Rebuilding a Broken Salesforce Org for a Financial Services Firm

The Situation

This firm manages wealth portfolios for high-net-worth clients across three office locations. Two years before we were brought in, they had hired a consulting firm to implement Salesforce. The project ran over budget, over time, and delivered an org that their team could barely use.

By the time we got involved, the problems were serious. Their Salesforce org had over 60 active Apex classes, many of them triggering on the same objects, creating race conditions and unexpected data mutations. The sharing model was so poorly configured that reps in one region could see client data belonging to advisors in another region, which was a direct compliance violation. The system was slow. Users hated it. Daily active users had dropped to about 34% of licensed seats.

Most damaging: client contact records were being duplicated and edited directly in Excel because nobody trusted the CRM data. Their compliance team was facing an upcoming internal audit and they knew the Salesforce data would not hold up to scrutiny.

Our Approach

We started with a two-week technical audit. We reviewed every Apex class, every Flow, every sharing rule, and every profile. We documented what each piece of code was supposed to do, what it actually did, and whether it was still needed. The result was a prioritized remediation roadmap that we presented to the client's leadership team with clear risk ratings for each item.

The rebuild happened across three phases:

• Security model rebuild: We dismantled the existing profile and sharing configuration and started fresh. We built a clean role hierarchy that matched the firm's actual management structure, implemented sharing rules for cross-region visibility that was specifically permitted, and added field-level security to protect regulated financial data. Every change was documented for the compliance audit.
• Automation modernization: We retired all 47 legacy Apex trigger classes and replaced them with record-triggered Flows. For the more complex business logic, we used Apex only where declarative tools genuinely could not handle the requirement. The result was automation that any certified administrator could read and modify without a developer.
• Compliance reporting suite: We built a set of reports and dashboards specifically designed to answer the questions that came up in quarterly compliance reviews. Data lineage tracking was added to key regulated fields so the audit team could see when a value changed, what it changed from, and which user made the change.

Getting Users Back

Fixing the technical problems was the easier half. Getting 200 people to trust a system they had written off was the harder challenge. We ran a roadshow of 30-minute sessions with each team, not to train them on clicks, but to show them specifically how the rebuilt system solved the problems they had complained about. We brought print-outs of the old error messages and showed what happened now instead.

Within three weeks, daily login rates had climbed past 60%. By week 8, they were at 89% and the sales manager reported that reps were proactively logging call notes without being asked.

Audit Ready

The internal compliance audit took place in week 14, two weeks after our engagement formally closed. The compliance team passed with no material findings related to CRM data integrity. The automated reporting suite reduced their audit preparation process from three weeks of manual work to a two-day review of system-generated reports.