What's Behind Fidelity's Move to Restrict 401(k) Login Sharing

What You Need to Know

The move affects the access of fintech firms that serve clients with billions of dollars custodied at Fidelity.
The firm characterized the move as part of an effort to safeguard customer data and privacy.
It will take some time for the marketplace to put Fidelity’s decision into context.

Today’s increasingly tech-enabled advisors face nuanced decisions about balancing cybersecurity concerns with clients’ account-accessibility expectations and their own long-term competitive considerations. It’s a tension that sources say is clearly reflected in the recent decision by Fidelity to prevent platforms reliant on credential sharing from accessing and taking action in customer accounts held on its platform.

“Credential sharing presents security risks to our customers, particularly when it enables third parties to take high-risk actions, such as executing trades within the accounts,” Fidelity’s announcement reads. “This change is with customers’ best interests in mind to enhance security and reduce customer data exposure. We anticipate these changes will be minimally disruptive to participants.”

The move, first reported Friday by Financial Advisor IQ, came as an apparent surprise to the growing set of financial technology firms that have built client-service capabilities that “reach into” third-party platforms (like Fidelity’s) in order to access information and, in some cases, make changes to accounts.

Among these firms is Pontera. Asked for comment about Fidelity’s announcement, Pontera replied by saying “safety and security are core to our company.”

“We are committed to helping Americans make the most of their retirement savings,” the statement continued. “We maintain strong relationships with recordkeepers and aim to partner to deliver the best outcomes for shared customers.”

What’s Going On?

The initial coverage suggested that Fidelity’s decision surprised Pontera and its peers, who were reported to be urging their advisors who are in touch with Fidelity to argue that the firm reconsider. As noted in the story, advisors who use Pontera serve clients with billions of dollars in custody on the Fidelity platform.

For its part, Fidelity’s statement painted the move as the latest step in an ongoing effort to safeguard customer data and privacy. In late 2023, the announcement points out, Fidelity took another big step to address unsafe data sharing practices by working toward eliminating screen scraping on its platform.

Ultimately, as sources familiar with the matter emphasized to ThinkAdvisor, it will take some time for the marketplace to fully understand how Fidelity’s decision may affect advisors, tech providers and clients — not to mention the recordkeeping firm itself.

It also remains to be seen how other big firms might react. What is clear is that the manifold tension between meeting clients’ and advisors’ expectations about account access while also maintaining account security and protecting established firms’ market share from leakage won’t be resolved overnight.

Growing Industry Tension

Asked to help interpret what Fidelity’s decision could mean for advisors and the recordkeeping marketplace in general, Sima Gandhi, who ran policy and banking relationships at Plaid and is currently a senior advisor at FS Vector, compared the developments to issues that have arisen in the banking industry stemming from Section 1033 of the Dodd-Frank Wall Street Reform and Consumer Protection Act.

Section 1033 gives consumers the right to access and share their financial data by requiring that financial services providers make available to consumers — and representatives acting on their behalf — certain information in those providers’ control. This can include information like a consumer’s transactions or the balance in a financial account.