Skip to main content

Protecting your assets is our top priority

Millions of Canadians trust us with their cash, investments, and personal financial information — and as a regulated financial institution, we have measures in place to help keep it safe.

An animation of a combination padlock.

Our approach to security

Certified by trusted third parties

We regularly undergo third-party assessments of our security practices. We are compliant with SOC 1 and SOC 2 — industry standards that involve rigorous audits of how we manage data, protect information, and control internal systems. These certifications show that we consistently meet high standards.

Fully regulated

We follow the same anti–money laundering requirements as a bank, reporting to FINTRAC under Canadian law (PCMLTFA). Our partners for buying and selling investments are regulated by CIRO, and our portfolio manager is registered in every Canadian province and territory. You can read more here.

Smart tech, expert team

We invest in technology to help prevent fraud and scams, and give clients the tools to take action themselves. Being nimble means we can move fast to tackle threats, fix issues, and support our clients. Our full-service trust team, led by senior execs, has deep expertise across fraud, security, privacy, and AML.

We work with you to help keep your money safe

Identity verification

When you open an account, we’ll do a quick ‘soft credit check’ to verify your info. If something doesn’t match, we’ll ask for a selfie and a government-issued ID. This helps us follow FINTRAC identity verification rules and industry best practices.

Two-step verification

To help verify that it’s really you logging into your account, we use two-step verification (also known as two-factor authentication), and turning it on adds a crucial extra layer of protection against cybercriminals. We support verification codes via an authenticator app, text message, or automated phone call. And if we notice unusual activity on your account, we’ll ask for extra verification before any money is withdrawn.

Data monitoring and encryption

Our data collection policies adhere to strict security controls and regulatory requirements. We use data loss prevention software to monitor sensitive information and encrypt all data sent from your device to web servers.

What you can do

Update your security settings

Enable two-factor authentication (2FA) with an authenticator app

It's a stronger form of 2FA than SMS. You can set it up via the gear icon on your profile screen within the app. Navigate to Login and Security settings, then Two-step verification, and tap Authenticator app.

Set up account alerts

These can help you catch suspicious activity immediately. You can manage your email and push notifications under Notifications from the gear icon on your profile screen in the app.

Use a strong, unique password

Choose a long, complex one that you don’t use anywhere else.

Never share your login details

Wealthsimple employees will never call and ask for your password, the 6-digit 2FA verification code you use to login, or credit card PIN. Note: In some cases we may send you a 4-digit alphanumeric SMS or email support code to confirm it's you. Hang up if a call or message feels off, and contact us through our chat while logged into the app.

Review your statements and accounts regularly

It’s a good practice that will help you spot anything unexpected.

A person holding a phone showing the Wealthsimple in-app experience.

If you suspect your account is compromised

If you suspect your account is compromised:

  1. Change your password immediately through the app or website.
  2. Contact us directly through our chat and you will be connected to our specialized team to help as quickly as possible.
  3. Review recent transactions in your account.
  4. Check your security settings to ensure nothing has changed.

How we protect your data

Transparent policies

How we manage your personal info is always publicly available in our Privacy Policy and Cookie Policy. We’ll notify you when collecting or sharing your data and give you control over how it’s used.

Controlled access to your info

We only authorize employees to have access to your data if it’s absolutely necessary, and their usage is strictly monitored. Plus, we don’t keep your data any longer than we need to.

Prioritized privacy

With our Privacy Management Program, all our employees are provided with in-depth privacy training and support. And on your end, you can manage your privacy settings, request access to your info, and make updates in-app.

Learn what to watch out for

FAQs

Why does Wealthsimple use a third party for bank account linking?

Canada hasn’t adopted open banking yet — a secure system that lets third-party providers, like Wealthsimple, access a client’s bank account information with their consent. In the meantime, we work with trusted third-party providers, Plaid and Flinks so you can securely connect your external bank accounts to Wealthsimple to freely transfer money. They also help us verify your personal information and make sure it matches what your financial institution has on file to help protect you against identity theft or fraud.

Is my money insured at Wealthsimple?

Your money is insured through different protection programs depending on the amount and type of accounts or products you use. These include CDIC, CIPF, and secure crypto storage.

You can learn more about the different types of coverage here.

I’ve noticed lots of acronyms on this page — like AML, FINTRAC, PCMLTFA, and CIRO — what do they mean?

We hear you — there are lots of them to keep up with. Here’s a breakdown of what they all mean:

  • AML (Anti-Money Laundering) — how we help stop criminal activity by making sure money moving through Wealthsimple is from legitimate sources.

  • FINTRAC (Financial Transactions and Reports Analysis Centre of Canada) — the agency that monitors Canada’s money to stop illegal activity like money laundering and terrorism financing.

  • PCMLTFA (Proceeds of Crime (Money Laundering) and Terrorist Financing Act) — Canada’s main law that requires businesses to monitor and report suspicious financial activities to fight crime and terrorism.

  • CIRO (Canadian Investment Regulatory Organization) — the Canadian agency that oversees investment dealers and representatives to make sure they follow their rules and treat clients fairly.

Is it safe to access my Wealthsimple account through a third-party money management or budgeting app?

It’s really hard to say for sure — there are a ton of third-party financial aggregators out there, and we can’t vouch for all of them. You should always read the terms and conditions before signing up for any of these kinds of apps, especially any information on how they use your data.

Why does Wealthsimple ask for so much info — like my bank account details, why I’m sending an e-transfer, or to reverify who I am again?

We do ask a lot of questions, but it’s all to keep your money secure. Since we’re a regulated financial institution, we’re required to flag transactions that seem suspicious or fraudulent. So, to help keep you safe, we need to know where your money is going. And we’ll sometimes ask to verify your account — even a second time — as extra protection.

I think I’ve been defrauded. What should I do?

If you’re worried your Wealthsimple account has been accessed without your permission, you should take steps to secure your account right away to prevent any more unauthorized activity. Here’s an article with next steps if your email or identity has been compromised. And remember, you can instantly lock your card from the app or web at any time.

I have questions about how my data is managed — who can I talk to?

If you’d like to ask a question, make a request, or file a complaint about how we process your personal information, you can get in touch with our privacy team at privacy@wealthsimple.com.