From Mainframe to Lakehouse: How to Modernize a 30-Year-Old Policy System Without Downtime
Ask any insurance CTO what keeps them from modernizing, and you'll rarely hear "budget" or "talent." You'll hear something closer to fear: the policy administration system has been running since the 1990s, it processes every quote, endorsement, and renewal the company makes, nobody who wrote it still works there — and the business cannot go dark for even an afternoon.
So the migration gets deferred. Another year passes. Meanwhile every AI initiative, every customer-experience project, and every analytics roadmap quietly starves, because they all need data that's trapped inside that system.
Here's the thing: the fear is rational, but the conclusion isn't. Migrating a legacy policy core without downtime is well-trodden ground. It just requires abandoning the approach everyone instinctively reaches for.
Why the big-bang cutover fails
The instinct is to build the replacement, pick a weekend, flip the switch, and pray. This fails for a predictable reason: you cannot test your way to confidence about a system nobody fully understands.
Thirty-year-old policy systems are full of undocumented behavior — a rating quirk that a state regulator approved in 2004, a batch job that silently fixes bad data at 2am, an edge case in renewals that only fires for one product line. None of it is in a spec. Much of it is load-bearing.
A big-bang cutover discovers all of that on Monday morning, in production, with customers watching. That's why these projects either get cancelled at 70% or become the horror story everyone cites for the next decade.
The approach that works: strangle it slowly
Instead of replacing the system, you surround it — and let the new platform take over a slice at a time, while the old core keeps running untouched. Five phases:
1. Read first, write never (weeks, not months)
Start by getting data out — via change data capture (CDC) or a read replica — into a cloud lakehouse. You change nothing in the legacy system. Zero risk to production. Within weeks you have policy and claims data queryable in one place, which alone unlocks analytics and AI work that's been blocked for years.
This step matters more than it sounds. It delivers real value before you've taken on any migration risk at all, which is what keeps the program funded.
2. Build the target model and reconcile obsessively
Model the domain properly in the lakehouse — with a stable customer key, deduplicated entities, and transformations that make the implicit rules explicit. Then reconcile relentlessly: does your new premium calculation match the legacy system's, for every policy, to the cent?
Every mismatch is a gift. It's an undocumented rule you just discovered — safely, in a report, instead of in production.
3. Parallel run (the phase you cannot skip)
Run both systems on real traffic simultaneously. The legacy core remains the system of record; the new platform shadows it, processing the same inputs and producing its own outputs. Nobody depends on the new outputs yet — you just compare them, continuously, and fix divergence.
Do this for weeks or months, not days. The parallel run is where the fear actually gets retired: when the new system has matched the old one on a million real transactions, the cutover stops being a leap of faith and becomes a formality.
4. Cut over by slice, not by system
Migrate one product line, one state, or one workflow at a time. Move new business first, leave the in-force book on legacy, and let the new platform prove itself on the low-risk slice. Every slice you move shrinks the blast radius of the next one.
Crucially: keep a rollback path for each slice. If a slice misbehaves, you fall back to legacy for that slice alone — not for the whole company.
5. Decommission last, and only when it's boring
The old core gets switched off when nothing reads from it anymore. By then it's an anticlimax, which is exactly the goal. Many carriers keep it in read-only mode for a year for regulatory lookback — and that's fine.
What actually goes wrong (and how to avoid it)
- Skipping the parallel run to hit a date. This is the single most common cause of failure. The parallel run is the risk mitigation. Cutting it to save two months buys a two-year incident.
- Treating it as a lift-and-shift. Copying a 1990s schema into Snowflake gets you a 1990s schema with a cloud bill. Remodel the domain, or you've moved the problem, not solved it.
- No reconciliation budget. Teams plan for build and forget that proving equivalence is most of the work. Budget for it explicitly.
- Migrating everything at once because "the slices are coupled." They're less coupled than they look. Find the seam — new business vs. in-force is usually the cleanest one.
The payoff isn't the migration
Here's what makes this worth the effort: the migration itself isn't the prize. The prize is everything that becomes possible the moment your policy, claims, and billing data live somewhere you can actually query in real time.
Underwriting models that see the whole customer. Fraud detection that runs at first notice of loss instead of overnight. Straight-through processing that goes from 10% to 90% because the data it needs is finally reachable. Compliance lineage that satisfies the new AI regulations. None of that is possible while the data is locked in a mainframe — and all of it is nearly routine once it isn't.
The legacy core isn't unmovable. It's just been approached the wrong way. Read first, reconcile hard, run in parallel longer than feels necessary, cut over in slices — and the migration everyone's been deferring for a decade turns out to be a project, not a gamble.
We've delivered 200+ cloud migrations across Snowflake, Databricks, and the modern lakehouse — including the phased legacy migrations insurance runs on. More at IntelliBooks.
Comments
Post a Comment