments from a menu provided by the investment companies hired by their employer and then manage the investments on their own.
But now, upstart financial technology firms are connecting outside financial advisers to employer-sponsored plans, allowing the advisers to take steps like rebalancing accounts on behalf of their clients.
At least one investment company is resisting the financial tech firms’ moves. And both employees and the outside advisers are finding themselves caught in a tug of war over who can manage these retirement accounts and how they do it.
Fidelity Investments, the country’s biggest 401(k) administrator, has been warning investors in these plans that they may lose online access to their accounts, and that it could even void certain customer protections, if they share their online credentials with firms offering such tools.
One investor who was temporarily locked out of his account at Fidelity was Kelly Havins, 63, a grocery brand consultant in Phoenix. Mr. Havins said he had hired a financial adviser who offers 401(k) management through a service provided by a technology firm called Pontera. “I don’t have the time or the understanding” to manage investments, he said.
In late August, Mr. Havins received a letter from Fidelity, saying that because he had shared his login with an outside provider, he had to contact the company to reset his credentials — or risk being barred from online access to his 401(k).
“I was surprised,” Mr. Havins said. “I thought it was a scam.”
On Sept. 4, with a deadline for losing access approaching, he called Fidelity. “They said, ‘We have to make sure it’s you,’” he recalled, and asked him to email a copy of his driver’s license. He declined. “I said: ‘I’m not comfortable with that. You know who I am,’” Mr. Havins said. “And they said, ‘Consider yourself locked out.’”
The next day, he said, he was unable to log into his account. He was eventually able to reset his credentials and regain access with the help of his financial adviser. But his account could be flagged again.
Many affected plan participants who contacted Fidelity to reset their credentials said they were unaware they had shared them, Fidelity said.
What’s different about the new 401(k) digital access tools?
Some earlier digital tools, like Fidelity’s eMoney financial planning software, gave advisers “read only” access to workplace plans, allowing them to simply view data. Pontera and a handful of competitors go further, providing digital tools that allow advisers to take action within the 401(k), like rebalancing accounts to make sure investments reflect the client’s goals and comfort with risk.
Investment advisers say the access is significant because it allows them to better coordinate holdings in workplace plans with a client’s other investments when deciding how to allocate funds. That helps make sure the client does not have too much invested in stocks, for instance.
Pontera promotes its service to advisers, who invite their clients to connect their accounts to Pontera’s platform via a screen at the office or an email. The advisers can’t see or gain access to the credentials, which are held by Pontera; its system taps into Fidelity to carry out the adviser’s instructions. Pontera charges the advisers a fee on the assets managed through its platform
“Pontera has been a game changer,” said Carl Szasz, founder of Verde Capital Management in Clarkston, Mich. Because he is a fiduciary — meaning he must act in his clients’ best interests — he wants to include his clients’ workplace accounts in their financial management plan, he said. “I want to be able to act and do my job.”
The employer-based retirement market is vast. Americans held $13 trillion in all employer-based plans, including $9.3 trillion in 401(k) plans, according to midyear data from the Investment Company Institute.
What do workplace retirement plan administrators think of the tools?
Fidelity, with more than 24 million plan participants in some 25,000 corporate plans, is wary of some of the new tools. The retirement giant had been warning for nearly a year that it would move to bar certain fintech firms from its employer-sponsored accounts because the firms tap into the accounts with user names and passwords shared with them by investors working with their clients.
“Credential sharing presents security risks to our customers,” Fidelity said in September 2024, “particularly when it enables third parties to take high-risk actions, such as executing trades within the account.”
Fidelity recently began making good on that warning, cutting off online access to savers if they shared their credentials with digital tools that gave their advisers access to their accounts.
Mr. Szasz said about 190 of his firm’s clients with accounts at Fidelity were disconnected. Some have been able to reconnect, but others have not.
“They’re stopping people from accessing their own accounts,” he said. “We’re stuck in the middle.”
He noted that Fidelity offered financial advisement through its own network, so it might have an incentive to limit access by outside advisers.
Fidelity said in an email that its efforts to require participants to update their credentials weren’t focusing on whether third-party advisers should have access to a participant’s account. “We are focused on how some advisers are gaining such access by using customer credentials,” it said.
Other 401(k) administrators seem comfortable with Pontera. The firm, for instance, recently announced a “collaboration” with Manulife John Hancock Retirement.
“We’ve done our due diligence,” said Wayne Park, the retirement firm’s chief executive, adding that “their security is up to our standards.” Having a secure digital connection, he said, is superior to old-school alternatives, like having clients deliver stacks of paper statements to their advisers.
Do the new tools comply with financial regulations?
Pontera says its model, in which investors authorize it to act as their agent, fits into various regulatory frameworks, including Securities and Exchange Commission guidance on how financial advisers may gain access to workplace accounts. Advisers working with Pontera don’t have access to a client’s login credentials — that is managed by Pontera — and they can’t withdraw or transfer funds or change beneficiaries, steps that would signal they had taken “custody” of the account.
“Consumers have rights to ask that an agent perform an action for them,” Zachary Pardes, a Pontera spokesman, said in an email. “This is not a gray area.”
Yoav Zurel, Pontera’s chief executive, said, “This is what customers want, and it’s their money.”
Asked for comment, the S.E.C. press office sent an email on Wednesday saying it was unable to respond because of the government shutdown.
Competing firms provide similar services but operate differently. Absolute Capital of Pittsburgh also helps financial advisers manage their clients’ workplace retirement plans. But it has formal agreements with retirement plan custodians so when it taps into a customer’s 401(k), the plan knows it is Absolute Capital. (With Pontera’s model, the firm is logging in as the client.)
“We come in through the front door,” said Brenden Gebben, the company’s chief executive. “We’re recognized as the authorized agent.”
Some state regulators, who generally oversee smaller advisory firms, have raised concerns, including those in Colorado. Some other states, like Rhode Island, have said using the tools is acceptable as long as advisers discuss them with clients and act in keeping with their fiduciary duties.
Pontera acknowledged that it did not have a formal data-sharing agreement with Fidelity, but maintained that it wasn’t required to have one, in part because plan participants grant the firm access to their information.
Pontera says client credentials are stored in a digital “vault” and protected by multiple layers of encryption.
Corey Frayer, director of investor protection at the Consumer Federation of America, said Fidelity’s concerns about cybersecurity were “legitimate” because Pontera had access to its accounts without a software gateway, known as an API connection. So it’s possible Pontera could gain access to information beyond what the client intends.
Pontera said that a year ago, it offered to create an API and customize its access to Fidelity accounts, but that Fidelity had not responded to its request.
Why would someone want an outside adviser to manage a 401(k)?
Traditionally, 401(k) and similar defined contribution plans were largely off limits to financial advisers until the employee left the company or retired.
The plans first became widely available in the 1980s, and early versions generally offered a limited menu of mutual funds. The addition of target-date funds, intended to automatically become less risky as an investor’s retirement approaches, further simplified options.
But in recent years, 401(k) plan offerings have become more complex, and some investors need more help to stay on track for retirement, advisers argue. Some plans now offer the option to invest in riskier alternative investments, like cryptocurrency and gold. And menus have expanded. Some plans offer brokerage windows, which let more savvy investors place trades themselves in a much broader selection of investments.
Could advisers get access to workplace plans in the past?
If people with an employer-based retirement account wanted professional advice from an independent adviser, they would typically send account statements to their advisers. Or they could visit the adviser’s office, log into the accounts in person and view the investments together. (Fidelity says it supports that approach.)
Advisers would make recommendations to their clients, who would then have to enact the changes themselves.
The problem is that clients often fail to enact the changes, said Kyle Louvar, chief executive of Guided Capital Wealth Management in Houston, where Mr. Havins is a client. “We’d agree on a plan, but they would oftentimes forget,” he said.
What should savers know about having an adviser manage a 401(k)?
Having your adviser manage your 401(k) directly may be more expensive than doing it yourself. Pontera charges advisers fees of 20 to 30 basis points — 0.2 to 0.3 percent — on assets managed through its platform. Mr. Frayer said firms probably passed those costs on to their clients.
Mr. Frayer said clients should consider whether it was realistic to expect that their adviser would help them beat the market, if they were also paying higher fees. Even if cybersecurity concerns are resolved, he said, “I see the fees passed on as a core issue.”
Some retirement plans offer automatic rebalancing, said Ben Henry-Moreland, a certified financial planner who writes for Kitces.com, and savers invested in target-date funds don’t generally need to rebalance because the funds’ investment mix adjusts as they age.
The post Fintech Start-Ups and Investment Firms Are Battling Over Your 401(k) appeared first on New York Times.
