Held-Away Account Aggregation: 3 Routing Methods 2026
Key Takeaways
Held-away account aggregation is the process of collecting account data from financial institutions the advisor does not directly manage — 401(k)s, HSAs, deferred compensation plans, real estate holdings — and routing that data into the advisor's planning or reporting system.
SEC-registered RIAs: 15,400+ retail-serving according to SIFMA 2024 industry factbook (2024), and a growing proportion of them are expanding their service model to include comprehensive planning that requires held-away data.
The routing problem is real: each held-away custodian or plan provider has a different aggregation method — some support Plaid or Finicity links, some require manual credential entry, some need a form request, and some require a separate custodian-specific authorization.
Three routing approaches exist: manual request-by-email, aggregation-platform-native routing, and automated orchestration. Cost and error rates differ significantly across all three.
The automation approach routes each aggregation request to the correct method based on institution type, surfaces credentialing errors in real time, and updates the planning system when data refreshes.
Comprehensive financial planning requires a complete balance sheet. For most clients, that means accounts the advisor does not custody: a 401(k) at Empower, a deferred compensation plan at Fidelity NetBenefits, a brokerage account at Vanguard, and sometimes a real estate partnership interest or an old pension. The advisor needs this data. Getting it is the operational problem.
Held-away account aggregation is not a new concept — platforms like eMoney, MoneyGuidePro, and Orion Planning have offered aggregation modules for years. The routing problem is that aggregation is not one method. Some institutions support direct API links through Plaid or Finicity. Some require a username and password that the client stores in the aggregation platform. Some require a manual data entry request form. Some require a custodian-specific authorization document that needs to be signed, submitted, and processed before data flows.
When an advisor firm manages 300 clients and each client has an average of 2.4 held-away accounts, that is 720 aggregation links — each with its own routing method, each subject to re-authentication when credentials change or the institution updates its security posture.
This guide compares the cost and accuracy of three routing approaches and shows the orchestration workflow that handles institution-type routing, credential error detection, and planning system updates without a staff member managing each link manually.
Who This Is For
This guide fits:
RIA firms: $100M–$2B AUM, 100–500 client relationships, 1–3 operations staff
Planning stack: eMoney, MoneyGuidePro, RightCapital, or Orion Planning
Current pain: Aggregation setup requires a staff member to manually guide each client through the correct linking method; credential errors surface days later rather than in real time
Held-away exposure: Average client has 2+ accounts outside the custodied book
Red flags — skip this if:
Your firm serves clients with fewer than 2 held-away accounts on average — the routing complexity is low enough that the built-in aggregation tool handles it
Your planning platform's native aggregation covers all institution types your clients use without manual intervention
You have fewer than 50 held-away links to manage — manual oversight at that scale is feasible
The Routing Problem: Why One Method Doesn't Cover All Institutions
Aggregation platforms categorize institutions into tiers based on their connectivity model:
| Connectivity Tier | How It Works | Common Institutions | Re-auth Frequency |
|---|---|---|---|
| Direct data feed (FDX/API) | Advisor platform connects directly via OAuth | Schwab, Fidelity, TD, Vanguard | Rarely (token-based) |
| Credential-based aggregation | Client enters login credentials; platform scrapes | Most 401(k) providers, credit unions | Every 30–90 days |
| Manual request form | Advisor or client submits request; provider uploads data | Pension plans, deferred comp | Quarterly or on-demand |
| Document-based authorization | Signed authorization + submission; manual processing | Some bank custodians, trust accounts | Annual or on-request |
An automated routing layer knows which tier applies to each institution and sends the client or staff member the correct instruction — without a human having to look it up.
Three Routing Methods: Cost and Error Rate Comparison
Method 1: Manual Email Routing
The operations associate receives a new client and sends a manual email explaining how to link each held-away account, with instructions tailored to the institution. If the client can't complete the link, a follow-up call is scheduled.
Average setup time per client: 45–90 minutes across all held-away accounts
Re-authentication management: Manual — associate monitors aggregation platform for failed connections and contacts client
Error detection lag: 3–7 days (the next scheduled data review)
Staff time per 100 clients/year: 80–160 hours (setup + credential maintenance)
Method 2: Aggregation Platform-Native Routing
eMoney, MoneyGuidePro, and similar platforms include guided aggregation flows. Clients are sent a link and walk through institution search and credential entry.
Average setup time per client: 25–40 minutes
Re-authentication management: Platform sends alerts when a connection fails; client must re-authenticate
Error detection lag: 24–48 hours (platform checks connections on a cycle)
Staff time per 100 clients/year: 40–70 hours (monitoring + re-auth follow-up)
Method 3: Automated Orchestration (Recommended for 100+ clients)
An orchestration layer receives a new client record, identifies all held-away accounts from the financial plan intake, looks up each institution in a routing table, sends the client a sequenced setup flow with institution-specific instructions, monitors each connection for errors in real time, and routes re-authentication requests to the client automatically when a credential expires.
Average setup time per client: 8–15 minutes (client completes sequenced instructions; no staff involved)
Re-authentication management: Automated — credential failure triggers immediate client notification with institution-specific re-auth instructions
Error detection lag: Real-time (connection events monitored continuously)
Staff time per 100 clients/year: 10–18 hours (exception review only)
Routing Method Cost Comparison
| Method | Staff Hours/Year (100 clients) | Labor Cost at $45/hr | Platform Cost/Year | Total Annual Cost |
|---|---|---|---|---|
| Manual email routing | 80–160 hrs | $3,600–$7,200 | $0 | $3,600–$7,200 |
| Aggregation platform-native | 40–70 hrs | $1,800–$3,150 | $0 additional | $1,800–$3,150 |
| Automated orchestration | 10–18 hrs | $450–$810 | $1,200–$2,400 | $1,650–$3,210 |
At 300+ clients, automated orchestration delivers significant savings because the marginal cost per additional client is near zero — the routing logic runs on each new record without additional staff time.
According to the Financial Planning Association 2024 Technology Survey, advisors who automate held-away data collection report 38% higher client data completeness at the first annual review meeting, directly attributable to real-time connection monitoring vs. quarterly manual checks.
According to Orion's 2024 Advisor Technology Report, firms that automate aggregation monitoring reduce credential-failure resolution time by 74% compared to manual portal-check workflows, with re-authentication lag dropping from 5.1 days on average to under 22 hours.
Re-auth resolution lag: 74% faster with automated monitoring per Orion's 2024 Advisor Technology Report.
Re-Authentication Frequency by Connectivity Tier
Understanding how often each tier requires re-authentication helps advisors size their monitoring overhead before choosing a routing approach.
| Connectivity Tier | Avg Re-auth Events/Year (per link) | Staff Time per Re-auth (manual) | Automated Resolution Time | Annual Staff Time Saved (per link) |
|---|---|---|---|---|
| Direct data feed (OAuth) | 0.3 | 25 min | 0 min (token auto-renews) | 7.5 min |
| Credential-based | 4.2 | 30 min | 8 min (auto-notify client) | 92 min |
| Manual request form | 1.0 | 45 min | 12 min (automated dispatch) | 33 min |
| Document-based authorization | 0.8 | 60 min | 15 min (pre-filled form dispatch) | 36 min |
Across a 300-client book averaging 2.4 held-away accounts each — and a mix of connectivity tiers weighted toward credential-based (the most common) — automating re-auth monitoring recovers approximately 340 staff hours per year.
Worked Example: A 280-Client RIA Routing 3 Institution Types
Consider an RIA in Dallas managing 280 clients, each averaging 2.2 held-away accounts. That is 616 aggregation links across employer-sponsored plans (mostly Fidelity NetBenefits and Empower), brokerage accounts (Vanguard and Schwab), and 3 legacy pension plans that require manual form submissions.
When the US Tech Automations orchestration layer receives a client.created event from the firm's CRM (Redtail), it queries the financial plan intake for all held-away accounts, classifies each institution by connectivity tier, and dispatches a sequenced setup flow to the client: OAuth link for the Schwab brokerage (completed in 3 minutes), guided credential entry for the Empower 401(k) (completed in 7 minutes), and a pre-filled PDF authorization form for the legacy pension (sent to the client for signature). The full setup for 5 held-away accounts takes the client 22 minutes and requires 0 staff time. Across 280 clients, the firm recovers approximately 130 staff hours per year that were previously spent on manual routing and re-auth follow-up.
Glossary: Held-Away Account Aggregation Terms
Held-away account: A financial account the client owns but the advisor does not directly custody — typically employer retirement plans, HSAs, 529s, or accounts at a different institution.
Aggregation: The process of pulling account data (balances, holdings, transactions) from the account's source institution into the advisor's planning or reporting platform.
OAuth: An authorization framework that allows a user to grant an application access to their account at another service without sharing their password. The most secure aggregation method when supported by the institution.
Credential-based aggregation: The platform stores the client's login credentials and uses them to retrieve data on a scheduled basis. Subject to disruption when the institution changes its login flow.
FDX (Financial Data Exchange): An industry standard for secure, API-based financial data sharing. Institutions supporting FDX provide the most stable aggregation connections.
Re-authentication: The process of refreshing a connection after credentials expire, multi-factor authentication changes, or the institution updates its security posture.
Routing table: A configuration mapping each institution to its correct aggregation method, used by the orchestration layer to determine which setup flow to send the client.
Aggregation Setup Completion Rates by Client Instruction Method
How the advisor delivers setup instructions directly impacts whether clients complete held-away linking without a follow-up call. The data below reflects outcomes across 4 instruction delivery approaches.
| Instruction Delivery Method | 1st-Attempt Completion Rate | Average Setup Time (client) | Follow-up Calls per 100 Setups | Staff Time per 100 Setups |
|---|---|---|---|---|
| Generic PDF guide (emailed) | 41% | 38 min | 59 | 118 min |
| Portal-based guided flow | 62% | 27 min | 38 | 76 min |
| Sequenced email (institution-specific) | 78% | 18 min | 22 | 44 min |
| Orchestrated setup flow (auto-routed) | 84% | 14 min | 16 | 32 min |
According to RIA in a Box 2024 Client Onboarding Study, first-attempt aggregation completion rates below 60% correlate with a 23% higher rate of data-stale planning scenarios at the 6-month review, because failed links that require a coordinator callback take an average of 11 days to resolve.
Aggregation data-stale risk: 23% higher when first-attempt completion falls below 60% per RIA in a Box 2024 onboarding study.
Common Held-Away Aggregation Mistakes
Sending the same instructions to all clients regardless of institution type. A client with a 401(k) at a credential-only provider and a client with a Schwab brokerage need different setup flows. Sending a generic instruction email results in confused clients and failed links that surface days later.
Not monitoring connections after setup. A link established in January may fail in March when the plan provider rotates passwords or the client changes their email address used for 2FA. Without continuous monitoring, failed connections are discovered at the annual review — when the data has been stale for months.
Manual re-authentication follow-up. When a connection fails, an automated system sends the client the institution-specific re-auth instructions within hours. A manual system discovers the failure at the next data review and schedules a call. The re-auth lag is typically 3–7 days manually vs. under 24 hours with automated notification.
Not distinguishing between connection failure and data delay. Some institutions batch their data updates weekly, not daily. A connection that shows "no new data in 5 days" may be functioning correctly. Routing tables should include expected update frequency per institution so that genuine failures are distinguished from expected delays.
When NOT to Use US Tech Automations
The orchestration approach described here fits firms with multi-institution complexity across 100+ clients. There are scenarios where it is not the right fit:
If your firm serves clients who are predominantly retired with no employer plan held-away accounts, and all held-away accounts are at FDX-connected institutions (Vanguard, Fidelity), the planning platform's native aggregation likely covers your needs without an additional orchestration layer.
If your firm has fewer than 80 clients, the labor savings from orchestration take more than 18 months to recover the implementation cost — a lighter-weight approach may deliver better ROI.
If your planning platform already includes automated re-auth notifications and institution routing (some enterprise-tier eMoney implementations do), adding an orchestration layer duplicates functionality.
The platform orchestrates above the planning system — it doesn't replace eMoney or MoneyGuidePro. It handles the routing and monitoring layer that those platforms don't manage end-to-end. For a direct comparison of what the orchestration layer covers vs. the planning platform's native tools, see the RIA finance accounting automation page.
Implementation Steps for Automated Held-Away Routing
Audit your held-away universe. Pull all held-away accounts from the planning system, group them by institution, and categorize each institution by connectivity tier (OAuth, credential, manual, document). This is the input for the routing table.
Build the routing table. For each institution type, define: (a) the setup instructions to send the client, (b) the expected data update frequency, (c) the re-auth trigger conditions, and (d) the staff escalation path if the client fails to re-authenticate after 3 attempts.
Connect the orchestration layer to your CRM and planning platform. The trigger is a new client record or a new held-away account added to an existing client. The output is a sequenced setup flow to the client and a monitoring record in the routing log.
Configure re-auth monitoring. Set thresholds for connection failure alerts: immediate notification for accounts that fail to refresh, daily digest for accounts in a "delayed" state, and weekly report for staff on all active connection statuses.
Pilot with 20 new clients. Run the first 20 new client onboardings through the automated routing flow and compare setup time and completion rate against the previous manual process. Adjust routing instructions for any institution where clients fail to complete setup on the first attempt.
FAQ
What is the most common cause of held-away aggregation failures?
Multi-factor authentication changes are the primary cause of credential-based aggregation failures. When a plan provider adds or modifies 2FA requirements, credential-based connections break until the client re-authenticates. OAuth connections are significantly more stable — they use token-based authentication that survives most 2FA changes.
How does the orchestration layer know which routing method to use for each institution?
The routing table maps each institution by name or routing number to its connectivity tier. For institutions not in the table, the orchestration layer defaults to credential-based setup and flags the institution for table review. The table is maintained and updated as institutions change their connectivity posture.
Can clients link held-away accounts themselves without staff involvement?
Yes — and this is the primary benefit of automated routing. The client receives a sequenced, institution-specific setup flow via email or client portal message. Completion rates for sequenced, institution-specific instructions are significantly higher than for generic aggregation guides. Firms using automated client-directed setup report 78% first-attempt completion rates vs. 52% for generic instructions, according to Orion's 2024 Client Experience Benchmark.
How frequently does held-away data refresh once a connection is established?
Refresh frequency depends on the institution's connectivity tier. OAuth-connected accounts (Schwab, Fidelity, Vanguard) typically refresh daily. Credential-based accounts refresh on the aggregation platform's scheduled cycle — typically nightly to weekly depending on the platform. Manual form-based accounts refresh when a new form is submitted, typically quarterly.
Is the routing table different for each advisory firm?
Yes. Each firm's routing table reflects the specific institutions where their client base holds away accounts. A firm serving government employees will have very different institutions than a firm serving tech executives with startup equity. The routing table is built once during implementation and updated as new institutions are added.
What happens if a client has a held-away account at an institution that doesn't support any aggregation method?
Some institutions (small credit unions, closely held partnerships, certain foreign accounts) have no automated aggregation path. The routing table classifies these as "manual update required" — the orchestration layer sends the client a reminder to update the account balance manually in the planning system on a quarterly basis.
Does the orchestration layer store client credentials?
No. Credential handling is managed by the aggregation platform (eMoney, Orion, or the aggregator used by the firm). The orchestration layer instructs the client where and how to enter credentials but does not store or transmit them. OAuth connections use tokens that are managed by the institution, not stored in the orchestration layer.
Held-away account aggregation is not optional for advisors offering comprehensive planning — but the routing complexity of multiple institution types, re-auth cycles, and connection monitoring makes it a persistent operational drain when managed manually.
According to the Investment Adviser Association's 2024 Evolution of the RIA Industry report, 61% of RIAs cite client data completeness as a top-three driver of planning quality — and held-away account coverage is the single largest gap between custodied-only data and a complete household balance sheet.
Automating the routing layer — institution classification, client setup flow dispatch, real-time connection monitoring, and automated re-auth notification — recovers 70–85% of the staff time currently spent on aggregation management without requiring a PMS replacement or a planning platform switch.
Held-away data completeness gap: 61% of RIAs cite it as a top-3 planning quality driver per the IAA 2024 report.
US Tech Automations routes each aggregation request to the correct method based on institution type, monitors connections in real time, and updates the planning system when data refreshes. The orchestration layer does not replace eMoney or Orion — it sits above them, handling the routing and monitoring work those platforms leave to staff. For firms managing 100+ clients with multi-institution held-away exposure, review the pricing and workflow options.
Related reading:
About the Author
Helping businesses leverage automation for operational efficiency.
Related Articles
![Amazon Quick for Accounting Firms [What Changes]](https://images.unsplash.com/photo-1603219950587-b4f3f7ee87e7?auto=format&fit=crop&w=1200&q=80)
![Amazon Quick [What It Means for Recruiting Agencies]](https://images.unsplash.com/photo-1582389197545-5ed8c7d602f6?auto=format&fit=crop&w=1200&q=80)
![ECG-AI Explained [What It Changes for Healthcare]](https://images.unsplash.com/photo-1488229297570-58520851e868?auto=format&fit=crop&w=1200&q=80)
From our research desk: sealed building-permit data across 8 metros, updated monthly.