CDA Back Office

The backbone for innovative insurance product design

Unbundling Insurance from Investments

Our contingent deferred annuity (“CDA”) back office technology enables advisors and their clients to unlock the black box of traditional insurance products. We provide the framework to simplify the annuity product and reduce it to its essential function: an income engine.

Unbundling insurance protections in this way allows insurers to create innovative, advisor-friendly solutions with which advisors may wrap brokerage and retirement accounts to generate income. Untethering the custody of the covered assets from the insurance carrier creates back office efficiencies, and provides a range of custodians, portability of assets between custodians, and a choice of insurance carriers.

Integration Point

The technology platform is the key building block supporting the insurance carrier in guaranteeing income on assets custodied elsewhere. And it supports the investment advisors as they work to provide retirement security for their end investors.

Our technology is the integration among the insurers, the custodians, the advisors, clients, and third party providers of investment products and services. Security in both the transport and storage of client and advisor data has been built-in from the ground up. Scale and reliability of the platform are designed into its cloud-based technical architecture.


Our platform is comprised of three interconnected components: RetireOne technologies, advisor support desk, and fiduciary marketplace of solutions. Together these components provide independent advisors and their clients, insurance carriers, custodians and managed account providers with real-time product information, sales support, and investment account activity details.

Until RetireOne, many independent advisors were not able to write or refer guaranteed income solutions due to cost structure and lack of transparency. Our platform delivers a myriad of solutions designed for independent advisors.


We practice domain-driven architecture. We also believe in buying and configuring commercial software where practical. We focus our custom software development on the parts of our business that are unique and competitive differentiators. This includes the integration between insurers and custodians, monitoring policy compliance, and policy administration.

We pay special attention to:

  • Ease of Integration
  • Secure integration, transport, and storage
  • Scale across volume and dimensions (cloud-based)
  • Reliability
  • Consistency across web, phone, and partner interfaces


We take our users’ security and privacy concerns seriously. We strive to ensure that user data is handled securely. RetireOne uses some of the most advanced technology for internet security that is commercially available today. This security statement is aimed at being transparent about our security infrastructure and practices, to help reassure you that your data is appropriately protected. Visit our privacy policy for more information on data handling

User Security
Physical Security
Network Security
Vulnerability Management
Organizational Security
  • Authentication: User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on.
  • Passwords: User application passwords have minimum complexity requirements. Passwords are individually salted and hashed.
  • Data Encryption: Sensitive user data are stored in encrypted format.
  • Privacy: We don’t share any data other than with contractors and affiliates that are critical to the services that your expect from us.

All Aria/RetireOne information systems and infrastructure are hosted in world-class data centers. These data centers include all the necessary physical security controls you would expect in a data center these days (e.g., 24×7 monitoring, cameras, visitor logs, entry requirements).

  • Testing: System functionality and design changes are verified in an isolated test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.
  • Logging and Auditing: Central logging systems capture and archive all internal systems access including any failed authentication attempts.
  • Patching: Latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities.
  • Third Party Scans: Our environments are continuously scanned. These tools are configured to perform application and network vulnerability assessments, which test for patch status and basic misconfigurations of systems and sites.
  • Information Security Policies: We maintain internal information security policies, including incident response plans, and regularly review and update them.
  • Employee Screening: We perform background screening on all employees, to the extent possible within local laws.
  • Training: We provide security and technology use training for employees.
  • Service Providers: We screen our service providers and bind them under contract to appropriate confidentiality and security obligations if they deal with any user data.
  • Access: Access controls to sensitive data in our databases, systems, and environments are set on a need-to-know / least privilege necessary basis.
  • Audit Logging: We maintain and monitor audit logs on our services and systems.