Skip to main content

RACI Matrix

RACI Matrix: Drop — Fintech Payment App

Project: Drop — Remittance + QR Payments Version: 1.0 Date: 2026-02-23 Author: John (AI Director) Status: Approved Reviewers: Alem Bašić (CEO)

Document History

Version Date Author Changes
0.1 2026-02-23 John Initial draft — Drop-specific roles and activities

1. Purpose

This RACI matrix defines responsibility assignments for all Drop project activities. Drop is an AI-native internal product of ALAI Holding AS. Most "team" roles are filled by AI agents coordinated by John (AI Director). Alem Bašić (CEO) is the sole human, responsible for strategic decisions, partnerships, and regulatory submissions.

Conflict resolution: Disputes escalate to John (AI Director), then Alem (CEO) for strategic/financial issues.

2. RACI Definitions

Letter Role Definition
R Responsible Does the work
A Accountable Ultimately answerable; one per activity
C Consulted Provides input; two-way communication
I Informed Kept updated; one-way communication

3. Project Roles

Role Code Role Title Person / Agent Notes
CEO Chief Executive Officer Alem Bašić Strategic decisions, partnerships, budget, regulatory submissions
JD AI Director John (Claude Opus) Delivery accountability, architecture, agent coordination
BUILD Builder Agent Claude Sonnet (per-task) Feature implementation, API routes, frontend
VAL Validator Agent Claude Sonnet (per-task) Testing, validation, code review (read-only)
SEC Security Agent Claude (per-sprint) Threat modelling, security audit, compliance checks
LEGAL Legal Agent Claude (as needed) Regulatory review, document drafting
FIN Finance Agent Claude (as needed) Budget analysis, financial projections
EXT External Advisor TBD (human) Legal advisor for Finanstilsynet, BaaS contracts

4. RACI Matrix — Project Phases & Activities

4.1 Project Initiation & Planning

Activity / Deliverable CEO JD BUILD VAL SEC LEGAL FIN EXT
Project Charter I A C
Project Brief I A C C
Budget approval A C R
Risk Register (initial) I A C C C
RACI Matrix I A
Stakeholder identification C A R
Communication Plan I A

4.2 Requirements & Analysis

Activity / Deliverable CEO JD BUILD VAL SEC LEGAL FIN EXT
Business Requirements Document (BRD) C A R R
Functional Requirements (FRS) C A R C
Non-Functional Requirements C A R C
User Stories I A R
Acceptance Criteria I A R C
Requirements Traceability Matrix I A R C
Regulatory requirements mapping C C A R

4.3 Architecture & Design

Activity / Deliverable CEO JD BUILD VAL SEC LEGAL FIN EXT
System architecture (ADRs) I A R C
Database schema design I A R C
API contract design I A R C
Security architecture I C A
PSD2 pass-through model design I A R C C
UI/UX design (Figma) I A
Infrastructure design (Fly.io / Docker) I A R

4.4 Development

Activity / Deliverable CEO JD BUILD VAL SEC LEGAL FIN EXT
Backend API routes (26 endpoints) A R C
Frontend pages (Next.js — 10 screens) A R
Database schema + migrations A R C
Authentication (JWT + BankID mock) A R C
Remittance flow implementation A R C
QR payment flow implementation A R C
Merchant dashboard implementation A R
Feature flags implementation A R
CI/CD pipeline (GitHub Actions) A R
Docker containerisation A R
Code review A R
Unit test writing A R C

4.5 Security Hardening (Phase 0.5)

Activity / Deliverable CEO JD BUILD VAL SEC LEGAL FIN EXT
Security audit (full codebase) I C A
JWT secret hardening A R C
CVV/card data removal A R C
CSRF protection implementation A R C
Rate limiting (persistent) A R C
CSP headers implementation A R C
Session management A R C
Demo credential removal A R C
Compliance documentation (gap analysis) I C A R
Penetration testing (pre-launch) I C C A

4.6 Testing & QA

Activity / Deliverable CEO JD BUILD VAL SEC LEGAL FIN EXT
Test strategy I A C R C
Test plan I A C R
Unit tests (Vitest — 40 tests) A R C
Integration tests (20+ tests) A R C
E2E tests (Playwright — 3 projects) A C R
Performance tests (benchmarks) A C R C
Security tests (input chaos) A C R A
Regression tests A R C
Definition of Done validation A R
Go/No-Go decision A C R C

4.7 Compliance & Regulatory

Activity / Deliverable CEO JD BUILD VAL SEC LEGAL FIN EXT
PSD2 regulatory gap analysis C C R A
GDPR compliance review C C C A
AML/KYC compliance setup C C C A R
Finanstilsynet PISP/AISP registration A C C R
Legal terms + privacy policy C C A
BaaS partner contract negotiation A C C R

4.8 Deployment & Launch

Activity / Deliverable CEO JD BUILD VAL SEC LEGAL FIN EXT
Deployment checklist I A C C C
Staging deployment (Fly.io) I A R C
Production deployment I A R R C
Monitoring + alerting setup I A R
App Store submission (iOS) I A R
Google Play submission (Android) I A R
Go-live communication A C
Merchant onboarding (200 targets) A I
Post-launch monitoring (48h) I A R

4.9 Post-Launch & Maintenance

Activity / Deliverable CEO JD BUILD VAL SEC LEGAL FIN EXT
Post-launch review (30 days) C A R R
Bug fix triage + resolution I A R C
Performance optimisation I A R C
Lessons learned documentation I A R R C C C
Incident response I A R C
Monthly financial reporting A C R
User feedback analysis C A R
Project closure sign-off A C

5. Escalation Matrix

Escalation Level Trigger Escalate To Response Time
L1 Task-level blocker John (JD) 4 hours
L2 Architecture/scope dispute John (JD) 4 hours
L3 Strategic/financial decision Alem (CEO) 24 hours
L4 Legal/regulatory blocker Alem + External Advisor 48 hours

Approval

Role Name Date Signature
Author John (AI Director) 2026-02-23 Approved (AI)
AI Director (John) John 2026-02-23 Approved
Project Sponsor / CEO Alem Bašić TBD
Back to top