How to Build an Expense Management App Like Ramp or Brex in 2026

Corporate cards were boring for 40 years. Amex dominated, Chase and Citi did the rest, and finance teams wrestled with paper receipts and spreadsheet expense reports. Then Ramp and Brex proved that bundling cards with software creates a new category: vertical expense automation. By 2025 Ramp crossed $500M ARR, Brex was a public IPO candidate, and Navan, Airbase, and Mercury Expense all carved out meaningful niches.

The playbook is known now. Issue cards, offer meaningful cash-back or points (typically 1 to 2% funded by interchange), provide modern software for receipts and approvals, and sell a SaaS layer on top. Interchange is your biggest revenue stream. SaaS is the second. Float and FX is the third. If you do it well, blended unit economics are 60 to 80% gross margin.

The opportunity in 2026 is not a horizontal Ramp competitor. That market is saturated. The opportunity is vertical: construction expense plus Procore, healthcare expense plus HCPCS auto-tagging, agency expense with project-level retainer accounting, nonprofit expense with grant tracking, trucking expense with IFTA mileage and fuel tax workflows. These verticals are willing to pay 2 to 3x Ramp's pricing for the workflow they actually need. For cost context, read our expense platform cost guide.

Every expense platform has the same six-layer architecture. You can differentiate on UX, workflow, or vertical, but the underlying layers do not change much:

• Identity and KYB: Business verification, beneficial ownership, OFAC screening, US and international support.
• Card issuing: Physical and virtual card programs, spend controls, MCC and vendor restrictions, real-time auth hooks.
• Transaction ingestion and enrichment: Real-time ingestion from your card processor, merchant category enrichment, vendor normalization.
• Receipt capture and matching: Mobile camera OCR, email forwarding (receipt@yourcompany.com), Gmail and Outlook plug-ins, auto-matching to transactions.
• Policy engine and approvals: Rule-based policies, approval chains, exceptions, auto-approve thresholds.
• GL sync and reporting: Field mapping, export schedules, close acceleration, audit trails.

You will spend 60% of your engineering time on layers 3 to 5. Layer 1 to 2 are mostly commodity providers with integration work. Layer 6 is where customers spend most of their time and where retention lives. Obsess over it.

Your BIN sponsor and issuing processor are the most important vendor decision you make. This is a multi-year commitment and migrating is painful.

Marqeta is the incumbent. Powers DoorDash, Instacart, Square, Affirm, Uber. Most flexible feature set. Real-time auth hooks (DAA), programmatic velocity controls, advanced fraud controls. Downsides: higher setup costs ($25K to $100K typical), enterprise sales cycle, monthly minimums that hurt early-stage startups. Best for companies past $10M in annualized card volume or with complex auth requirements.

Stripe Issuing is the founder-friendly default. $0.10 per authorized transaction, $3 per physical card, Celtic Bank as BIN sponsor (US) or Stripe Payments Europe (EU). Clean API. Fast time-to-first-card. Best for companies starting out or with standard auth flows.

Lithic is the scrappy alternative with competitive pricing, Patriot Bank as sponsor, and a strong API. Similar feature set to Stripe Issuing with more flexibility in certain areas. Good middle-ground choice.

Unit is a banking-as-a-service platform that bundles card issuing with bank accounts, which is a cleaner path if you want to offer cash management (spend accounts, ACH, wires). Similar pricing to Stripe Issuing with broader scope.

Choose based on your roadmap. If you want cash management eventually, start with Unit. If you want enterprise flexibility, start with Marqeta. For most early-stage expense apps, Stripe Issuing is the pragmatic start.

Receipt matching is the feature customers use every day. Get it right and they forgive other rough edges. Get it wrong and they churn.

OCR vendors in 2026: Veryfi ($0.08 to $0.20 per receipt, strong accuracy, fast, includes line-item extraction), Mindee ($0.10 to $0.25 per receipt, solid European coverage), Nanonets ($0.15 to $0.35 per receipt, highly customizable), GPT-4o Vision ($0.01 to $0.03 per receipt but less consistent on noisy mobile captures).

Matching logic: start with exact match on amount plus date plus vendor. If no match, fuzzy match within ±48 hours and ±5% amount. If still no match, surface to the user with a drag-and-drop UI. Build a continuous feedback loop that learns from user corrections.

Email forwarding: spin up a receipts@[customer].spendcorp.com address per company. Ingest emails, parse PDF and image attachments, run OCR, auto-match. Gmail and Outlook add-ins are similar (use Gmail Add-ons API, Outlook JavaScript API). Budget 120 to 200 engineering hours for a robust email ingestion pipeline.

Error handling: receipts are messy. Coffee stains, crumpled paper, poor lighting. Give users a clear UI for correcting OCR errors, flagging expenses without receipts, and batch-uploading receipts at end of month. 30 to 50% of receipts require some level of user intervention, and that is fine if the UX is good.

The policy engine is where Ramp and Brex flex. Build something clean or you lose deals to incumbents.

Policy definition language: let finance teams define policies in plain English that compiles to rules. Example: "All meals over $50 require manager approval. All travel expenses over $500 require VP approval. All recurring subscriptions require CFO approval." Build a UI, compile to JSON rules, evaluate on every transaction.

Approval flows: sequential (manager then VP then CFO), parallel (any two approvers), conditional (route based on amount or category). Build a state machine in your backend (XState, or a custom FSM library) to track approval state. Support reassignment, delegation, and out-of-office handoff.

Auto-approval: 40 to 70% of transactions can auto-approve if they fit policy. Define thresholds. Use LLMs (Claude, GPT-4o) to interpret receipt descriptions against policy rules, flagging potential violations. Keep human override always available.

Slack and Teams integration: approvals live in chat, not email. Build Slack bot (Bolt framework) and Teams bot (Microsoft Bot Framework) that pushes approval requests inline. One-click approve or reject from chat. This is table stakes for modern expense workflow.

For related workflow patterns, see our bookkeeping app guide.

GL sync is where your deal dies or thrives. Finance teams will not switch unless your QuickBooks, Xero, NetSuite, or Sage Intacct integration is production-grade.

QuickBooks Online is easiest. OAuth, REST API, decent docs. Budget 60 to 120 hours for initial integration. Handle webhooks for real-time updates. Support both Simple Start and Advanced tiers. Be careful with account-level vs company-level mappings.

Xero is clean. OAuth 2.0, REST API. Dedicated integrations team responds fast. Budget 40 to 80 hours. Watch out for their per-day rate limits.

NetSuite is the most painful. SuiteTalk (SOAP) and SuiteScript (server-side JS) are both options. Token-based auth (TBA) is standard. Every customer's NetSuite instance is heavily customized. Budget 200 to 400 hours for initial integration plus 40 to 80 hours per customer implementation.

Sage Intacct is expensive to integrate but customers pay premium. REST API is decent, XML API is legacy. Budget 120 to 200 hours.

Design your integration layer as a generic abstraction with vendor-specific adapters. Do not spread GL-specific logic across your codebase. Centralize the schema mapping, field naming conventions, and export logic. This pays off massively when you add adapter number 5 or 6.

You will lose 0.1 to 0.5% of authorized volume to fraud if you are not careful. A $100M card program with 0.3% fraud loss is $300K per year in chargebacks and disputes.

Stack: Sardine, Unit21, or Hawk AI are the three dominant fraud platforms in 2026. $5K to $25K per month plus per-transaction fees. They watch transaction patterns, flag anomalies, and reduce chargebacks by 40 to 70% compared to baseline.

In-house augmentation: build your own features specific to your vertical. For example, construction expense patterns look nothing like agency expense patterns. Custom ML models on your own transaction graph can detect vertical-specific fraud signals that horizontal tools miss.

Chargeback management: build tooling to collect evidence (receipts, IP addresses, device fingerprints, delivery confirmations), submit dispute responses through Marqeta or Stripe, track win rates. Chargeback operations is a full-time job past 10K transactions per month. Budget 0.5 to 1.0 FTE.

Compliance: SOC 2 Type 2 in year one, PCI DSS (SAQ D or use tokenization to stay SAQ A), BSA/AML program (even if you are an agent of a licensed BIN sponsor, you have program obligations), OFAC screening on every business and beneficial owner, 1099-K reporting for customers above thresholds.

See our HR payroll system guide for adjacent compliance patterns.

A realistic 12-month roadmap from kickoff to 100 paying customers:

• Month 0 to 3: Expense tracking MVP without cards. OCR, approvals, QuickBooks sync. Sell as SaaS at $15 to $30 per user per month. Get 5 to 10 design partners.
• Month 3 to 6: Layer in cards via Stripe Issuing. Offer to existing SaaS customers at no additional SaaS fee (you earn interchange). Launch card program in month 5 to 6.
• Month 6 to 9: Add Xero and NetSuite integrations. Launch Slack and Teams approvals. Sign first 25 customers.
• Month 9 to 12: SOC 2 Type 2, Sage Intacct, advanced policy engine, vertical workflow (your wedge). Hit 100 customers.

Pricing: charge $15 to $30 per user per month for SaaS with cards included. For vertical plays, bundle workflow features at $50 to $120 per user per month. Annual prepay for 15 to 20% discount. No long contracts for SMB, 12-month minimum for mid-market.

GTM channels: content marketing to CFOs and controllers, partnerships with vertical ISVs (Procore for construction, AdvancedMD for healthcare), affiliate deals with bookkeeping firms, direct outbound to your vertical. Paid acquisition is expensive and low-trust in fintech. Focus on earned trust.

Our SOC 2 for startups guide covers the compliance path. If you want help scoping your vertical wedge and GTM sequencing, book a free strategy call.