Case Study: De-Novo Insurance Agency

Launching a Fully Automated Insurance Carrier (Annuities)

Role: Embedded CTO / Head of Engineering

North Star: Issue in minutes. Operate hands‑free.

Executive Summary

DevAltus served as the embedded CTO and Head of Engineering to stand up a fully automated insurance carrier from scratch. We delivered the cloud platform, product experiences, and operating backbone in parallel. The system reduced issuance time from 4 to 7 days to under 5 minutes, utilizing a 100% automated engine and integrating over 15 external services.

We modernized communication (SendGrid, DocuSign), launched a call center, and institutionalized operations with SOPs. We stood up Slack, Jira, Confluence, Lucid, M365 E5, and HelpDesk/ITSM, hired a vCISO, authored SDLC/compliance policies, implemented CMDBs, and formalized risk controls.

We hired 15+ engineers and leads, implemented automated testing, and built CI/CD pipelines with deployment gates. Finally, we enabled intraday premium collection and agent commissions through RTP integrations into legacy finance systems.

Impact Snapshot

  • <5-minute case to policy issuance ( vs. 4 to 7 business days by competitors)

  • 15+ integrations (KYC, identity, financial checks, docs, payments)

  • Modern comms: email templating, e-signature, audit logging

  • Call center launched: IVR, CRM, knowledge base

  • Org tooling: Slack, Jira, Confluence, Lucid, M365 E5, ITSM

  • Governance: vCISO, policies, CMDBs, risk register

  • SOPs & runbooks across all functions

  • RTP integration: intraday premiums, same-day commissions

  • Full CI/CD + automated testing

  • 15 hires across key senior roles

  • AI used for fraud detection, document handling, and exception routing

Hard Problems DevAltus Solved

  1. Case to Policy Lifecycle Architecture

    When DevAltus joined the effort, there was no defined lifecycle or operational platform in place. Even fundamental decisions, such as which eApp system and policy administration platform to use, were still under evaluation. We participated in vendor selection and then took ownership of designing the end-to-end data flow, covering all stages from initial case entry through validation, funding, issuance, and servicing. We built the backend orchestration, ensured multi-system coordination, and established the notifications and exception handling needed to reliably transition a case into an issued policy. The full lifecycle logic, including both core and exception flows, was created from scratch and integrated with more than 15 external systems to support real-time updates to both agents and clients.

    DevAltus also implemented essential non-functional administrative components, including agent onboarding workflows, SSO integration with IMOs and vendors, IMO data feed design and processing, back-office system integrations, and event-driven notifications across internal and external teams.

    The administration platform was built entirely on AWS using a serverless architecture centered around AWS Lambda. We implemented automated CI/CD pipelines to support build, regression testing, and environment-specific deployments. For quality assurance, we supported fully functional eApp regression testing using Playwright, API testing using custom-built tools with validated data, and test result integration with Zephyr and Jira to ensure traceability and test coverage.

    All ingress and egress traffic to and from the system was routed through DevAltus-managed endpoints, enabling pre- and post-policy ingestion processing, flow control, and real-time metrics collection. We also built a fully event-driven architecture on top of Kafka, supporting complete event replay to facilitate system recovery, traceability, and deep debugging.

  2. UX/UI in a Dense, Regulated Domain

    DevAltus owned and directed the customer-facing product, even though it was developed by a third-party vendor. We controlled the budget and delivery, along with the data flow architecture, external testing strategy, rules and regulation validation, and state-specific form and regulatory configuration. This ensured that the user experience was not only intuitive but also compliant, consistent across jurisdictions, and aligned with both operational workflows and legal requirements.

    We also introduced real-time validation for agents and clients during policy submission. This included agent credential checks such as license status, state-specific training requirements, and appointment verification, as well as client data validation, including bank account verification, beneficiary information screening, and personal lookup checks. These validations were performed during the form-filling process and effectively eliminated Not In Good Order (NIGO) policies, reducing downstream friction and accelerating policy issuance.

  3. Difficult Vendors & Delivery Risk

    DevAltus not only unblocked critical paths by negotiating contracts but also owned and directed product development, defining scrum teams, testing procedures, acceptance criteria, and delivery dates. We coordinated multiple vendors to stage inter-vendor releases, managed budgets and delivery datasets against critical criteria, built automated tests to ensure new product quality, and maintained executive communication to align priorities, report status, and confirm milestone timing.

    We also onboarded vendors onto our centralized defect tracking system (Jira) to manage delivery expectations, sprint planning, and integration timelines. After the systems went live, we continued to own their operational prioritization, triaging between new bugs and constantly balancing new feature delivery against production fixes to keep teams aligned and releases on track.

  4. Modern Communications Architecture

    DevAltus implemented a comprehensive communications framework that went far beyond basic email delivery. We designed and enforced known delivery and acceptance policies based on email open and bounce behavior, ensuring downstream workflows only proceeded on verifiable delivery events. We integrated SendGrid with both the policy administration system and the eApp platform, enabling automated transactional messages tied to policy issuance, application updates, and regulatory timelines (e.g, free look period start).

    Additionally, we built a scalable notification microservice framework to support external communications with IMOs, agents, and clients. Each IMO was provisioned with a dedicated microservice capable of supporting multiple communication models, including direct agent messaging, for real-time updates around rate changes, policy modifications, and other critical lifecycle events. We also applied these communication and verification methodologies to support identity validation during call center operations, ensuring secure, auditable interactions with clients and agents.

  5. Call Center Buildout and Operational Integration

    DevAltus integrated a brand-new call center from the ground up, implementing TalkDesk and connecting it directly to the Policy Administration System to reduce operational sprawl and consolidate what would traditionally be five to six separate systems into just two. We defined call ingestion workflows, established core operational metrics, and contributed to the development of SOPs for frontline personnel.

    To support identity security, we implemented OTP-based identity verification and integrated external interaction notes directly into the admin system. We extracted work and waiting queues from the policy system and mirrored them into TalkDesk to streamline operator workflow.

    We also integrated external observability tools, including DataDog, into TalkDesk, Policy Admin, and Agent Ingestion systems to create a unified dashboard for operations personnel. This provided each customer-service user with real-time monitoring, alerting, and personalized insights into system status and response needs.

    To further strengthen support processes, we developed a dedicated operations-facing incident portal that allowed personnel to alert IT of outages or issues, with automatic detection and escalation of severity levels (SEV1, SEV2, SEV3, etc.) for rapid triage and response.

  6. Org and Tooling Foundation

    DevAltus designed and built the company’s entire IT and collaboration infrastructure from the ground up. We provided the technical vision and implemented both the tools and governance required to support a remote, security-focused, and rapidly scaling organization.

    We began with collaboration platforms, including Slack, Microsoft 365 (Outlook and Teams), Jira, Confluence, and Lucid, to unify communication, delivery workflows, and documentation. From there, we expanded into hardware management and access control, deploying Jamf and Intune to enable secure provisioning, remote wipe, and zero-trust access enforcement across all corporate devices.

    We also integrated with key enterprise systems, including Oracle ERP (for vendor and finance workflows), Jira Service Management (JSM) (for CMDB and service desk operations), and LIMRA (for training and compliance tracking).

    All systems were configured with SSO and SCIM support, anchored by Entra ID (Azure AD) and governed by stringent RBAC policies. DevAltus implemented automated identity provisioning workflows, including hardware and software assignment, license tracking, and full lifecycle access management across the organization.

  7. Testing and Reliability

    DevAltus implemented a comprehensive automated testing and deployment framework to increase system stability, speed, and quality across the platform.

    We established gateway layers around all inbound and outbound services, allowing us to mock external dependencies and support event replay for debugging, diagnostic and recovery purposes. We developed multiple full regression suites for validating API-level interactions and used Playwright to test end-to-end customer-facing workflows across browsers and devices. We also coordinated with external UX/UI testers to conduct black-box testing and evaluate the application from a real-user perspective.

    The policy administration system was stress-tested to handle up to 50 concurrent messages per second, ensuring it could scale under load, and we loaded 10,000 policies in less than an hour to ensure growth does not imopact performacnce. We integrated automated test failure reporting into the development environment, enabling developers to receive immediate feedback via tools like Slack, Jira, and CI dashboards.

    DevAltus also assumed responsibility for managing production email workflows. We implemented a policy in which every outbound communication was routed through a QA approval flow before delivery. This process guaranteed the accuracy, compliance, and reliability of all policyholder-facing messages, particularly those tied to issuance, regulatory events, and time-sensitive updates.