# 02 — PBZ Banking Dossier
# Bilko × HR Banking — Strategic Dossier
**MC #100274 | Author: Markos Zachariadis (Finverge/ALAI) | 2026-05-10****Classification: CEO-EYES — pre-commercial, not for external distribution**---
## 1. PBZ-Specific Value Proposition Memo
### PBZ Profile and SMB Positioning
Privredna Banka Zagreb (PBZ), majority-owned by Intesa Sanpaolo since 1999, is Croatia's second-largest bank by total assets and commands the strongest institutional SMB franchise in the country. Intesa Sanpaolo's group strategy — articulated in the Piano d'Impresa 2022–2025 and its successor cycle — explicitly prioritises growing fee-based income through embedded digital services rather than balance-sheet expansion. PBZ has followed this with digital-first SMB products (mPay, PBZcom mobile banking for businesses) but has not yet moved to a white-label embedded accounting play. The competitive pressure from Revolut Business and neobanks entering HR is intensifying this urgency.
Tomislav Premuz — assuming he sits within PBZ's digital banking or SMB segment leadership — represents an operator looking for non-interest revenue levers and customer retention tools. The value-prop conversation must be framed in his language: reduced SMB churn, increased transaction volume through payroll/invoicing stickiness, and a defensible differentiator against challenger banks. This is not a technology conversation; it is a network economics and deposit-retention conversation.
### The Bundle Proposition
**PBZ SMB client receives:**
- Bilko full-feature accounting platform (HR-FISK 2.0 compliant, PDV reporting, payroll) — free while maintaining an active PBZ business account
- Automatic bank feed via Tok (AISP) — PBZ transactions flow into Bilko in real-time, eliminating manual CSV import
- Drop remittance (EU-to-HR corridors) — relevant for SMBs with diaspora supply chains, cross-border suppliers, or freelancer payroll in DE/AT/NO/CH
The bundle is structurally analogous to FreeAgent + NatWest/Mettle. The causal mechanism is identical: free software creates switching friction on the banking side. An SMB that reconciles daily in Bilko connected to PBZ will not easily move their current account.
**What PBZ does NOT need to build:** FISK compliance layer, accounting logic, bank feed aggregation, remittance rails. These are Bilko/Tok/Drop's core competencies. PBZ provides the customer base and brand trust.
### Revenue Architecture for PBZ
Three models, ranked by implementation complexity:
| Model | Structure | PBZ Economics | Complexity |
|-------|-----------|---------------|------------| | **Co-marketing only** | PBZ promotes Bilko; Bilko gives PBZ-referred clients free tier | Zero revenue, marketing value | Low |
| **Referral fee** | ALAI pays PBZ per activated SMB account (€10–25 CPA) | ~€100–250K/yr at 10K activations | Medium |
| **Bundled monthly fee** | PBZ pays ALAI per-seat fee (€3–8/SMB/month) for embedded Bilko | €300K–800K ARR at 10K accounts | High — requires contract, NDA, procurement cycle |
**Recommended opening position:** co-marketing/referral with a path to bundled fee. This gets Premuz to a "yes" faster. Once SMBs are using Bilko through PBZ, the data on retention and transaction uplift becomes the commercial argument for moving to bundled.
On the deposit growth side: SMBs that centralise their financial operations (invoicing, payroll, bank feed) in a PBZ-connected Bilko will concentrate more working capital in their PBZ account. The float impact is not trivial — SMBs tend to park idle balances in their primary operating account.
### Regulatory Prerequisites (PSD2 AISP)
This is the single most important structural point. Bilko's automatic bank feed requires reading PBZ account data via the PSD2 AISP channel. The AISP licence holder must be clearly designated.
**ALAI's position:** ALAI Holding AS is pursuing Finanstilsynet AISP registration for Tok (MC #1934). As a Norwegian entity (EEA/EFTA), ALAI registers with Finanstilsynet as home regulator, and Finanstilsynet passports the licence to HNB (Croatia) under PSD2 Article 28. This is a confirmed legal pathway — HNB does not require a separate Croatian application.
**PBZ's role:** PBZ must provide Tok access to their PSD2 API sandbox (apiportal.pbz.hr — confirmed live). PBZ does NOT need to be the licence holder. The AISP relationship is: ALAI (Tok) holds the licence; PBZ is the ASPSP (Account Servicing Payment Service Provider) that exposes the Open Banking API. This is the standard industry structure and is operationally familiar to PBZ's payment systems team.
**For the Premuz meeting:** Lead with FISK 2.0 urgency and the FreeAgent/NatWest analogy. Introduce the AISP structure as a technical footnote — it is already solved. The commercial conversation should dominate.
---
## 2. Six-Bank Shortlist — HR Market
| Rank | Bank | Parent Group | Est. SMB Share | Digital Maturity | Approach | Risk Flag |
|------|------|-------------|----------------|-----------------|----------|-----------| | 1 | **PBZ** | Intesa Sanpaolo | ~28–32% (SMB loans + current accounts) | High — mPay, PBZcom, PBZ API portal live | Warm — CEO already has Premuz contact (MC #8608) | None identified |
| 2 | **Zaba** (Zagrebacka Banka) | UniCredit Group | ~25–28% | High — UniCredit developer.unicredit.eu portal live, CIB-aligned digital strategy | Cold — no existing contact; UniCredit HQ may have parallel accounting SaaS ambitions (Azimut Libera Impresa precedent in IT) | UniCredit Italy has moved toward embedded finance; Zagreb may be constrained by group policy |
| 3 | **Erste** | Erste Group | ~12–15% | High — Erste developer portal live, George app (SMB banking) aggressive regional rollout | Cold — Erste Group has its own fintech accelerator (Erste Hub Vienna); may prefer group-internal solutions | Erste has a track record of building in-house (George, Erstebank Digital) — partner window may be narrow |
| 4 | **RBA** (Raiffeisenbank Hrvatska) | Raiffeisen Bank International | ~8–10% | Medium — sandbox.rba.hr live but RBI group has been divesting CSEE positions | Cold — RBI group announced CSEE divestment considerations; HR entity uncertain | Raiffeisen group strategic uncertainty in SEE; potential M&A disruption |
| 5 | **OTP Banka HR** | OTP Group (Hungary) | ~6–8% (post-Splitska banka acquisition 2022) | Medium — apiportal.otpbanka.hr live; OTP group growing aggressively in HR | Cold — OTP has acquired extensively in HR and is building SMB digital layer; opportunity window as they integrate Splitska | OTP may prioritise in-house Hungarian fintech stack (MagnetBank model) |
| 6 | **HPB** (Hrvatska Postanska Banka) | State-owned (HR government) | ~4–6% (postal network + public sector) | Low-medium — openbanking.hpb.hr live but innovation pace slower | Cold — state ownership means longer procurement; but HPB has unique postal network reach in rural Croatia | State procurement risk: 12–18 month tender cycles, political sensitivity |
**Strategic read:** PBZ (Intesa) and Erste are the most structurally aligned. PBZ via existing Premuz relationship is the clear first mover. Erste is the highest-quality backup — Erste Group's George app has demonstrated that a traditional bank CAN build compelling SMB digital products, which means Erste leadership will understand the value prop faster than a bank that has never invested in digital SMB. Zaba (UniCredit) is a strong second-tier target but carries group-level constraint risk. RBA and OTP are tactical options if PBZ negotiations stall past W12.
---
## 3. Outreach Sequencing Plan (12-Week Minimum)
| Week | Action | Owner | Gate / KPI |
|------|--------|-------|-----------| | **W1** | CEO (Alem) resumes contact with Tomislav Premuz — reschedule meeting. Send 1-pager: Bilko + Drop bundle, FreeAgent/NatWest analogy, FISK 2.0 urgency hook | Alem | Meeting confirmed within W2 |
| **W2** | Deliver PBZ value-prop deck (5 slides max: HR-FISK urgency, bundle economics, AISP structure, pilot scope proposal, revenue model options) | John (deck) / Alem (delivery) | Deck delivered; Premuz feedback received |
| **W3** | PBZ internal circulation — assume Premuz needs 1-2 internal meetings before responding. Send follow-up with pilot scope doc: 100 SMB beta, 90-day window, no-cost to PBZ | Alem | Verbal go/no-go from Premuz |
| **W4** | If green: agree pilot commercial terms (co-marketing minimum viable agreement). If no response: escalate to Intesa Sanpaolo group BD contact via LinkedIn or Intesa Digital Factory Milan | Alem | Term sheet or escalation path confirmed |
| **W5** | Begin Zaba (UniCredit) cold outreach — target SMB digital or partnerships lead at UniCredit Croatia. Use LinkedIn + referral if available. Send same 1-pager | John (prep) / Alem (outreach) | First response or meeting booked |
| **W6** | Begin Erste HR cold outreach — target Erste Hub or Erste Croatia SMB lead. Leverage Erste Group's public fintech partner programme if applicable | John (prep) / Alem (outreach) | First response or meeting booked |
| **W7** | PBZ: if pilot agreed, begin technical scoping — PBZ API sandbox credentials, Tok integration plan, Bilko HR tenant setup | Dev team (Bilko/Tok) | Sandbox credentials received |
| **W8** | PBZ pilot launch (if on track): 100 PBZ SMB beta users, Bilko free, automated bank feed via Tok AISP sandbox | Dev + Alem | 100 activations or agreed reduced target |
| **W9** | Measure pilot KPIs: activation rate, daily active, bank-feed connection rate, FISK invoice sent count | John | KPI dashboard live |
| **W10** | If PBZ pilot green: prepare commercial proposal (bundled fee model, €3–8/SMB/month). Begin OTP and RBA outreach (parallel) | Alem | Commercial proposal drafted |
| **W11** | PBZ commercial negotiation — present pilot data as evidence. Introduce bundled monthly fee model | Alem | Negotiation initiated |
| **W12** | Decision gate: (A) PBZ pilot data strong → proceed to LOI / commercial agreement. (B) PBZ stalled → escalate to Intesa group + accelerate Erste/Zaba track | CEO decision | LOI signed or pivot confirmed |
**Decision gates:** W4 (PBZ go/no-go), W8 (pilot activation threshold), W12 (commercial agreement or pivot). If PBZ does not respond by W6, do NOT wait — begin parallel Erste and Zaba tracks immediately.
---
## 4. PSD2 AISP Regulatory Quick-Take
**Core question:** Does Bilko need its own AISP licence, or can it ride PBZ's?
**Answer: Neither option applies in the standard form.** PBZ is the ASPSP, not an AISP. PBZ exposes the PSD2 API; it does not aggregate other banks. Bilko itself is the end-user application — it does not hold the AISP licence. The AISP function sits in **Tok**, which is ALAI's dedicated Open Banking platform. This is a clean three-party architecture: Tok (AISP licence holder) connects to PBZ's API, pulls account data with user consent, and delivers a structured bank feed to Bilko. The SMB user consents via a PSD2 SCA redirect to PBZ's portal.
**Is ALAI Norway (EFTA) a blocker for the EU AISP licence?** This was a legitimate concern, but internal regulatory research (croatia-hnb-aisp-guide.md, verified 2026-03-03) confirms it is **not a blocker**. Norway is an EEA/EFTA member and is covered by PSD2 passporting under Article 28. ALAI registers with Finanstilsynet (Norway) as home regulator, and Finanstilsynet notifies HNB (Croatia). No separate Croatian entity or Croatian application is needed. This is the same pathway used by multiple Norwegian and Icelandic fintechs operating across EEA.
**Timeline:** Finanstilsynet review is 2–3 months from a complete application. PII insurance procurement (mandatory prerequisite) takes 4–8 weeks. Total: approximately 6 months from PII start to Croatian bank feed live. Target was September 2026 per the internal roadmap. For the PBZ banking partnership, the Tok AISP status is the critical path dependency — a PBZ pilot that requires live bank feed cannot commence before Finanstilsynet grants registration. Sandbox testing can proceed now without AISP registration (PBZ sandbox does not require NCA credentials).
**HANFA note:** HANFA is Croatia's financial markets regulator (securities, insurance). Payment institution licensing in Croatia falls under HNB (Hrvatska Narodna Banka), not HANFA. Confusion between the two is common — ensure any PBZ-facing communication uses "HNB" as the regulatory reference.
**Estimated costs (Year 1, Tok/Croatia AISP):**
- Finanstilsynet fee: NOK 5,000–30,000 (~€500–€3,000)
- PII insurance: €800–€2,500/year
- QWAC/QSEAL certificates: €400–€1,300/year
- Total Year 1: approximately €3,500–€10,000 (excluding legal counsel)
**PSD3 risk:** PSD3 (expected 2026–2027) will likely tighten AISP obligations (enhanced consent flows, FIDA data expansion) but will not invalidate existing EEA passporting architecture. Monitor EBA consultation timelines; no action required before Finanstilsynet registration is complete.
---
## Evidence Base
All findings derive from verified source files:
- `/Users/makinja/ALAI/products/Bilko/docs/COMPETITIVE-RESEARCH.md` — FreeAgent/NatWest model, bank partnership economics, HR-FISK 2.0 urgency (v2.0, Feb 2026)
- `/Users/makinja/.claude/projects/-Users-makinja/memory/project_bilko_hr_competitor_intel_2026-05-10.md` — HR market 13-vendor map, banking shortlist confirmation, MC context
- `/Users/makinja/ALAI/products/Tok/docs/regulatory/croatia-hnb-aisp-guide.md` — AISP passporting path, Finanstilsynet timeline, costs, PBZ sandbox URL (verified 2026-03-03)
- `/Users/makinja/ALAI/products/Tok/docs/regulatory/balkan-aisp-comparison.md` — Croatia vs Serbia AISP comparison, EEA passporting table, cost matrices (verified 2026-03-03)
- `/Users/makinja/ALAI/products/Tok/CLAUDE.md` — Unified PI licence model: one Finanstilsynet registration covers Tok, Bilko, and Drop
- `/Users/makinja/ALAI/products/Bilko/CLAUDE.md` — Tok as Bilko's Open Banking provider (INTEGRATION-WITH-TOK.md reference confirmed)
**MC #8608** (PBZ/Premuz) and **MC #1934** (Tok AISP registration) are the two active blocking tasks that must run in parallel for this dossier to convert into a live pilot.