Pontera's Commitment to Client Protection

Publication date: September 26, 2025

Our Mission

We developed Pontera with one mission in mind, to help people retire with greater financial security. Through our platform, financial advisors have a secure means to review and manage your retirement plan accounts as a part of your personalized financial strategy.

We understand that retirement savers have a growing need for advisory services and digital tools to help them budget, bank, and invest across all their financial accounts. Today’s average consumer uses three to four financial apps, and most believe that the ability to connect their accounts to apps and services is among the top priorities when choosing a bank.

Our goal is to ensure that you are able to receive the advice and support you need while your accounts remain protected.

Our Promise

At Pontera, protecting your retirement savings is at the heart of everything we do. We designed our platform so that the financial advisors you choose can help you manage and rebalance your retirement accounts securely.

Every connection, every interaction, and every record is safeguarded by enterprise-grade cybersecurity, independent audits, and rigorous compliance standards. Every action on Pontera is logged in a secure, uneditable record.

Our promise is simple: Pontera will reimburse you for losses from unauthorized activity in your Covered Accounts occurring through Pontera’s platform. You can find information below about the eligibility, the coverage and other important details. This is Pontera's Commitment to Client Protection.

Covered Accounts are your held-away, retirement plan accounts (e.g., 401(k), 403(b), 457, or other workplace retirement accounts) that are connected to Pontera and managed by your financial advisor (“Pontera Supported Accounts”). It also includes any other accounts you may own that are held at the same financial institution as your Pontera Supported Accounts using the same login credentials. See What’s Not Covered for more information on Covered Accounts. 

What’s Not Covered 

Pontera's Commitment to Client Protection protects you against loss in your Covered Accounts due to an unauthorized activity that occurs through Pontera’s platform. It does not cover losses to the extent they arise from something other than unauthorized activities in your Covered Accounts through Pontera’s platform. 

As examples, Pontera does not cover losses that result from, directly or indirectly:

  • Your own actions or actions by financial intermediaries or other third parties you authorized outside of Pontera.
  • Actions of third parties you shared your login credentials with outside of Pontera or otherwise authorized to take actions with respect to your Covered Accounts or its assets.
  • Actions by your employer, plan administrator or their employees, representatives or agents.
  • Cybersecurity breaches or other system failures at third parties, including, without limitation, recordkeepers or custodians, that are unrelated to Pontera.
  • Advisor investment decisions, market movement, or normal investment risk. These actions are not covered because your advisor is authorized by you to manage the assets held in your accounts. Your advisor acts as a fiduciary to you and is solely responsible for their investment decisions. Pontera does not supervise or direct your advisor’s investment strategies, allocation changes, or financial planning choices. Please note that your advisor cannot withdraw or transfer the assets held in your account or change beneficiaries to your accounts using Pontera. 

Pontera's Commitment to Client Protection also does not cover accounts that are not connected to the Pontera platform or assets that are not held in a Covered Account.

Pontera is not liable for additional or increased losses resulting from your failure to report unauthorized activity in a timely manner.  Pontera does not cover taxes, legal fees, lost opportunity costs, consequential/non-monetary damages, or other amounts that have been or are eligible to be reimbursed, for example, by a depository bank, outside investment provider or through insurance.

Your Role

To remain eligible for Pontera's Commitment to Client Protection, you must:

  • Use Pontera only to connect your accounts and to allow your investment advisor to manage such accounts.
  • Enable multi-factor authentication (MFA) with your recordkeeper when available for heightened security protection.
  • Keep your contact information up to date.
  • Monitor activities in your account regularly.
  • Immediately report any suspicious activity in your Covered Accounts to your advisor and to Pontera.
  • Cooperate with the investigation and any related actions.

How Can I Better Protect My Accounts?

We need to work together to keep your accounts secure. Pontera strongly encourages you and your advisor to take reasonable steps to protect your online security, including:

  • Enabling multi-factor authentication whenever available for heightened security protection.
  • Using strong, unique passwords.
  • Updating passwords regularly.
  • Reviewing your financial accounts regularly for suspicious activity.
  • Maintaining protections on your personal devices, including timely software updates and trusted antivirus tools.
  • Learning how to recognize and avoid common threats such as phishing, identity-based attacks, and malware.

If You Suspect Unauthorized Activity

Contact your financial advisor and Pontera’s Client Connection Desk immediately:

Call the Client Connection Desk at +1 (646) 461-3213
Mon - Fri 9:00AM - 5:00PM (EST)
Schedule a call here.
Email us at clientconnection@pontera.com.

We will ask for your cooperation with our investigation and may require you to take follow up actions. Pontera may require you to assign certain rights or sign a release form as a condition to receiving financial support from Pontera. 

How We Keep Your Information Safe

When you authorize the use of Pontera, you’re entrusting us with your retirement account information and enabling your personal financial advisor to securely manage your account. We take meaningful steps to protect your data and assets.

Our robust cybersecurity and data privacy strategies are underpinned by Zero Trust Architecture and meet or exceed globally-recognized standards including  SOC 2 Type II Certification by Ernst & Young and ISO/IEC 27001 compliance as certified by an accredited ISO body.

Measures we take to safeguard your information include:

  • Rigorous privacy protection: We do not disclose your retirement plan account website credentials to anyone — including your financial advisor. Your information belongs to you only, and we do not sell or rent it to anyone. See our Privacy Policy.  
  • Enterprise-Grade Security: Controls aligned with CIS Benchmarks and NIST guidelines.
  • Independent Audits: We meet or exceed globally-recognized standards. Our systems are SOC 2 Type II certified and ISO/IEC 27001 compliant, with regular penetration testing for added rigor.
  • Continuous Testing & Bug Bounty: Ongoing vulnerability scans plus a private bug bounty program with HackerOne.
  • 24/7 Monitoring & Response: Real-time monitoring with tested incident response procedures.
  • Data Protection – Encryption at rest and in transit, ensuring confidentiality and integrity.
  • Zero Trust Architecture – Strict least-privilege access and authentication for every system request.
  • Workforce Safeguards – Employee background checks, confidentiality agreements, and mandatory training.
  • Reliability & Continuity – Resilient system design, disaster recovery, and secure backups.
  • Audit Trail – Every advisor action is captured in an uneditable supervision log for transparency and compliance.

Frequently Asked Questions

Do I have to do anything to get this protection?

Pontera's Commitment to Client Protection is available for all Covered Accounts you connect through our platform. See Your Role

How can Pontera tell if an unauthorized activity occurred through Pontera?

Pontera records every action taken through our platform in an uneditable log stored securely with backups, ensuring a clear distinction between activities performed through Pontera and activity performed elsewhere.  

When you report a suspicious activity, Pontera will, among other things, investigate using the same uneditable logs to confirm if the activity was unauthorized and whether it originated through Pontera.

Are my financial advisor’s investment decisions or investment performance covered?

No. Pontera's Commitment to Client Protection applies only to unauthorized activity through Pontera’s platform. Advisor-directed investment decisions, market performance, or account value changes from the advisor’s rebalancing or reallocation instructions are not covered. See What’s Not Covered.

How does Pontera help my advisor protect my accounts?

Pontera acts as a secure layer between you and your advisor. Your advisor can analyze, monitor, and rebalance your retirement accounts, but cannot transfer money, withdraw funds, or change beneficiaries.  

***

Our Commitment to Client Protection does not alter or supersede any agreements that you have with Pontera, or, if and to the extent applicable, any rights or protections that might be provided to customers under Regulation E, and is offered under the laws of the State of New York. Check back here for updates, which are effective as of the publication date. Pontera's Commitment to Client Protection is not intended to serve as a contract with any third parties or as an insurance product.