Robo-Adviser Compliance Checklist

Overview: Navigating Robo-Adviser Compliance

Robo-advisers represent one of the most dynamic sectors in fintech, offering automated, algorithm-driven financial planning services with minimal human intervention. While the technology is cutting-edge, the regulatory framework is decidedly traditional: robo-advisers are investment advisers subject to the full scope of SEC and state regulation.

This comprehensive checklist walks through every major compliance requirement for robo-advisers, from initial RIA registration through ongoing operational compliance. Whether you're launching a new platform or auditing an existing one, this guide provides a systematic framework for building a defensible compliance program.

⚠ Critical Understanding

The SEC does not recognize a separate regulatory category for "robo-advisers." You are subject to the same Investment Advisers Act requirements as traditional RIAs, with heightened scrutiny on algorithm governance, performance claims, and disclosure adequacy.

RIA Registration Requirements for Robo-Advisers

Before launching your robo-adviser, you must determine whether SEC or state registration is required, and complete the registration process properly.

Pre-Registration Assessment

First, confirm that you meet the definition of an investment adviser under Section 202(a)(11) of the Investment Advisers Act. Robo-advisers typically satisfy all three prongs:

Advice about securities: Your algorithm recommends portfolios of stocks, ETFs, or other securities
In the business of: You hold yourself out as providing investment advisory services
For compensation: You charge fees (subscription, AUM-based, or performance fees)

💡 The "Pure Software" Myth

Many founders believe that offering "just software" avoids investment adviser registration. The SEC has consistently rejected this distinction. If your software provides personalized investment recommendations, you are providing investment advice.

SEC vs. State Registration

Your registration jurisdiction depends primarily on assets under management (AUM):

AUM Level	Registration Required	Notes
Under $25 million	State registration only	Register in states where you have clients
$25M - $100M	State (with exceptions)	May register with SEC if state doesn't require registration
$100M - $110M	May choose SEC or state	Buffer zone - either is permissible
Over $110 million	SEC registration required	Must register with SEC via Form ADV

Registration Checklist

📋 RIA Registration Steps

Determine registration jurisdiction (SEC vs. state) based on AUM

Create IARD account and obtain CRD number

Complete Form ADV Part 1A with full business details

Draft Form ADV Part 2A (brochure) with plain English disclosures

Prepare Form ADV Part 2B for supervised persons

File Form ADV through IARD system

Pay filing fees (SEC: $150; state fees vary)

File notice filings in states where conducting business

Obtain surety bond if required by state law

Form ADV Robo-Specific Disclosures

Form ADV is your primary disclosure document. For robo-advisers, certain sections require special attention and robo-specific language.

Item 5: Fee Schedule and Compensation

Robo-advisers must clearly disclose their fee structure. Common models include:

AUM-based fees: Typically 0.25% - 0.75% of assets under management annually
Subscription fees: Monthly or annual flat fees (e.g., $5-$50/month)
Tiered pricing: Different fee levels based on account size or services
Freemium models: Free basic service with paid premium features

⚠ Hidden Fees

You must disclose ALL fees clients will pay, including ETF expense ratios, trading costs, and any revenue sharing arrangements. Clients should understand the total cost of investing through your platform.

Item 8: Methods of Analysis and Investment Strategies

This is critical for robo-advisers. You must describe:

The investment methodology your algorithm uses (e.g., Modern Portfolio Theory, factor-based investing)
Asset classes included in recommended portfolios
How portfolios are constructed and rebalanced
Any tax optimization strategies (e.g., tax-loss harvesting)
Risks associated with your investment approach

📋 Algorithm Disclosure Checklist

Describe investment methodology in plain English (avoid overly technical jargon)

Identify asset classes and securities types used (stocks, bonds, ETFs, etc.)

Explain how client risk tolerance is assessed

Describe portfolio construction process (strategic asset allocation)

Explain rebalancing methodology and frequency

Disclose tax-loss harvesting features and limitations

Describe risk management approach

Explain limitations of automated advice

Disclose circumstances where human review occurs (if any)

Item 10: Financial Industry Activities and Affiliations

Disclose any conflicts of interest, including:

Proprietary ETFs or mutual funds in recommended portfolios
Affiliated broker-dealers used for execution
Custodian relationships and any economic benefits received
Third-party referral arrangements

Form CRS (Customer Relationship Summary)

Since June 2020, RIAs must provide Form CRS to retail clients. This four-page summary must explain:

Services offered and account minimums
Fee structure in plain language
Standard of conduct (fiduciary duty)
Conflicts of interest
Disciplinary history

Algorithm Disclosure Requirements

The SEC has issued specific guidance on algorithm-based investment advice. Proper disclosure and governance are essential.

What Clients Must Understand

Your disclosures must enable clients to understand:

How the algorithm works: Investment approach in understandable terms
Limitations: What the algorithm cannot do or account for
Human oversight: Level of human review and intervention
Data inputs: What information the algorithm uses to generate recommendations
Changes: How and when the algorithm may be updated
Performance expectations: Realistic expectations, not guarantees

💡 SEC Guidance: IM Guidance Update 2017-02

The SEC's 2017 guidance on robo-advisers emphasizes that automated advice must be suitable for each client. Your questionnaire must gather sufficient information to make appropriate recommendations, and your algorithm must use that information properly.

Questionnaire Design Requirements

Your client questionnaire must elicit information about:

Investment objectives (growth, income, preservation)
Time horizon
Risk tolerance and risk capacity
Financial situation (income, assets, liabilities)
Liquidity needs
Investment experience
Tax situation (if relevant to recommendations)

📋 Algorithm Governance Checklist

Document algorithm design methodology and assumptions

Conduct backtesting and maintain backtesting records

Implement algorithm testing before deployment

Establish change management process for algorithm updates

Monitor algorithm performance and output

Create error handling and exception procedures

Document human oversight and review procedures

Maintain version control and audit trail for algorithm changes

Conduct periodic third-party validation (if applicable)

Custody Rule Compliance

The Custody Rule (Rule 206(4)-2) is one of the most complex areas of robo-adviser compliance. Most robo-advisers use third-party qualified custodians, but you must still comply with specific requirements.

Custody Rule Basics

You have "custody" if you:

Hold client funds or securities
Have authority to withdraw funds or securities from client accounts
Act as trustee or in any capacity that gives you legal ownership

Most robo-advisers have custody due to fee deduction authority or discretionary trading authority over accounts held at custodians.

Qualified Custodian Requirement

Client assets must be maintained with a qualified custodian:

FDIC-insured bank or savings association
Registered broker-dealer
Registered futures commission merchant
Foreign financial institution meeting certain requirements

Surprise Examination Exception

If you have custody solely due to fee deduction authority, and you meet all of the following conditions, you are exempt from the surprise examination requirement:

Client assets are held by a qualified custodian
You have written authorization from the client to deduct fees
You send the client an invoice or fee calculation each time a fee is deducted
The qualified custodian sends account statements directly to clients at least quarterly

✓ Best Practice

Structure your platform to use a qualified third-party custodian (like Apex, DriveWealth, or Folio) that sends account statements directly to clients. This avoids the surprise examination requirement and significantly reduces compliance costs.

📋 Custody Rule Compliance Checklist

Use qualified custodian for all client assets

Obtain written client authorization for fee deduction

Send itemized invoice or fee calculation to clients with each fee deduction

Ensure custodian sends account statements directly to clients at least quarterly

Verify custodian includes adviser name in account statements

Maintain records of fee calculations and client authorizations

If surprise examination required, engage PCAOB-registered accounting firm

File surprise examination certificate (Form ADV-E) within 120 days of fiscal year end

Marketing Rule & Performance Advertising

The SEC's Marketing Rule (Rule 206(4)-1), which took effect in November 2022, governs all advertising and performance claims by RIAs. For robo-advisers, performance advertising is particularly scrutinized.

What Constitutes "Advertising"

The Marketing Rule broadly defines "advertisement" to include:

Website content
Social media posts
Mobile app screenshots and descriptions
Email campaigns
Blog posts about investing
Performance dashboards shown to prospects
Testimonials and endorsements

General Prohibitions

Your marketing cannot include:

Untrue statements of material fact
Material omissions that make statements misleading
Unsubstantiated claims of specific investment outcomes
References to specific profitable recommendations without disclosing all recommendations
Performance results of a subset of clients without fair basis
Portability of prior performance without meeting strict requirements

Performance Advertising Requirements

If you show performance results, you must:

Include all accounts: Show performance for all client accounts in the same strategy
Net of fees: Display performance net of advisory fees, unless clearly labeled as gross
Consistent methodology: Use consistent calculation methodology
Reasonable period: Show performance for at least one year (or since inception if less)
Include disclosures: Material facts about calculation methodology and risks

⚠ Common Violation: Cherry-Picked Performance

Showing only the best-performing portfolios or time periods is prohibited. The SEC has brought enforcement actions against robo-advisers for selectively displaying favorable results.

Backtested and Hypothetical Performance

Many robo-advisers use backtested performance in marketing. This is permissible only if you:

Provide sufficient information for an investor to understand the limitations and key assumptions
Clearly and prominently label the performance as backtested or hypothetical
Adopt and implement policies and procedures reasonably designed to ensure the backtested performance is relevant
Maintain records substantiating the methodology and assumptions

📋 Marketing Compliance Checklist

Establish written marketing and advertising policy

Implement pre-approval process for all advertising

Review website, app, and social media content for compliance

If showing performance, ensure it includes all relevant accounts

Display performance net of fees (or clearly label as gross)

Label backtested/hypothetical performance clearly and prominently

Include required disclosures for backtested performance

If using testimonials, comply with testimonial disclosure requirements

Maintain records of all advertisements for five years

Document performance calculation methodology

Cybersecurity & Data Protection

Robo-advisers handle sensitive client data and financial accounts, making cybersecurity a critical compliance obligation under both SEC rules and state privacy laws.

SEC Cybersecurity Guidance

The SEC's 2015 cybersecurity guidance and 2024 final rules require:

Written cybersecurity policies and procedures
Risk assessments identifying cybersecurity threats
Access controls limiting employee access to client data
Data encryption for data in transit and at rest
Incident response plan for addressing breaches
Vendor management for third-party service providers
Employee training on cybersecurity threats

Regulation S-P Privacy Rule

SEC Regulation S-P requires investment advisers to:

Provide initial and annual privacy notices to clients
Implement safeguards to protect customer records and information
Dispose of consumer report information properly
Provide opt-out rights before sharing nonpublic personal information with nonaffiliated third parties

State Privacy Laws

If you have clients in certain states, you may be subject to additional privacy requirements:

California (CCPA/CPRA): Consumer rights to access, delete, and opt out of sale of personal information
Virginia, Colorado, Connecticut, Utah: Similar comprehensive privacy laws
State breach notification laws: Requirements to notify clients of data breaches

📋 Cybersecurity Compliance Checklist

Adopt written cybersecurity policies and procedures

Conduct annual cybersecurity risk assessment

Implement multi-factor authentication for client accounts

Encrypt client data in transit (TLS) and at rest (AES-256 or equivalent)

Establish role-based access controls limiting employee data access

Maintain audit logs of access to client data

Adopt incident response plan for data breaches

Conduct vendor due diligence for third-party service providers

Provide annual cybersecurity training to employees

Deliver Regulation S-P privacy notices to clients

Comply with state privacy laws (CCPA, etc.) where applicable

Establish secure disposal procedures for customer information

Consider cyber insurance coverage

Best Execution for Automated Platforms

As an RIA, you owe clients a duty of best execution derived from your fiduciary obligations. For robo-advisers, this applies to both security selection and trade execution.

Security Selection

Your choice of ETFs, mutual funds, or other securities for client portfolios must be in clients' best interests:

Expense ratios: Consider lower-cost alternatives
Liquidity: Ensure securities can be traded efficiently
Tracking error: For index ETFs, evaluate how closely they track their benchmark
Conflicts: If using proprietary funds, heightened duty to demonstrate suitability

Broker Selection and Monitoring

If you select the broker-dealer for execution, you must:

Conduct due diligence before selecting a broker
Evaluate execution quality, cost, and reliability
Monitor execution quality on an ongoing basis (at least annually)
Document your evaluation process and conclusions

Trade Execution Practices

For robo-advisers executing trades for clients:

Batch trading: Ensure fair allocation of execution prices across client accounts
Market impact: Consider how large trades may move markets
Timing: Execute trades at consistent times to avoid preferential treatment
Rebalancing: Document rebalancing frequency and triggers

💡 Best Execution Documentation

Maintain a Best Execution Policy that describes your process for selecting securities and brokers. Conduct annual reviews comparing execution quality and costs across available options. Document your conclusions.

Suitability vs Fiduciary Standards

As an RIA, you are held to a fiduciary standard, which is higher than the suitability standard applicable to broker-dealers. Understanding this distinction is essential for robo-adviser compliance.

Fiduciary Duty Components

Your fiduciary duty has two main components:

Duty of Care: Provide advice in the client's best interests based on the client's financial situation and objectives
Duty of Loyalty: Place client interests ahead of your own; fully disclose and mitigate conflicts of interest

Suitability for Robo-Advisers

Even with automated advice, you must ensure recommendations are suitable for each client:

Gather sufficient information through your questionnaire
Use that information to generate appropriate portfolio recommendations
Disclose material limitations of automated advice
Provide a mechanism for clients to update their information
Periodically prompt clients to review and update their profiles

⚠ "One Size Fits All" Risk

Robo-advisers with limited portfolio options must be especially careful. If you only offer five model portfolios, you must be able to demonstrate that each client is placed in the appropriate one based on their individual circumstances.

Conflicts of Interest Management

Common conflicts for robo-advisers include:

Proprietary products: Using affiliated ETFs or funds
Custodian incentives: Revenue sharing or other economic benefits from custodians
Third-party payments: Referral fees or other compensation
Cross-trading: Trading between client accounts

For each conflict, you must:

Identify and document the conflict
Disclose it to clients in Form ADV Part 2A
Implement controls to mitigate or eliminate it
Monitor compliance with those controls

Compliance Manual Requirements

Rule 206(4)-7 requires every RIA to adopt and implement written policies and procedures reasonably designed to prevent violations of the Advisers Act. Your compliance manual is the foundation of your compliance program.

Required Policies

At a minimum, your compliance manual must address:

Portfolio management processes
Trading practices (allocation, best execution)
Proprietary trading and personal trading by employees
Accuracy of disclosures (Form ADV)
Safeguarding client assets (custody)
Marketing and advertising
Valuation of client holdings
Recordkeeping
Business continuity planning

Robo-Specific Policies

For robo-advisers, additional policies should cover:

Algorithm governance: Testing, monitoring, and change management
Questionnaire design: Ensuring adequate information is gathered
Cybersecurity: Data protection and incident response
Vendor management: Third-party service provider oversight
Error correction: Handling algorithm errors or malfunctions
Client communications: Automated emails and notifications

Chief Compliance Officer

You must designate a Chief Compliance Officer (CCO) responsible for:

Administering the compliance program
Conducting annual compliance reviews
Reporting to senior management and board
Staying current on regulatory developments

For small robo-advisers, the founder/CEO often serves as CCO. Larger firms may hire a dedicated compliance professional or outsource to a compliance consultant.

📋 Compliance Manual Checklist

Adopt written compliance policies and procedures

Designate Chief Compliance Officer

Include policies for portfolio management and trading

Establish Code of Ethics with personal trading rules

Create marketing and advertising policy

Adopt custody and safeguarding policy

Implement recordkeeping procedures

Establish business continuity and disaster recovery plan

Create algorithm governance policy

Develop cybersecurity and data protection policy

Adopt vendor management procedures

Train all employees on compliance policies

Obtain acknowledgment from employees that they received and understand policies

Annual Compliance Review Checklist

Rule 206(4)-7 requires you to conduct an annual review of your compliance program to assess its adequacy and effectiveness. The CCO must prepare a written report.

Annual Review Scope

Your annual review should examine:

Effectiveness of existing policies and procedures
Changes in business activities requiring policy updates
Regulatory developments and new requirements
Compliance incidents and how they were addressed
Results of compliance testing and monitoring
Adequacy of compliance resources

📋 Annual Compliance Review Checklist

Review Form ADV for accuracy and completeness

Test algorithm for accuracy and appropriate outputs

Review sample client questionnaires and recommendations

Analyze execution quality and broker performance

Review fee calculations for accuracy

Test custody controls (fee deduction authorization, statements, etc.)

Review marketing materials for compliance with Marketing Rule

Audit employee personal trading reports

Review Code of Ethics compliance (holdings reports, pre-clearance)

Test cybersecurity controls and access logs

Evaluate vendor management and third-party oversight

Review business continuity plan and test disaster recovery

Assess recordkeeping compliance (retention, accessibility)

Review conflicts of interest and mitigation measures

Document compliance incidents and remedial actions taken

Update policies and procedures based on findings

Prepare written annual review report for senior management

Obtain board or management approval of annual review

SEC Examination Focus Areas

Understanding what the SEC looks for during examinations helps you prepare proactively. The Division of Examinations publishes annual examination priorities highlighting areas of focus.

Robo-Adviser Specific Examination Areas

When examining robo-advisers, the SEC focuses on:

Focus Area	What Examiners Review	Common Issues Found
Algorithm Disclosure	Form ADV, client disclosures, algorithm documentation	Inadequate disclosure of how algorithm works, limitations not explained
Suitability	Questionnaires, recommendation logic, client profiles	Insufficient client information gathered, inappropriate recommendations
Performance Claims	Website, app, marketing materials, backtests	Misleading performance, cherry-picked results, inadequate disclosures
Conflicts of Interest	Form ADV, affiliated products, custodian relationships	Undisclosed conflicts, inadequate mitigation measures
Custody	Custodian agreements, client statements, fee deduction	Improper fee deduction, missing client authorizations
Cybersecurity	Written policies, risk assessment, incident response	Outdated policies, no risk assessment, weak access controls
Marketing Rule	All advertising, testimonials, performance presentations	Prohibited claims, missing disclosures, inadequate substantiation
Form ADV Accuracy	Part 1A and 2A for accuracy and completeness	Stale information, missing disclosures, inaccurate descriptions

SEC Priorities for 2025

Recent SEC examination priorities relevant to robo-advisers include:

AI and Predictive Analytics: Use of artificial intelligence in investment advice
Digital Engagement Practices: Gamification and behavioral prompts
ESG Claims: Environmental, social, governance investment strategies
Crypto Asset Advisory Services: Compliance when offering crypto exposures
Standards of Conduct: Fiduciary duty and conflicts management

💡 Exam Preparation

Review the SEC's annual examination priorities when published (typically in February). Conduct a self-assessment of your compliance program against stated priorities and address any gaps before examination.

Common Violations and Enforcement Actions

Learning from others' mistakes is valuable. Here are notable robo-adviser enforcement actions and the lessons they teach.

⚠ Notable Robo-Adviser Enforcement Actions

Misleading Performance Claims (2020)

Violation: Robo-adviser advertised hypothetical performance based on unrealistic assumptions without adequate disclosures.
Penalty: $1.25 million fine.
Lesson: Backtested performance must include prominent disclosures and reasonable assumptions.

Custody Rule Failures (2018)

Violation: Failed to obtain written authorization from clients before deducting advisory fees; did not deliver itemized invoices.
Penalty: $850,000 fine.
Lesson: Custody Rule compliance requires strict adherence to all conditions.

Form ADV Inaccuracies (2019)

Violation: Form ADV Part 2A failed to adequately describe algorithm methodology and conflicts of interest from affiliated ETFs.
Penalty: $500,000 fine.
Lesson: Form ADV must provide clear, complete disclosure of how your service works and material conflicts.

Best Execution Failure (2021)

Violation: Selected affiliated broker-dealer for execution without adequate analysis; failed to seek best execution.
Penalty: $2 million fine plus disgorgement.
Lesson: Broker selection must be based on best execution analysis, not convenience or affiliate relationships.

Marketing Rule Violations (2023)

Violation: Used client testimonials without required disclosures; showed performance of only top-performing accounts.
Penalty: $750,000 fine.
Lesson: Marketing Rule requires strict compliance with testimonial and performance advertising requirements.

⚠ Enforcement Trends

The SEC has increased enforcement activity against robo-advisers. Common themes include misleading marketing, inadequate disclosure, and compliance program deficiencies. Penalties often exceed $1 million. Proactive compliance is far less expensive than enforcement defense.

Cost Estimates for Compliance Program

Building a compliant robo-adviser requires investment in legal, technology, and personnel resources. Here are realistic cost estimates for different stages.

Initial Launch Costs

Startup Compliance Budget (Pre-Launch)

Entity formation and initial legal review

$10,000 - $25,000

RIA registration filing and legal assistance

$15,000 - $40,000

Compliance manual development

$10,000 - $30,000

Form ADV preparation

$5,000 - $15,000

Client agreements and disclosures

$5,000 - $15,000

Custodian integration and agreements

$5,000 - $20,000

Cybersecurity assessment and implementation

$10,000 - $30,000

Initial compliance technology (tools, software)

$5,000 - $15,000

TOTAL INITIAL INVESTMENT

$65,000 - $190,000

Ongoing Annual Costs

Annual Compliance Operating Budget

Chief Compliance Officer (salary or consultant)

$50,000 - $150,000

Outside legal counsel (retainer and ad hoc)

$15,000 - $50,000

Form ADV annual amendment

$2,000 - $5,000

Annual compliance review

$10,000 - $25,000

Compliance software and tools

$5,000 - $20,000

Cybersecurity monitoring and updates

$10,000 - $30,000

Training and education

$3,000 - $10,000

Errors & omissions insurance

$5,000 - $25,000

Cyber insurance

$5,000 - $15,000

State registration fees and renewals

$2,000 - $10,000

TOTAL ANNUAL BUDGET

$107,000 - $340,000

Budget Optimization Strategies

Use compliance technology: Automated compliance tools can reduce manual work
Outsource selectively: Fractional CCO or compliance consultant may be more cost-effective than full-time hire initially
Leverage custodian services: Some custodians provide compliance support as part of their platform
Join industry groups: Organizations like SIFMA or FPA provide compliance resources and education
Start state, migrate to SEC: If launching small, state registration may have lower initial costs

✓ Investment Perspective

While compliance costs are significant, they are substantially less than enforcement penalties, litigation costs, or reputational damage from compliance failures. View compliance as risk management investment, not just overhead.

Master Implementation Checklist

This comprehensive checklist consolidates all major compliance requirements for launching and operating a robo-adviser.

📋 Complete Robo-Adviser Compliance Checklist (50+ Items)

Registration & Formation

Form business entity (LLC, corporation)

Obtain EIN and open business bank account

Determine SEC vs. state registration requirement

Complete Form ADV Part 1A and 2A

File RIA registration through IARD

File notice filings in applicable states

Compliance Infrastructure

Designate Chief Compliance Officer

Develop comprehensive compliance manual

Adopt Code of Ethics

Create marketing and advertising policy

Establish recordkeeping procedures

Implement business continuity plan

Algorithm & Technology

Document algorithm design and methodology

Conduct backtesting and maintain records

Test algorithm for accuracy and appropriate outputs

Create algorithm governance and change management policy

Implement monitoring for algorithm errors

Design client questionnaire to gather sufficient information

Test questionnaire logic and recommendation engine

Client Documentation

Draft client advisory agreement

Prepare Form CRS (Customer Relationship Summary)

Create Regulation S-P privacy notice

Develop risk disclosure documents

Draft fee deduction authorization form

Custody & Execution

Select and contract with qualified custodian

Ensure custodian sends statements directly to clients

Implement fee deduction procedures compliant with Custody Rule

Conduct broker-dealer due diligence for execution

Adopt best execution policy

Establish trade allocation procedures

Cybersecurity

Adopt written cybersecurity policy

Conduct cybersecurity risk assessment

Implement data encryption (in transit and at rest)

Deploy multi-factor authentication

Establish incident response plan

Conduct vendor security due diligence

Obtain cyber liability insurance

Marketing & Advertising

Review website and app content for compliance

If showing performance, ensure all required disclosures

Label backtested/hypothetical performance clearly

Implement pre-approval process for marketing materials

Maintain records of all advertisements

Operations & Ongoing Compliance

Implement employee personal trading monitoring

Establish quarterly compliance testing procedures

Conduct annual compliance review

Provide annual compliance training to employees

Update Form ADV annually (within 90 days of fiscal year end)

Deliver Form ADV Part 2A to clients annually

Maintain books and records per Rule 204-2

Monitor regulatory developments and update policies

Insurance & Risk Management

Obtain errors & omissions (E&O) insurance

Obtain cyber liability insurance

Consider directors & officers (D&O) insurance

Obtain fidelity bond if required by state

Disclaimer: This checklist provides general information about robo-adviser compliance requirements under federal securities laws. It does not constitute legal advice and is not a substitute for consultation with qualified securities counsel. State law requirements may impose additional obligations. The specific requirements for your robo-adviser will depend on your business model, jurisdiction, and other factors. Always consult with an experienced securities attorney before launching or operating a robo-adviser.