Our technology platform is what enables advisors and their clients to unlock the black box of traditional insurance products and allows insurers to develop innovative, advisor-friendly annuity solutions. These products untether the custody of the covered assets from the insurance carrier, thereby providing a range of custodians, portability of assets between custodians, and a choice of insurance carriers.
The technology platform is the key building block that supports the insurance carrier in guaranteeing income on assets custodied elsewhere and that supports the investment advisors in serving their end investors in providing retirement security. Our technology is the integration among the insurers, the custodians, the advisors and their clients, and third party providers of investment products and services. Security in both the transport and storage of client and advisor data has been built-in from the ground up. Scale and reliability of the platform are designed into its cloud-based technical architecture.
Our platform is comprised of three interconnected components: the RetireOne website, advisor support desk, and investment monitoring systems. Together these components provide independent advisors and their clients, insurance carriers, custodians and managed account providers with real-time product information, sales support, and investment account activity details.
Until RetireOne, many independent advisors were not able to write or refer guaranteed income solutions due to cost structure and lack of transparency. Our platform delivers a myriad of solutions designed for independent advisors, ranging from low-cost variable annuity products for 1035 exchanges to wrap products designed so that advisors maintain control of underlying assets within retirement income solutions.
RetireOne™ ensures that advisors get the support that they need and the way they want it.
RetireOne handles the policy administration and delivers delightful customer experiences.
3rd Party Providers
We work with advisors preferred providers to optimize the advisor experience.
RetireOne integrates with all the major custodians in the RIA market, providing choice and portability.
We practice domain-driven architecture. We also believe in buying and configuring commercial software where practical. We focus our custom software development on the parts of our business that are unique and competitive differentiators. This includes the integration between insurers and custodians, monitoring policy compliance, and policy administration. We play special attention to:
- Ease of integration
- Secure integration, transport, and storage
- Scale across volume and dimensions (cloud-based)
- Consistency across web, phone, and partner interfaces
- Authentication: User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs on.
- Passwords: User application passwords have minimum complexity requirements. Passwords are individually salted and hashed.
- Data Encryption: Certain sensitive user data are stored in encrypted format.
All Aria information systems and infrastructure are hosted in world-class data centers. These data centers include all the necessary physical security controls you would expect in a data center these days (e.g., 24×7 monitoring, cameras, visitor logs, entry requirements).
- Testing: System functionality and design changes are verified in an isolated test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.
- Logging and Auditing: Central logging systems capture and archive all internal systems access including any failed authentication attempts.
- Patching: Latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities.
- Third Party Scans: Our environments are continuously scanned. These tools are configured to perform application and network vulnerability assessments, which test for patch status and basic misconfigurations of systems and sites.
Organizational & Administrative Security
- Information Security Policies: We maintain internal information security policies, including incident response plans, and regularly review and update them.
- Employee Screening: We perform background screening on all employees, to the extent possible within local laws.
- Training: We provide security and technology use training for employees.
- Service Providers: We screen our service providers and bind them under contract to appropriate confidentiality and security obligations if they deal with any user data.
- Access: Access controls to sensitive data in our databases, systems, and environments are set on a need-to-know / least privilege necessary basis.
- Audit Logging: We maintain and monitor audit logs on our services and systems.