Hire Timothy SolomonHire Timothy Solomon
Book a call
Case Study

Building CRM and Growth Infrastructure From Scratch in a Heavily Regulated Insurance Market

Published 2026-03-17

Building CRM and Growth Infrastructure From Scratch in a Heavily Regulated Insurance Market

Most growth operators have never had to build ad compliance workflows. They've never had to design a CRM where every customer touchpoint requires regulatory review before publication. They've never had to run paid acquisition campaigns where a single keyword click costs £50 and a 1% improvement in conversion rate is the difference between viable and unviable unit economics.

This article is about building all of those things from zero for a digital insurance advisory platform — one of the most operationally constrained environments I've worked in, and one that produced a set of transferable capabilities I use in every regulated engagement since.

The Company and the Product

The company was a digital insurance advisory platform. The core product was a "protection score" — a personalised, unbiased assessment that gave customers clear guidance on their insurance needs. Think of it as a credit score, but for insurance coverage. The platform analysed a customer's situation (income, dependents, assets, existing coverage) and produced an objective recommendation about what types and levels of insurance protection they needed.

This positioned the company not as an insurance seller but as an insurance advisor. The distinction matters commercially and regulatorily: the company wasn't pushing specific products for commission. It was providing independent guidance that customers could act on themselves or use when evaluating policies from providers.

The business model was promising. The problem was that no marketing infrastructure existed to bring customers to the product. No CRM. No marketing automation. No digital acquisition system. No analytics. No compliance workflow. Everything needed to be built from scratch.

This was a 10-month independent engagement from December 2018 to October 2019.

The Regulatory Environment

Before I can talk about what I built, I need to explain the environment I built it in, because the regulatory context shaped every infrastructure decision.

What Regulation Means for Marketing

In regulated financial services, marketing isn't just about effectiveness — it's about compliance. Every piece of marketing content that a customer might see requires review and approval before publication. This includes:

Advertising copy. Every Google Ads headline, every description line, every display ad. Not just the initial creative — every variation, every A/B test, every seasonal update.

Landing pages. Every landing page, including every variant in A/B tests. The headline, the body copy, the form fields, the footer disclaimers, the trust signals — all subject to review.

Email communications. Every marketing email, every nurture sequence email, every transactional email with marketing content. Each email in a multi-step sequence counts as a separate piece requiring review.

Social media. Every organic post, every paid social ad, every response to customer comments that could be construed as advice.

Website content. Every page on the website, including blog posts, FAQ pages, and help documentation.

This isn't a theoretical requirement that companies in practice ignore. Insurance regulators audit marketing materials, and non-compliance carries real consequences: fines, licence restrictions, and reputational damage that can kill a startup.

The Compliance Bottleneck

The regulatory review requirement creates a structural bottleneck in marketing operations. In an unregulated environment, I can write an ad, launch it in the morning, and have performance data by the afternoon. In insurance marketing, the cycle looks more like:

  1. Write ad copy (30 minutes)
  2. Internal stakeholder review (1-2 days)
  3. Compliance review (2-5 business days)
  4. Revisions based on compliance feedback (1-2 days)
  5. Re-review of revised content (1-3 business days)
  6. Approval and launch

A cycle that takes 30 minutes in an unregulated environment takes 1-3 weeks in insurance. This has profound implications for marketing strategy: you can't iterate quickly. You can't test dozens of creative variations simultaneously. You can't respond to competitive moves in real time. Every campaign element needs to be planned, reviewed, and approved before it enters the market.

Understanding this bottleneck was essential to designing marketing infrastructure that could be effective within these constraints.

What I Built

CRM and Marketing Automation From Zero

The CRM implementation for an insurance platform needed to account for compliance requirements at every stage of the customer journey.

Data architecture. The data model was designed around the regulatory requirements for customer communication records. Every interaction — every email sent, every ad clicked, every page visited, every form submitted — needed to be recorded in a way that was auditable. This wasn't HubSpot's default contact tracking; it was a deliberately structured audit trail.

Lifecycle stages with compliance gates. Standard lifecycle stages (Lead → MQL → SQL → Customer) worked for the commercial pipeline, but each transition also needed to account for regulatory compliance:

  • Lead to MQL: Did the lead provide informed consent to receive marketing communications? Was the consent mechanism compliant with both GDPR and financial services marketing regulations?
  • MQL to SQL: Were any product-specific claims made during the nurturing phase that require compliance documentation?
  • SQL to Customer: Was the customer journey from marketing through to product access fully documented in an auditable format?

Communication workflows. Every automated email in the CRM was tagged with its compliance approval status, approval date, and the name of the compliance reviewer. This meant that if a regulator audited the company's marketing communications, I could produce a complete record of every email sent to every customer, with documentation of when it was approved and by whom.

Ad Compliance and Sign-Off Workflows

This is the specific deliverable I consider most transferable from this engagement. I designed and implemented a structured ad compliance workflow that solved the bottleneck problem without eliminating the necessary controls.

Content staging system. All marketing content was created in a staging environment where it could be reviewed by internal stakeholders before entering the compliance review pipeline. This caught obvious issues early and reduced the back-and-forth with compliance reviewers.

Batched review cycles. Rather than submitting individual ads for review one at a time (which would have overwhelmed the compliance function), I batched related content for review. A Google Ads campaign might include 20 ad variations — rather than submitting 20 individual review requests, I submitted the campaign as a package with a summary document explaining the messaging strategy, the target audience, and the key claims.

Pre-approved componentry. Over time, I established a library of pre-approved messaging components — specific phrases, claims, and disclosures that had already passed compliance review. New ad copy constructed from pre-approved components could go through an expedited review (confirming that pre-approved elements were used correctly) rather than a full initial review. This dramatically reduced review timelines for iterative creative testing.

Structured approval chains. I documented the approval chain — who reviews what, in what order, with what authority. This eliminated the ambiguity of "who needs to sign off on this?" and created clear accountability for review timelines.

Compliance documentation. Every piece of approved content was documented with its approval date, reviewer, any conditions attached to the approval (e.g., "approved until [date] — review required for continued use"), and the specific regulatory framework it was reviewed against.

This workflow system wasn't just for the compliance team's benefit. It was for marketing's benefit. By creating a structured, predictable review process, I could plan campaign launches with reasonable timelines, batch creative testing effectively, and maintain a pipeline of reviewed content ready for deployment.

Insurance keywords are among the most expensive in Google Ads. Life insurance keywords routinely exceed £30 per click. Income protection and critical illness keywords can reach £50-80 per click. Some high-value comparison keywords exceed £100 per click.

At these prices, the margin for error is zero. Every click that doesn't convert is £50+ of waste. Every percentage point of conversion rate improvement has outsized impact on campaign viability.

Keyword strategy. Rather than competing for the most expensive head terms ("life insurance" at £80/click), I built a keyword strategy around long-tail, high-intent terms where the company's unique value proposition (independent advisory, protection score) could differentiate. "Do I need life insurance" and "how much income protection do I need" had lower CPCs, higher intent, and better alignment with the product offering.

Landing page optimisation. With each click costing £50+, landing page conversion rate was the most impactful lever in the entire marketing operation. I ran a systematic CRO programme focused on:

  • Above-the-fold clarity. The value proposition (free, independent, personalised insurance guidance) needed to be immediately clear before the user spent any time on the page.
  • Trust establishment. In insurance, trust is the primary conversion barrier. The landing pages featured FCA registration details, data protection certifications, independent advisory credentials, and customer testimonials from users who had benefited from the protection score.
  • Form reduction. The initial form asked only for the minimum information needed to generate a protection score. Additional information was collected progressively after the user had received initial value.
  • Social proof. Trustpilot integration, media mentions, and partnership logos established credibility.

Bid strategy. Rather than automated bidding (which tends to optimise for volume), I used manual CPC bidding with regular adjustments based on performance data. This gave me precise control over spend allocation and ensured budget wasn't wasted on low-converting keywords or time periods.

SEO Foundation

Alongside the paid acquisition infrastructure, I built the foundational SEO architecture for the platform:

Content strategy. Insurance is a content-heavy market where customers research extensively before taking action. I built a content plan focused on informational queries that aligned with the protection score product — "how much life insurance do I need," "income protection explained," "critical illness cover vs life insurance." Each piece of content was designed to answer a specific question and naturally lead to the protection score as the logical next step.

Technical SEO. Site structure, schema markup, page speed optimisation, and crawlability were configured to give the content the best possible chance of ranking.

Compliance integration. Every piece of content went through the same compliance review process as paid advertising. This meant content production was slower than in unregulated markets, but every published piece was compliant and could remain published without risk of regulatory issues.

The Transferable Capability: Building in Regulated Markets

This engagement produced something more valuable than any specific campaign result — it produced a transferable capability for building marketing infrastructure in regulated environments.

Why This Matters

Regulated markets are underserved by marketing operators. Most growth marketers have built their careers in SaaS, ecommerce, or consumer apps — environments where you can ship fast, test constantly, and iterate in real time. When these operators encounter a regulated environment for the first time, they're unprepared for the constraints.

The compliance review bottleneck alone would stall most marketing operations. The data handling requirements would break most CRM implementations. The documentation requirements would overwhelm most campaign management workflows.

I've now built marketing infrastructure in four regulated environments:

  • GDPR (B2B data) — data collection, processing, and consent
  • Financial services (insurance) — advertising, suitability, and disclosure requirements
  • iGaming (fantasy sports) — gambling regulation, advertising restrictions, jurisdictional compliance
  • EdTech (UK employment law) — marketplace vs agency classification, employment status, and marketing claims

Each of these required compliance-aware infrastructure from the ground up. The specific regulations differ, but the architectural patterns are consistent:

Compliance as a design constraint, not a retrofit. You can't build a marketing engine and then bolt compliance onto it. The compliance requirements need to inform the infrastructure design from day one.

Structured review workflows. Every regulated environment has some form of content approval process. Building that process into the operational workflow — rather than treating it as an interruption — is the difference between viable and unviable marketing operations.

Audit-ready documentation. Every touchpoint, every communication, every customer interaction needs to be documented in a format that a regulator can inspect. This isn't bureaucratic overhead — it's operational insurance.

Pre-approved componentry. The specific technique of building a library of pre-approved messaging components is applicable across every regulated environment. It solves the speed versus compliance tension by front-loading the review work and enabling rapid iteration within pre-approved boundaries.

What This Engagement Teaches

The CRO Imperative in High-CPC Markets

In markets where a single click costs £50-100, the economics of paid acquisition are entirely determined by conversion rate. A 2% conversion rate means each lead costs £2,500-5,000. A 4% conversion rate means each lead costs £1,250-2,500. That difference — driven entirely by what happens after the click — often determines whether a paid acquisition programme is viable at all.

CRO in high-CPC markets isn't a nice-to-have optimisation exercise. It's the difference between a functioning business and a money-burning exercise.

Zero-to-One Is a Specific Skill

Building a marketing function from zero in a regulated environment is not the same skill as optimising an existing one. Optimisation assumes the existence of data, systems, workflows, and institutional knowledge. Zero-to-one requires creating all of those things simultaneously, under constraints that most operators have never encountered.

I've done zero-to-one builds in four different regulated industries. The skill isn't knowing a specific market's regulations — it's knowing how to design compliant infrastructure, how to build review workflows, how to create audit-ready systems, and how to generate commercial results within those constraints.

Compliance Is a Competitive Advantage

Most companies treat compliance as a cost centre — something they have to do, reluctantly, to avoid regulatory penalties. In reality, compliance sophistication is a competitive advantage. The company that can run effective marketing within regulatory constraints while competitors struggle with slow review cycles, non-compliant content, and regulatory anxiety has a structural advantage.

Building compliance-aware infrastructure doesn't just protect you from risk — it enables you to operate more effectively than competitors who are fighting their compliance obligations instead of working within them.

The Pattern Across Engagements

This insurtech engagement sits alongside my B2B data engagement (GDPR), my EdTech engagement (UK regulation), and my iGaming engagement (gambling regulation) as part of a consistent pattern: building marketing infrastructure in environments where most growth operators have no relevant experience.

If your business operates in a regulated market and you need marketing infrastructure built by someone who understands the constraints — who has designed compliance workflows, built audit-ready CRM systems, and run high-CPC acquisition programmes within regulatory boundaries — I've done this before. Multiple times. In multiple industries.

Book a Diagnostic Call — Let's talk about your regulated market infrastructure.