Introduction
The Texas State Securities Board (“TSSB”) recently issued guidance, effective July 2025, addressing the responsibilities of investment advisers when using data aggregation services and third-party platforms. While the guidance is directed at advisers registered in Texas, its principles carry broader implications for broker-dealers, financial planners, custodians, and other financial services firms that rely on technology providers to access, consolidate, or present client financial information.
The TSSB’s guidance reflects a growing regulatory trend: as firms adopt technology-driven solutions to improve efficiency and client engagement, regulators expect firms to maintain robust due diligence, oversight, and disclosure practices. The core message is clear … technology does not diminish fiduciary or supervisory obligations.
Why Data Aggregation Matters
Data aggregation tools are now widely used across the financial services industry. They allow firms to collect and display client account information from multiple custodians, recordkeepers, or financial institutions in a consolidated view. These tools can enhance financial planning, improve monitoring of held-away assets, such as alternative investments, 401(k)s or annuities, and help deliver more holistic advice.
At the same time, aggregation services introduce unique risks. They may involve sensitive credential-sharing, indirect data connections without formal custodial relationships, or vendor access to client information. Inadequate oversight of these services can create vulnerabilities in cybersecurity, recordkeeping, and client trust, all of which are areas that regulators increasingly scrutinize.
Core Elements of the Guidance
The guidance highlights four key areas of regulatory focus.
- Due Diligence on Vendors. The TSSB emphasizes that firms must perform thorough due diligence before approving any data aggregation provider. Reviews should assess platform functionality, such as read-only vs. transactional capabilities, cybersecurity safeguards, vendor breach history, and contractual terms to ensure no unintended custody or control is created. Recordkeeping obligations must also be considered, including how records are maintained and accessed if services are terminated.
- Clear Client Disclosures and Consents. Clients should be provided with clear disclosures that explain the scope of services, potential risks, and limitations of data aggregators. Firms should also review the vendor’s own disclosures and ensure they align with fiduciary and compliance obligations. Obtaining the informed consent of clients is critical.
- Fiduciary Responsibilities and Fees. The use of technology does not lessen a firm’s fiduciary or supervisory responsibilities. Advisers and other financial professionals must continue to act in the client’s best interests and ensure that fees remain reasonable given the level of service provided. If an aggregator is used primarily for monitoring accounts without discretionary authority, fees must fairly reflect that limited role.
- Ongoing Oversight. Vendor oversight cannot be a “set it and forget it” exercise. Firms need to conduct ongoing monitoring, including annual reviews of approved vendors and re-assessment whenever material changes occur (e.g., expanded trading capabilities or modified data-sharing terms).
Implications for All Financial Services Firms
Although the guidance originates in Texas and applies directly to state-registered investment advisers, its themes echo broader regulatory priorities at both the SEC and FINRA. Broker-dealers, dual registrants, and financial planning firms should view these standards as a roadmap for building stronger compliance programs around third-party technology use.
Practical steps for all firms include:
- Establishing a vendor due diligence program that evaluates cybersecurity, functionality, and contractual terms.
- Maintaining a vendor oversight calendar with annual reviews and re-approvals.
- Updating client disclosures to address the role of aggregation tools, the risks involved, and client choices.
- Ensuring that supervisory procedures cover both the selection and the ongoing use of these platforms.
- Aligning fees and services to ensure clients are charged appropriately for the level of access or advice provided.
Conclusion
The TSSB’s July 2025 guidance underscores the reality that regulators expect financial services firms to keep pace with evolving technology while maintaining core investor protection standards. Whether a firm is a Texas-registered adviser, a national RIA, or a FINRA member broker-dealer, the message is the same: due diligence, disclosures, and oversight remain essential.
By adopting these best practices now, firms can not only remain compliant but also strengthen client trust in an era where technology and data are central to financial advice.