PONTERA AND CREDENTIAL ACCESS PLATFORM GUIDANCE

PONTERA AND CREDENTIAL ACCESS PLATFORM GUIDANCE

We have recently become aware of a regulatory sweep focused on firms that utilize Pontera and similar credentialed-access platforms to manage held-away accounts. In light of the heightened regulatory scrutiny and the operational and client-protection risks associated with sharing online credentials, forwarding multi-factor authentication (MFA) credentials and potential limitations on custodial fraud protections, the Firm is implementing the attached policy and client communication for Pontera-connected accounts. 

What’s changing

  • No new Pontera onboarding: Effective immediately, the Firm prohibits opening, connecting, or facilitating any new client accounts through Pontera or any similar platform that requires the access of client credentials for held-away accounts.
  • Legacy accounts only: Existing Pontera-connected accounts established prior to this policy may remain active, but only under supervision and administration equivalent to any other managed account. The firm must have client signed consent to continue the use of Pontera to manage held away assets

Concerns driving this action

  • Credential/MFA handling risk: The sharing of client credentials presents operational and client-protection concerns as does the forwarding MFA or one-time passcodes to enable access
  • Potential limits on fraud protections: Because Pontera access may be treated by the outside institution as client-authorized activity (e.g., using the client’s credentials/devices), certain fraud protections, reimbursement rights, or guarantees that would otherwise apply to unauthorized activity may be limited or disputed by the financial institution.

Why is Pontera prohibited and not Plaid or ByAllAccounts?
  1. Pontera and similar tools enable credentialed trading and allocation changes in outside accounts.  Services like ByAllAccounts are limited to read-only aggregation that imports data. They do not support trading, reallocations or other such activity within the account. 
Key requirements for legacy Pontera accounts

  • Supervision and portfolio management: Legacy Pontera accounts must be managed, monitored, reviewed, billed, and documented like any comparable managed account
  • No credential sharing: Only authorized Firm personnel may use Pontera. Shared credentials is prohibited
  • Trade errors: Any trade error must be escalated to Compliance immediately, with full documentation. Corrections at outside custodians must be handled with the client participating in the communication to ensure transparency and proper authorization
  • Reporting and reconciliation: Include legacy Pontera accounts in normal reporting, reconciliation, and fee reviews.
  • Documentation: Maintain complete and accurate records. This includes retaining documentation related to all client authorizations, communications, trading activity, error corrections, supervisory reviews, system access, and any exceptions.
  • Exceptions: Any exception requires prior written approval of the CCO;
  • Acknowledgment: The firm must obtain the client’s signed agreement (or disagreement) to continue allowing Pontera access and retain it in the client file

Advisor Take Aways:

  • Do not open or connect any new Pontera accounts
  • Identify your legacy Pontera accounts and confirm they are suitable for continued management under the policy
  • Ensure legacy Pontera accounts are included in your standard portfolio oversight, trading surveillance, reporting, and reconciliation workflows
  • Follow trade-error procedures, including client participation when coordinating corrections with outside institutions
  • Immediately escalate any operational issues, data discrepancies, rejected orders, suspected fraud, or client complaints to Compliance

For questions, contact Compliance mallc.compliance@mutual.group



    • Related Articles

    • Block Trading Guidance

      Block Trading Guidance ADVISOR-INITIATED TRANSACTIONS VS CLIENT-INITIATED TRANSACTIONS Advisor-initiated transactions are those transactions that are a result of a decision made by the advisor on behalf of the client(s), such as a decision to buy or ...

    • Alternative Investment Policy Guidance

      Definitions Alternative Investments: These are non-publicly traded financial assets that are typically illiquid and less regulated. Examples include private equity, hedge funds, real estate, commodities, and collectibles. Accredited Investors: ...

    • Advisors' Custody Guidance

      Custody Guidance Inadvertent Custody The SEC describes taking custody of client assets as an advisor who holds, directly or indirectly, client funds or securities OR who has the authority to obtain possession of them. This last part of the definition ...

    • The Advertising Rule Policy Guidance

      The Advertising Rule Policy Guidance Many of you are aware of the impending deadline for the new Advertising Rule (“the new rule”). As of November 4, 2022, all registered investment advisers must be prepared to comply with all aspects of the new ...

    • How to Access Cabinet

      Cabinet is the document repository that Mutual uses to store applications and agreements that have been executed with investor clients. Below are the steps to access Cabinet through Nexus. Log into Nexus with single-sign-on (SSO) via the Power Portal ...