Are shared accounts only limited to system/built-in accounts ? Eg don't you also have organization-defined shared accounts ? Eg a shared teamrole account, for each relevant team (eg. helpdesk, appmgr, ...) ?
But if the application password is rotated on the application and on the vault, how would the developers know especially as there is no comment about events being sent to the application to talk to cyberArk to update its in-memory password!