Ask any bookkeeper or accountant and amongst one of the top pain points is gathering and accessing client data! In the US we have over 11,000+ banking in Financial Institutions and the number is only increasing with the onset of new specialized banks. To put this into context from a personal level, last week I was helping out my own bookkeeper and with disparate data located in many platforms (Credit Card, Banks, Stripe, Paypal etc..) accessing data is simply a waste of time.
As the owner of Ledgersync and very close partner with MasterCard I am privy as to the bank’s technology future roadmap in terms of how they plan on sharing data. First let’s understand the bank’s dilemma when it comes to bank feed. On one hand the bank wants to service their customers (or risk looking like they are in the dark ages) and provide “open banking data on the other hand the bank has to balance security and the slew of third party fintech products. For example, the bank has to control access when a Read Only access login is added to an app such Venmo. At the same time keep in mind most banks are still operating on the motto of “If it ain’t broken don’t fix it” and the technologies they run on old technologies and migrations are super expensive and complex. With that being said, here are the Pros and Cons.
The new trend is that bank are moving to a direct API access. What does that mean? It means that rather than traditional screen scraping banks are now allowing a select few third party software providers access to their backend system. Banks such as Bank of America, Chase, Wells Fargo, US Bank, Citibank have paved the way.
What are the Pros and Cons?
1) The bank connections are stable with a 99% uptime.
2) Even if your client changes their password from my initial tests the connections remain in place.
3) The connections are far more secure as “password” information is no longer stored and used to access the bank account.
4) As new bank accounts are added they will automatically flow to apps such as Xero.
5) No more 2 Factor Authentication.
1) Access requires the account owner permission. Meaning that in order to access the bank data the account owner has to explicitly agree on the API to grant access to the bank data. Example, your client has to agree to share bank data with Xero.
2) Building on point #1, what I have seen is that READ ONLY access is now blocked since Read Only is not the account owner. Only the true account owner can connect the app (like Xero) to the bank.
3) The bank is in control. With screen scraping any developer can extract whatever data they wanted from the website, but when it comes to the API the bank controls what one can access. For example, Capital One’s API does not allow access to bank statements.
It will take years for all bank to convert to this model (one estimate I saw is that to build a bank API connection costed Bank of America $20M!) but with today’s financial system more or less dependent on Fintech products (mobile especially) banks have no choice but to move towards this model. Like all new technologies as we transition in the next few years to a banking system that is API driven, expect hiccups and new rules being introduced but at the end data access will be more simplified and less time consuming a welcoming sigh of relief for many in the accounting space.