SpareBank1 Partnership Pitch Drop x Sparebanken — Partnership Proposal Prepared by: ALAI Holding AS Date: February 2026 Contact: Alem Bašić, CEO — alem@alai.no Confidential The Opportunity There are 1 million immigrants living in Norway. They send 5.7 billion NOK home every year. They shop at 30,000+ immigrant-owned businesses across the country. Today, they use Western Union (5-10% fees), Wise (no local presence), or cash. Their local shops pay Vipps 1.75-2.75% per transaction. Neither side is well-served. Drop fixes both — in one app. What is Drop? Drop is a fintech app for everyone in Norway with two core features: 1. Remittance Send money to family abroad. Receiver needs no app — money arrives to their bank account or cash pickup point. Fee: 0.5% (vs 5-10% Western Union, 0.7-1.5% Wise) Corridors: Serbia, Bosnia, Pakistan, Turkey, Poland, and more Speed: 1-2 business days 2. QR Merchant Payments Pay at local shops by scanning a QR code. Cheaper than Vipps for merchants. Merchant fee: 1% (vs Vipps 1.75-2.75%) Settlement: Daily batch payout to merchant bank account Onboarding: 3 minutes — no hardware needed The Flywheel User sends remittance → gets familiar with Drop → pays at local shop with QR Merchant accepts QR → recommends Drop → more users send remittance → REPEAT No one in Norway combines remittance + QR payments. That's our edge. Why Sparebanken? We're not building another bank. We're building the interface for a community that banks don't reach effectively. But we need a banking partner to do it right. What we need from Sparebanken: Capability Purpose Open Banking (PSD2) AISP (account information) and PISP (payment initiation) KYC/AML infrastructure Compliant onboarding for users and merchants Payment rails Settlement, SEPA, domestic transfers Regulatory umbrella Operate under Sparebanken's licence (agent model) Trust A Norwegian bank brand behind the product What Sparebanken gets: 1. Access to an underserved 1M-person market Immigrants in Norway are underbanked in cross-border services. Drop is the distribution channel into this community — a community that trusts word-of-mouth over advertising. 2. New revenue stream — zero development cost Share of remittance fees (0.5% per transaction) Share of QR merchant fees (1% per transaction) Cross-sell opportunity: savings accounts, loans, insurance for Drop users 3. Innovation & ESG story Financial inclusion for immigrants is a powerful narrative. Sparebanken gets positioned as the bank that actually serves all of Norway — not just ethnic Norwegians. 4. Fintech partnership without the risk Drop builds and operates the product. Sparebanken provides infrastructure. Low investment, high upside. Market Size Metric Value Source Immigrants in Norway ~1,000,000 SSB Annual remittance from Norway 5.7 billion NOK World Bank Immigrant-owned businesses 30,000-50,000 SSB estimate Average remittance transaction ~1,000 NOK World Bank Vipps merchant fee 1.75-2.75% Vipps.no Drop merchant fee 1.0% — Serviceable market (Year 1): Balkan + Pakistani diaspora in Oslo area = ~200,000 people, ~5,000 businesses. Financial Projections Period Users Merchants Monthly Revenue Month 1-3 200 20 12,000 NOK Month 4-6 1,000 80 50,000 NOK Month 7-12 3,000 200 130,000 NOK Year 2 8,000 500 330,000 NOK Year 3 15,000 1,000 650,000 NOK Year 3 ARR: ~7.8M NOK Revenue split model TBD — we propose 70/30 (Drop/Sparebanken) on transaction fees, with Sparebanken retaining 100% of float income and cross-sell revenue. Competitive Landscape Remittance QR Payments Diaspora Focus Bank Partner Vipps No Yes (expensive) No DNB Wise Yes No No None in Norway Western Union Yes (expensive) No Yes (bad UX) Various Revolut Yes (generic) Limited No None in Norway Drop Yes (cheap) Yes (cheap) Yes (core) Available Drop is the only product in Norway that combines remittance + QR payments. First bank partner gets exclusivity. Detailed Comparison: Drop vs Alternatives Why not PayPal? PayPal Drop NOK → RSD/BAM corridor Not supported Core feature NOK → PKR corridor Limited, poor rates Supported Cross-border fee 3-5% + currency markup 0.5% flat Receiver requirement Must have PayPal account No app needed — bank transfer or cash pickup In-store QR payment Not available in Norway Core feature (1% merchant fee) Target audience No — generic global Yes — built for everyone in Norway Norwegian language Partial Full (nb/nn) Local bank partner None in Norway SpareBank 1 (proposed) PayPal does not support the corridors that matter most to Norwegian diaspora (Balkans, Pakistan, Turkey). Drop is purpose-built for these communities. Why not Revolut? Revolut Drop Remittance Person-to-person only (both need account) Receiver needs NO app Fee 0.5-1.5% + weekend markup 0.5% flat, no markup Merchant payments Limited (no QR in Norway) QR code — 1% fee Regulatory Lithuanian banking licence Norwegian bank partner (proposed) Community Generic fintech Local community, word-of-mouth growth Cash pickup Not available Planned for Phase 2 Revolut requires the receiver to also have a Revolut account. For a grandmother in rural Bosnia or Pakistan, that's not realistic. Drop sends directly to local bank accounts. Why not Wise? Wise Drop Fee 0.7-1.5% (variable) 0.5% flat QR payments None Core feature Merchant services None Dashboard, settlement, QR Norwegian presence No local office or support Norwegian company, Norwegian bank Community features None Locally-focused UX and corridors Wise is excellent for one-off international transfers but offers no merchant services, no QR payments, and no local banking relationship in Norway. Security, Compliance & Trust Regulatory Framework Drop will operate under the agent model (betalingsforetak-agent) as defined in the Norwegian Financial Institutions Act (finansforetaksloven). This means: Aspect Approach Licence SpareBank 1 holds the licence; Drop operates as registered agent Regulator Finanstilsynet (Norwegian FSA) EU Directive PSD2 compliant — Strong Customer Authentication (SCA) Pass-through Drop never holds customer money — PISP/AISP via Open Banking Reporting All regulatory reporting through SpareBank 1's existing infrastructure This model is proven — it's how Vipps originally launched under DNB's licence, and how several European fintech apps operate today. AML/KYC — Anti-Money Laundering & Know Your Customer Requirement Implementation User onboarding ID verification via BankID or passport + selfie KYC provider Flexible — Sumsub, Onfido, or SpareBank 1's existing KYC system Risk scoring Automatic risk assessment at onboarding based on country, amount, frequency Transaction monitoring Real-time screening against sanctions lists (EU, UN, OFAC) Suspicious Activity Reports (SAR) Automated flagging + manual review, reported to Enheten for finansiell etterretning (EFE) PEP screening Politically Exposed Persons check at onboarding and ongoing Transaction limits Tiered limits based on KYC level (basic: 10,000 NOK/month, full: 50,000 NOK/month) Record keeping All KYC data and transaction records stored for minimum 5 years per hvitvaskingsloven Data Protection & Privacy Aspect Implementation GDPR compliance Full — data processing agreement (DPA) with SpareBank 1 Data residency All user data stored in EU/EEA (Norwegian data centres preferred) Encryption in transit TLS 1.3 for all API communication Encryption at rest AES-256 for stored personal data and credentials Data minimisation Only necessary data collected per GDPR Art. 5(1)(c) Right to deletion GDPR Art. 17 — users can request account deletion (except regulatory-required records) Privacy policy Norwegian and English, clearly written for non-native speakers Application Security Layer Measure Authentication JWT tokens in httpOnly cookies (XSS-resistant) Password storage bcrypt hashing (never stored in plaintext) SQL injection Parameterised queries throughout (prepared statements) Rate limiting Per-IP rate limiting on all public endpoints Input validation Server-side validation on all user input CORS policy Strict origin policy — no wildcard Dependency audit Automated npm audit in CI/CD pipeline Penetration testing Planned before pilot launch — external auditor (e.g., mnemonic, NorSIS-certified) Audit & Certification Roadmap Milestone Timeline Description Internal security review Before pilot Full codebase review, threat modelling External penetration test Before pilot Third-party audit by certified Norwegian security firm SOC 2 Type I Within 6 months of launch Controls documentation and assessment SOC 2 Type II Within 12 months Operational effectiveness over time ISO 27001 Year 2 target Information security management system certification PCI DSS If card issuing implemented Payment card industry compliance Fraud Prevention Mechanism Description Velocity checks Maximum transactions per hour/day per user Amount thresholds Transactions above threshold require additional verification Device fingerprinting Track trusted devices, flag new device logins Geo-anomaly detection Flag transactions from unusual locations Recipient patterns Alert on new recipients in high-risk corridors Manual review queue Flagged transactions reviewed by compliance team before processing Risk Assessment Risk Probability Impact Mitigation Corridor closure (geopolitical) Low High Multi-corridor strategy; no single-country dependency; partner with multiple payment providers Regulatory change Medium High Agent model reduces direct regulatory burden; SpareBank 1 handles compliance changes Fraud / money laundering Medium High Multi-layer AML/KYC; real-time monitoring; transaction limits; SAR reporting User account compromise Medium Medium 2FA via BankID; device tracking; session management; instant account freeze Technical outage Low Medium Cloud-hosted with redundancy; health monitoring; <1h recovery target Competition (Vipps enters remittance) Medium Medium First-mover in diaspora niche; community lock-in; merchant network effect Low adoption Medium Medium Word-of-mouth growth model; community ambassadors; zero marketing spend needed for pilot Partner bank exit Low High Modular architecture allows switching BaaS provider; data portability by design Product Status Drop MVP is built and functional : Next.js web app (mobile-first, installable as PWA) 22 API endpoints (auth, transactions, merchants, rates, recipients, cards) QR generation + scanning Merchant dashboard User dashboard with balance, send money, transaction history Ready for: BaaS integration, compliance review, pilot launch. Proposed Partnership Model Phase 1: Pilot (3 months) 200 users, 20 merchants in Oslo Sparebanken provides sandbox BaaS environment Drop handles all development and user acquisition Joint compliance review Phase 2: Launch (6 months) Full rollout in Oslo, Bergen, Trondheim Marketing co-funded (Drop leads, Sparebanken contributes brand) Target: 1,000 users, 80 merchants Phase 3: Scale (12+ months) Nationwide rollout Additional corridors Cross-sell Sparebanken products to Drop users White-label option for other banks About ALAI Holding AS ALAI Holding AS is an AI-native digital agency based in Norway. We build software, design, and infrastructure — powered by AI at every level. Team: Lean, AI-augmented (lower costs, faster iteration) Track record: Shopify integrations, web platforms, API development Approach: Ship fast, iterate with real users, data-driven decisions Next Steps Intro meeting — 30 min, virtual or in-person Technical deep-dive — Drop architecture + Sparebanken BaaS capabilities Compliance review — Joint assessment of regulatory requirements Pilot agreement — Terms for Phase 1 We're ready when you are. ALAI Holding AS — We build digital. You build business. Confidential — Not for distribution