NAPFA ADVISOR

Back to NAPFA ADVISOR

 

COMPLIANCE CORNER

Print this Article
Facebook   Twitter   LinkedIn   YouTube

Regulatory Update for State-Registered Advisers

By Scott Snipkie, J.D. 

New administrations bring change and uncertainty. One of the more frequent responses I’ve been hearing to questions about what to expect from the second Trump administration, though, doesn’t apply to the new administration at all; to paraphrase: Expect the states to move in and pick up the mantle of enforcement and regulation. We were already seeing the states filling regulatory space even before the change of administration, and in an unexpected area: custody, or better put, operational solutions for custody.

For the unaware, Pontera is a fintech company with a software solution that allows advisers to manage assets in held-away client accounts such as 401(k)s, which are difficult to access without activating custody tripwires. Pontera’s foray into held-away accounts is roughly five years old, and began with little pushback from regulators. Recently, though, a raft of warnings have come in from state regulators asserting that advisers’ use of Pontera may violate their regulatory schemes in a number of ways.

The Timeline

Washington led the charge in late 2023, alleging because clients provide login information to Pontera to allow access to held-away accounts (even though advisers do not have access to this login information), this practice may run afoul of its regulatory code, which prohibits “[a]ccessing a client’s account by using the client’s own unique identifying information (such as username and password).” Additionally, Washington expressed concern that in providing access to a third party, clients are inadvertently violating their terms of service with their 401(k) custodian.  

In the intervening period, several other states have joined in warning their advisers: Missouri in May 2024, Nebraska and Ohio in March 2025, and Colorado in May 2025. Most of the more recent warnings didn’t mention Pontera specifically, but instead discussed non-specific, third-party platforms used to access and trade in clients’ held-away accounts. Colorado’s warning did identify Pontera specifically, though, and even took aim at third-party platforms that provide view-only access.  

The more recent warnings from state regulators were similar in substance to Washington’s first shot across the bow with a few tweaks. Nebraska, Ohio, and Colorado all cited prohibitions on advisers accessing clients’ accounts through the use of their logins, just like Washington. Additionally, all three noted concerns akin to Washington’s about voiding the terms and conditions of clients’ agreements with custodians; however, Nebraska and Ohio raised new concerns that such access may disrupt custodians’ AML and Bank Secrecy Act compliance. Nebraska, Ohio, and Colorado also raised custody concerns advising users to ensure they couldn’t access or withdraw funds from clients’ held-away accounts and to be wary of any service that adds the firm or its representatives as supplemental or authorized users. Finally, both Nebraska and Ohio raised additional concerns about fees charged by such third parties and advisers who charge fees for managing held-away accounts, questioning whether any of those practices might violate their prohibitions on charging “unreasonable” fees.

What This Means

So, what does it all mean? That’s hard to say. It’s no secret that some state securities agencies are more aggressive than others. It’s also no secret that there is an organization, the North American Securities Administrators Association (NASAA), where state regulators share ideas and work together on joint projects such as enforcement actions and model regulations. (Most state’s securities regulations are just a variation of the model rules promulgated by NASAA.) So, it’s only fair to assume that Pontera got onto Washington’s radar, creating a knock-on effect.  

Currently, there hasn’t been any movement from the SEC about Pontera, and to be clear, even the warnings by state regulators are only that—although they do seem definitive and are certainly strongly worded. Thus far, though, there have been no enforcement actions of note taken in the states on this matter. So, where does this leave you? Using a third-party platform to manage clients’ held-away assets creates operational risks any adviser needs to weigh individually but whether your home state regulator has taken a position on the practice and, if so, is reviewing it, is a big consideration, so keep this on your radar as it develops.

Some New Guidance

Staying with the theme of new custody guidance from the states, Tennessee issued a new statement of policy related to standing letters of authorization (SLOA) last year. A quick refresher:

  • A standing letter of authorization allows an adviser to move money or trigger disbursals from a client’s custodial account without obtaining authorization every time.  
  • The SEC issued guidance about SLOAs in February 2017, dividing them into two types: first- and third-party SLOAs. A first-party SLOA, generally speaking, allows the transfer of funds from a custodial account to a like-titled account (i.e., Jane Doe IRA to Jane Doe Checking Account), and a third-party SLOA allows transfers to non-like-titled accounts (i.e., Jane Doe IRA to Jane and John Doe Checking Account).  
  • The SEC noted first-party SLOAs are essentially fine but third-party SLOAs require a bit more oversight because there is a greater, albeit still small, possibility of theft there.  
  • Of all the required oversight, most performed by the custodian, the component most critical to advisers is ensuring and maintaining records showing that for third-party SLOAs, the third party was neither located at nor related to the adviser. Where the firm complied they wouldn’t need to get a surprise annual audit.  

Back to Tennessee; its new guidance says it isn’t required to follow the SEC’s guidance, that adopting the SEC’s policy would be contrary to the purpose of its regulations, and that regardless of who is receiving the funds from a SLOA, advisers who use them have custody. The Tennessee guidance comes more than seven years after the SEC’s and after every other state adopted the SEC’s position.  

Undoubtedly, SLOAs streamline operations, and additionally, they appear to pose very little fraud risk. As such, Tennessee’s position, making it the lone outlier of all 50 states, is a bit of a head scratcher. So, as with the above, where does this leave you? Unfortunately, if you’re a state-registered adviser whose primary place of business is in Tennessee, your regulator has made it impossible to use SLOAs without getting the surprise annual audit; one of your only forms of recourse may be to call your legislator. Hopefully, Tennessee’s position on SLOAs doesn’t spread like Washington’s concerns about Pontera.

Scott Snipkie (University of Missouri JD, MA; Penn State BA), joined Adviser Compliance Services in 2019 following time with the Missouri Attorney General and Missouri Securities as Enforcement Counsel; he specializes in assisting Chief Compliance Officers fulfill their regulatory obligations. Reach him at scott@advisercompliancesvcs.com or 573-416-8076. 

image credit: Adobe Stock Images

 

Back to NAPFA ADVISOR