Client work · Grants technology

UK Grants Intermediary
Platform Modernisation

Replacing a Salesforce-based grants platform with an AWS-native, agentic B2B2C platform — turning a UK welfare intermediary into the operating system for social support distribution.

Status Discovery
Scale ~1,000 partner orgs
Sector UK welfare / grants
Regulation Ofgem · GDPR (Article 9)
Ownership PE-backed

What the client does

The client sits between funders (energy companies, local authorities, housing associations) and vulnerable individuals — processing applications, managing schemes, and distributing financial support. Three revenue lines:

  • Managed Funds — white-labelled grant schemes for utility companies and public bodies. End-to-end: application intake → eligibility → validation → award. Energy company welfare funds, local authority hardship schemes.
  • Procurement Portal — self-service procurement for partner organisations. Partners load funds, purchase vouchers and goods on behalf of beneficiaries. Integrated with a digital voucher fulfilment provider.
  • Partner Network — cross-sector information sharing across ~1,000 partner organisations.

The key insight: This is already a B2B2C model. Funders → intermediary → Partner orgs → Vulnerable individuals. The technology just hasn't caught up. The architecture is the bottleneck, not the business.

Why this is urgent

PE acquisition changes the trajectory. The growth playbook for this sector is well-documented: start with a focused platform, add adjacent services through acquisition, use the technology stack as the integration layer that makes each bolt-on cheaper and faster than the last. The technology is the accelerant — but only if it's built to scale.

The market is expanding, not contracting: UK household support schemes extended to 2030, a £15B Warm Homes Plan, intensifying Ofgem scrutiny of how energy companies support vulnerable customers. Government-backed funding through intermediaries in this sector is growing.

A PE-backed buy-and-build strategy with a creaking Salesforce stack is a race against time. Each acquisition adds complexity. Without a platform that absorbs that complexity cleanly, integration costs compound and the growth thesis stalls.

The Salesforce problem

Salesforce is good at CRM. It is not good at running a grants intermediary at scale. Observable pain points from the current architecture:

  • Processing speed: Multi-week processing times are consistent with Salesforce workflow engine limitations — configurable, but not fast at volume.
  • Evidence handling: Manual upload processes with email fallback are classic signs of a brittle UI built on top of Salesforce custom objects.
  • Siloed systems: Procurement portal and scheme management appear unconnected. No unified tenant context across the B2B2C model.
  • Licensing cost: Per-seat Salesforce at ~1,000 partner users is significant annual spend vs a serverless platform that scales to zero.
  • Extensibility: Every scheme rule change requires Apex triggers and custom objects. No clean DSL for eligibility logic means slow iteration.

GATEKEEP verdict on Salesforce-for-everything: Reject. The operational platform (schemes, applications, awards, procurement) needs to move off Salesforce. Keep Salesforce for CRM (partner relationships, pipeline, account management) only. All operational data behind clean API boundaries.

Target architecture

TOGAF-lite layered approach — business architecture first, then data, then applications, then automation, then agentic. Each layer is weeks of focused work, not months of analysis.

Presentation Plain HTML (applicant) · React/Next.js (partner + ops)
API Layer API Gateway · Lambda (Python 3.12)
Event / Messaging EventBridge · SQS · SNS
Operational Data Aurora Serverless v2 (PostgreSQL + RLS) · DynamoDB · S3
Agentic Layer Amazon Bedrock AgentCore (Runtime · Memory · Gateway · Policy)
Integrations Voucher fulfilment · Stripe Connect · GOV.UK Notify · Open Banking

Multi-tenant PostgreSQL with Row-Level Security — each partner org is a tenant. ~1,000 tenants rules out schema-per-tenant or DB-per-tenant. RLS at the database level, not in application code. The business logic lives in portable Python Lambda functions — not in Salesforce Apex, not in a workflow builder.

The agentic layer — AgentCore

Instead of predefined workflow diagrams, agents compose workflows organically at runtime. The system doesn't have a "workflow engine" — it has events (things that happen), agents (things that reason), functions (things that do stuff), and queues (things that decouple).

AgentCore Policy uses Cedar to enforce hard guardrails — agents cannot approve awards, cannot access applicant data outside their assigned scheme, cannot bypass the human decision step for special-category data (GDPR Article 9, DUA Act 2025).

Ethical non-negotiable: Agents prepare, humans decide. No final eligibility decisions without meaningful human involvement. This is both legally required (GDPR Article 9) and operationally correct. AI can halve the processing time. Humans still make the call.

Three-year delivery plan

Conservative in Year 1, aggressive in Years 2–3. You can't move fast on a foundation you don't understand. Once you understand it, you move very fast indeed.

Year 1

Learn the lay of the land, settle it down

Q1: Discover — map every business process, Salesforce custom object, integration, data flow. 2–3 weeks of focused work, not months. Q2: Stabilise — fix what hurts most within the existing platform. Quick wins. Q3–Q4: Design — canonical data model, API contracts (OpenAPI), target architecture, proof of concept on one bounded domain.

Year 2

Build and migrate

Q5–Q6: Procurement portal first — highest ROI, least Salesforce entanglement. Partners opt in, parallel run, cutover when confident. Q7–Q8: Application portal — applicant-facing scheme application, evidence upload with AI-assisted classification, first automation agents (triage + evidence review, assistive only).

Year 3

Accelerate and scale

Q9–Q10: Scheme engine — rules DSL for eligibility configuration, workflow engine, partner self-service. This is where most Salesforce logic lives. Parallel run essential. Q11–Q12: Agentic layer — finance agents, reporting agents, cross-referral agent, regulatory reporting. Salesforce reduced to CRM only.

Total build cost estimate: £700k–£1.2M over 15–23 months. Running costs post-migration: £180–720/month. Salesforce licensing at this scale: likely £50k–150k+/year. Break-even: 12–18 months post-launch.

What ticketyboo brings

Architecture & design

TOGAF-lite methodology applied to the Salesforce transformation. Business architecture in days, not months. Documented ADRs at every decision point.

AgentCore expertise

Production serverless and agentic design on AWS. The Paperclip patterns that inform agent architecture, adapted for AgentCore as the managed runtime.

Technical leadership

CTO/CIO-level guidance through the transformation. Fractional engagement or full build team — Q1 discovery determines which is right.

Governance methodology

GATEKEEP applied at every decision. Security, cost, design, and deployment review gates. No gut-feel architecture changes.

Agentic development

AI-assisted delivery for 2–3× faster execution. AI generates boilerplate. Humans design architecture and business logic. AI assists testing. Humans review security.

Integration patterns

Capability mesh for the integration layer. Voucher fulfilment, energy suppliers, Open Banking, GOV.UK Notify — all exposed as composable API tools.

Programme Engine — live demo

The Scheme Configuration Engine is built. The thesis: eligibility rules should be configuration, not code — so a policy change doesn't require a deployment cycle. Below is what that looks like in practice, and where the assumptions start to show.

Act 1 — The problem

Before vs after. Scheme-as-code (3 weeks) vs scheme-as-config (30 min). The 3 design principles.

Act 2 — Engine running

EDF-CSF-2026 evaluates Patricia Walsh. Every rule visible. reasoning_chain produced live. Switch personas for INELIGIBLE and INDETERMINATE outcomes.

Act 3 — New scheme live

Author Ofgem Winter Warm Fund 2026. Validate → Approve → Activate. Dry-run against 3 test applicants. In production, this is the entire household dataset evaluated at activation — people who qualify don't need to find the scheme.

The JS evaluation engine in the demo uses the same 16-operator allow-list as the Python. Run python demo/scheme_engine_server.py from demos/grants-platform/ and the browser calls the real Python engine — 181 tests, 24 Hypothesis properties verified. The gap between this and a production deployment is real and acknowledged.

Technical demo → Patricia's story →

Next steps

This analysis is based on publicly observable patterns. Before any build work begins:

  • Validate assumptions with client stakeholders — does the pain point analysis match reality?
  • Map the current Salesforce data model in detail (Q1 discovery work)
  • Identify the quick wins that hurt most today
  • Understand the PE investor's timeline and growth thesis
  • Confirm Salesforce contract renewal dates (drives migration sequencing)
  • Assess internal engineering capability (build vs buy vs partner)

The compound interest principle: Walmart's agentic AI capabilities in 2025 compound directly from their satellite network investment in 1987. Data infrastructure is the principal. Everything else is interest on interest. The canonical data model built in months 1–4 will be the foundation that every agent and every automation compounds on for the next decade. Start early. The curve does the rest.