That's what OFX was supposed to provide, but realistic support never arrived. Even banks which allow you to download OFX format searches fail at complying with basics of the standard. (https://www.ofx.net/)
Not really, considering it doesn't enforce a single, consistent API, so most companies will still use something like TrueLayer (our local equivalent of Plaid) to aggregate all these separate APIs into a single consistent one.
Furthermore, "open" banking is very misleading because it's only open to corporations with deep pockets to obtain an AISP license/certification*, but doesn't even allow the account holder to gain API access to their own account. Unless you're lucky enough to be with a modern bank that provides that as a feature (which is legally separate from Open Banking, though often it's the same API), your only workaround is to sign up for TrueLayer yourself just to access your own account through them.
* given the "deep pockets" requirement, it almost forces all the account aggregator apps/services (Emma, Yolt, etc) to have a somewhat scummy business model and monetize the captured data. Wouldn't it have been nicer that you didn't need deep pockets to gain read-only access, so that an indie developer could make such an account aggregator and not have to resort to a scummy business model to fund the certification/compliance expenses?
> Not really, considering it doesn't enforce a single, consistent API, so most companies will still use something like TrueLayer (our local equivalent of Plaid) to aggregate all these separate APIs into a single consistent one.
That's not quite true. The CMA9 have to follow the Open Banking spec, and some other non-cma9 banks have decided to follow the same spec. In practise, there's some deviation from the spec between the banks (in part, due to ambiguity in the spec), but it's not like they're all pulling their own spec out of the air.
> Furthermore, "open" banking is very misleading because it's only open to corporations with deep pockets to obtain an AISP license/certification*, but doesn't even allow the account holder to gain API access to their own account. Unless you're lucky enough to be with a modern bank that provides that as a feature (which is legally separate from Open Banking, though often it's the same API), your only workaround is to sign up for TrueLayer yourself just to access your own account through them.
The 'deep pockets' don't need to be as deep as implied. I think it's <~£3k. It's not something that only big companies can afford, but I agree, it's not something that an individual would use to test out an idea, which would push them towards something like TrueLayer.
Do you have any more details? If this is indeed the price and it's a one-time cost without costly maintenance overheads (such as ongoing audits) I might just pay that to be able to release simple money management or just better UIs than the existing banks (even modern bank's apps have gotten worse lately as they try to push their "premium" offerings - looking at Monzo specifically here).
Yes, it's only 'open' to FCA registered entities, which is an entirely reasonable requirement given how easy it is for scammers to get people to give away the keys to the kingdom.
So no, it wouldn't have been nicer, it would have been a scammers delight.
And yes, it does require a consistent API, thought it's perhaps open to a bit too much interpretation.
> given how easy it is for scammers to get people to give away the keys to the kingdom
Restricting API access doesn't help. There are plenty of idiots out there who willingly install remote access software on their computers/phones, fall for "authorized push payment" fraud when scammers tell them to move their money to a "safe account" or to pay overdue "taxes" (gullibility taxes?) over the phone and even use the two-factor card readers despite the "do not use over the phone" text being printed right on them.
I'm not sure how read-only API access would benefit scammers (if people can be tricked into granting API access, they will usually just as well install remote access software or just do the payments manually) but it would open up a nice field of self-contained, on-device money management apps that don't need significant corporate (most likely VC) backing with all the (usually) nasty ramifications that entails.
> I'm not sure how read-only API access would benefit scammer
Information leaks are always useful to scammers, extortionists, blackmailers etc. It's one reason we protect financial info.
Like the other poster said, VC money isn't really needed, though the process of getting accredited with the FCA is more than just paying for a license. The Open Banking Implementation Entity (or just Open Banking Ltd, whatever they're calling themselves at the moment) may be able to help you go through the accreditation process if you approach them, they were certainly talking about doing that for people a couple of years back.
And before that you can sign up to their public sandbox service as a "Technical Service Provider" to start developing against the ecosystem, for nothing (I've done this though I've not really used the capability for anything).(You may need a Ltd company for this, can't remember off the top of my head)
