How we protect your clients’ accounts | Capital Group


How we protect your clients’ accounts

We are committed to account security. Our robust security program and infrastructure includes a team of cybersecurity and risk management professionals to help monitor and protect your clients’ personal information 24/7.

We review each report of unauthorized access thoroughly, file appropriate notices with law enforcement agencies and, in the event of a financial loss, we assess the facts and circumstances for potential reimbursement to your clients' accounts. Additionally, we use a variety of controls to detect and prevent unauthorized access to our network and sensitive information. Our cybersecurity response program fulfills the requirements of federal and state laws and includes appropriate notifications to you and your clients when warranted.


As part of our security system, we:

  • Regularly refine and update security features. We review industry security standards and perform system testing to ensure we’re using the most up-to-date techniques and technologies.
  • Actively monitor threats. We communicate with financial industry security groups and government agencies to monitor the threat landscape.
  • Educate employees. Our associates receive ongoing security training, such as how to handle sensitive data.
  • Challenge unrecognized devices. We’ll send your clients a one-time passcode to verify their identity before they can access their account. We may send the passcode if they’ve deleted cookies or cleared the cache on their device, logged in from a different device (phone vs. iPad vs. desktop) or different IP address (home vs. public Wi-Fi).
  • Display last login information. Your client may view the date and time of the last login to their account to verify activity.


  • Mask confidential information. Your clients will see symbols in login fields and in place of their Social Security number.
  • Enforce website timeouts. Online sessions will automatically time out after 20 minutes of inactivity.
  • Use encryption to secure your data. We use industry-standard security protocols to create a secure online environment. Check to see if there is a “lock” icon next to the URL address bar and whether the URL starts with “https:” instead of “http:” which indicates that the browser window is secure.

For your clients: Best practices to protect their accounts

Share these best practices with clients to help them protect sensitive information

Fraud basics

Review types of online fraud and how to recognize them

Investments are not FDIC-insured, nor are they deposits of or guaranteed by a bank or any other entity, so they may lose value.

Investors should carefully consider investment objectives, risks, charges and expenses. This and other important information is contained in the fund prospectuses and summary prospectuses, which can be obtained from a financial professional and should be read carefully before investing.