SpareBank1 Partnership Pitch
Drop x Sparebanken — Partnership Proposal
Prepared by: ALAI Holding AS Date: February 2026 Contact: Alem Bašić, CEO — alem@alai.no Confidential
The Opportunity
There are 1 million immigrants living in Norway. They send 5.7 billion NOK home every year. They shop at 30,000+ immigrant-owned businesses across the country.
Today, they use Western Union (5-10% fees), Wise (no local presence), or cash. Their local shops pay Vipps 1.75-2.75% per transaction. Neither side is well-served.
Drop fixes both — in one app.
What is Drop?
Drop is a fintech app for everyone in Norway with two core features:
1. Remittance
Send money to family abroad. Receiver needs no app — money arrives to their bank account or cash pickup point.
- Fee: 0.5% (vs 5-10% Western Union, 0.7-1.5% Wise)
- Corridors: Serbia, Bosnia, Pakistan, Turkey, Poland, and more
- Speed: 1-2 business days
2. QR Merchant Payments
Pay at local shops by scanning a QR code. Cheaper than Vipps for merchants.
- Merchant fee: 1% (vs Vipps 1.75-2.75%)
- Settlement: Daily batch payout to merchant bank account
- Onboarding: 3 minutes — no hardware needed
The Flywheel
User sends remittance → gets familiar with Drop → pays at local shop with QR
Merchant accepts QR → recommends Drop → more users send remittance
→ REPEAT
No one in Norway combines remittance + QR payments. That's our edge.
Why Sparebanken?
We're not building another bank. We're building the interface for a community that banks don't reach effectively. But we need a banking partner to do it right.
What we need from Sparebanken:
| Capability | Purpose |
|---|---|
| Open Banking (PSD2) | AISP (account information) and PISP (payment initiation) |
| KYC/AML infrastructure | Compliant onboarding for users and merchants |
| Payment rails | Settlement, SEPA, domestic transfers |
| Regulatory umbrella | Operate under Sparebanken's licence (agent model) |
| Trust | A Norwegian bank brand behind the product |
What Sparebanken gets:
1. Access to an underserved 1M-person market Immigrants in Norway are underbanked in cross-border services. Drop is the distribution channel into this community — a community that trusts word-of-mouth over advertising.
2. New revenue stream — zero development cost
3. Innovation & ESG story Financial inclusion for immigrants is a powerful narrative. Sparebanken gets positioned as the bank that actually serves all of Norway — not just ethnic Norwegians.
4. Fintech partnership without the risk Drop builds and operates the product. Sparebanken provides infrastructure. Low investment, high upside.
Market Size
| Metric | Value | Source |
|---|---|---|
| Immigrants in Norway | ~1,000,000 | SSB |
| Annual remittance from Norway | 5.7 billion NOK | World Bank |
| Immigrant-owned businesses | 30,000-50,000 | SSB estimate |
| Average remittance transaction | ~1,000 NOK | World Bank |
| Vipps merchant fee | 1.75-2.75% | Vipps.no |
| Drop merchant fee | 1.0% | — |
Serviceable market (Year 1): Balkan + Pakistani diaspora in Oslo area = ~200,000 people, ~5,000 businesses.
Financial Projections
| Period | Users | Merchants | Monthly Revenue |
|---|---|---|---|
| Month 1-3 | 200 | 20 | 12,000 NOK |
| Month 4-6 | 1,000 | 80 | 50,000 NOK |
| Month 7-12 | 3,000 | 200 | 130,000 NOK |
| Year 2 | 8,000 | 500 | 330,000 NOK |
| Year 3 | 15,000 | 1,000 | 650,000 NOK |
Year 3 ARR: ~7.8M NOK
Revenue split model TBD — we propose 70/30 (Drop/Sparebanken) on transaction fees, with Sparebanken retaining 100% of float income and cross-sell revenue.
Competitive Landscape
| Remittance | QR Payments | Diaspora Focus | Bank Partner | |
|---|---|---|---|---|
| Vipps | No | Yes (expensive) | No | DNB |
| Wise | Yes | No | No | None in Norway |
| Western Union | Yes (expensive) | No | Yes (bad UX) | Various |
| Revolut | Yes (generic) | Limited | No | None in Norway |
| Drop | Yes (cheap) | Yes (cheap) | Yes (core) | Available |
Drop is the only product in Norway that combines remittance + QR payments. First bank partner gets exclusivity.
Detailed Comparison: Drop vs Alternatives
Why not PayPal?
| PayPal | Drop | |
|---|---|---|
| NOK → RSD/BAM corridor | Not supported | Core feature |
| NOK → PKR corridor | Limited, poor rates | Supported |
| Cross-border fee | 3-5% + currency markup | 0.5% flat |
| Receiver requirement | Must have PayPal account | No app needed — bank transfer or cash pickup |
| In-store QR payment | Not available in Norway | Core feature (1% merchant fee) |
| Target audience | No — generic global | Yes — built for everyone in Norway |
| Norwegian language | Partial | Full (nb/nn) |
| Local bank partner | None in Norway | SpareBank 1 (proposed) |
PayPal does not support the corridors that matter most to Norwegian diaspora (Balkans, Pakistan, Turkey). Drop is purpose-built for these communities.
Why not Revolut?
| Revolut | Drop | |
|---|---|---|
| Remittance | Person-to-person only (both need account) | Receiver needs NO app |
| Fee | 0.5-1.5% + weekend markup | 0.5% flat, no markup |
| Merchant payments | Limited (no QR in Norway) | QR code — 1% fee |
| Regulatory | Lithuanian banking licence | Norwegian bank partner (proposed) |
| Community | Generic fintech | Local community, word-of-mouth growth |
| Cash pickup | Not available | Planned for Phase 2 |
Revolut requires the receiver to also have a Revolut account. For a grandmother in rural Bosnia or Pakistan, that's not realistic. Drop sends directly to local bank accounts.
Why not Wise?
| Wise | Drop | |
|---|---|---|
| Fee | 0.7-1.5% (variable) | 0.5% flat |
| QR payments | None | Core feature |
| Merchant services | None | Dashboard, settlement, QR |
| Norwegian presence | No local office or support | Norwegian company, Norwegian bank |
| Community features | None | Locally-focused UX and corridors |
Wise is excellent for one-off international transfers but offers no merchant services, no QR payments, and no local banking relationship in Norway.
Security, Compliance & Trust
Regulatory Framework
Drop will operate under the agent model (betalingsforetak-agent) as defined in the Norwegian Financial Institutions Act (finansforetaksloven). This means:
| Aspect | Approach |
|---|---|
| Licence | SpareBank 1 holds the licence; Drop operates as registered agent |
| Regulator | Finanstilsynet (Norwegian FSA) |
| EU Directive | PSD2 compliant — Strong Customer Authentication (SCA) |
| Pass-through | Drop never holds customer money — PISP/AISP via Open Banking |
| Reporting | All regulatory reporting through SpareBank 1's existing infrastructure |
This model is proven — it's how Vipps originally launched under DNB's licence, and how several European fintech apps operate today.
AML/KYC — Anti-Money Laundering & Know Your Customer
| Requirement | Implementation |
|---|---|
| User onboarding | ID verification via BankID or passport + selfie |
| KYC provider | Flexible — Sumsub, Onfido, or SpareBank 1's existing KYC system |
| Risk scoring | Automatic risk assessment at onboarding based on country, amount, frequency |
| Transaction monitoring | Real-time screening against sanctions lists (EU, UN, OFAC) |
| Suspicious Activity Reports (SAR) | Automated flagging + manual review, reported to Enheten for finansiell etterretning (EFE) |
| PEP screening | Politically Exposed Persons check at onboarding and ongoing |
| Transaction limits | Tiered limits based on KYC level (basic: 10,000 NOK/month, full: 50,000 NOK/month) |
| Record keeping | All KYC data and transaction records stored for minimum 5 years per hvitvaskingsloven |
Data Protection & Privacy
| Aspect | Implementation |
|---|---|
| GDPR compliance | Full — data processing agreement (DPA) with SpareBank 1 |
| Data residency | All user data stored in EU/EEA (Norwegian data centres preferred) |
| Encryption in transit | TLS 1.3 for all API communication |
| Encryption at rest | AES-256 for stored personal data and credentials |
| Data minimisation | Only necessary data collected per GDPR Art. 5(1)(c) |
| Right to deletion | GDPR Art. 17 — users can request account deletion (except regulatory-required records) |
| Privacy policy | Norwegian and English, clearly written for non-native speakers |
Application Security
| Layer | Measure |
|---|---|
| Authentication | JWT tokens in httpOnly cookies (XSS-resistant) |
| Password storage | bcrypt hashing (never stored in plaintext) |
| SQL injection | Parameterised queries throughout (prepared statements) |
| Rate limiting | Per-IP rate limiting on all public endpoints |
| Input validation | Server-side validation on all user input |
| CORS policy | Strict origin policy — no wildcard |
| Dependency audit | Automated npm audit in CI/CD pipeline |
| Penetration testing | Planned before pilot launch — external auditor (e.g., mnemonic, NorSIS-certified) |
Audit & Certification Roadmap
| Milestone | Timeline | Description |
|---|---|---|
| Internal security review | Before pilot | Full codebase review, threat modelling |
| External penetration test | Before pilot | Third-party audit by certified Norwegian security firm |
| SOC 2 Type I | Within 6 months of launch | Controls documentation and assessment |
| SOC 2 Type II | Within 12 months | Operational effectiveness over time |
| ISO 27001 | Year 2 target | Information security management system certification |
| PCI DSS | If card issuing implemented | Payment card industry compliance |
Fraud Prevention
| Mechanism | Description |
|---|---|
| Velocity checks | Maximum transactions per hour/day per user |
| Amount thresholds | Transactions above threshold require additional verification |
| Device fingerprinting | Track trusted devices, flag new device logins |
| Geo-anomaly detection | Flag transactions from unusual locations |
| Recipient patterns | Alert on new recipients in high-risk corridors |
| Manual review queue | Flagged transactions reviewed by compliance team before processing |
Risk Assessment
| Risk | Probability | Impact | Mitigation |
|---|---|---|---|
| Corridor closure (geopolitical) | Low | High | Multi-corridor strategy; no single-country dependency; partner with multiple payment providers |
| Regulatory change | Medium | High | Agent model reduces direct regulatory burden; SpareBank 1 handles compliance changes |
| Fraud / money laundering | Medium | High | Multi-layer AML/KYC; real-time monitoring; transaction limits; SAR reporting |
| User account compromise | Medium | Medium | 2FA via BankID; device tracking; session management; instant account freeze |
| Technical outage | Low | Medium | Cloud-hosted with redundancy; health monitoring; <1h recovery target |
| Competition (Vipps enters remittance) | Medium | Medium | First-mover in diaspora niche; community lock-in; merchant network effect |
| Low adoption | Medium | Medium | Word-of-mouth growth model; community ambassadors; zero marketing spend needed for pilot |
| Partner bank exit | Low | High | Modular architecture allows switching BaaS provider; data portability by design |
Product Status
Drop MVP is built and functional:
- Next.js web app (mobile-first, installable as PWA)
- 22 API endpoints (auth, transactions, merchants, rates, recipients, cards)
- QR generation + scanning
- Merchant dashboard
- User dashboard with balance, send money, transaction history
Ready for: BaaS integration, compliance review, pilot launch.
Proposed Partnership Model
Phase 1: Pilot (3 months)
- 200 users, 20 merchants in Oslo
- Sparebanken provides sandbox BaaS environment
- Drop handles all development and user acquisition
- Joint compliance review
Phase 2: Launch (6 months)
- Full rollout in Oslo, Bergen, Trondheim
- Marketing co-funded (Drop leads, Sparebanken contributes brand)
- Target: 1,000 users, 80 merchants
Phase 3: Scale (12+ months)
- Nationwide rollout
- Additional corridors
- Cross-sell Sparebanken products to Drop users
- White-label option for other banks
About ALAI Holding AS
ALAI Holding AS is an AI-native digital agency based in Norway. We build software, design, and infrastructure — powered by AI at every level.
- Team: Lean, AI-augmented (lower costs, faster iteration)
- Track record: Shopify integrations, web platforms, API development
- Approach: Ship fast, iterate with real users, data-driven decisions
Next Steps
- Intro meeting — 30 min, virtual or in-person
- Technical deep-dive — Drop architecture + Sparebanken BaaS capabilities
- Compliance review — Joint assessment of regulatory requirements
- Pilot agreement — Terms for Phase 1
We're ready when you are.
ALAI Holding AS — We build digital. You build business. Confidential — Not for distribution