The UK and EU have both adopted effectively what you describe under PSD2 - the UK banks in particular were forced by their competition and markets regulator (CMA) to adopt open interoperable APIs.

The end result, now it's available, is that you have 2 levels of API access. One is for access to account information (I tend to think of this as read-only access), and the other is to allow for "payment initiation" (think of it as write access, although not a perfect analogy).

An account information service provider (AISP) can do things like aggregate bank accounts into one view, across different banks. A payment service initiation provider (PISP) can create payment gateways and initiate payments against a bank account using an authenticated session (enabling direct bank payment online, without needing a debit or credit card and the associated infrastructure around that).

You can't just rock up and access the APIs though - I believe you need to get your application approved and engage with the regulator, which is probably for the better, to avoid the "app store problem" of loads of apps springing up in the API ecosystem, asking for permission, then just leeching data to third parties after you apparently consent on page 46 of their terms.

This is the template for US financial regulators and legislators to implement. Plaid is filling a regulatory vacuum.

It's a vacuum that encourages banks to continue sabotaging, foot dragging, and target moving.

The result is middle apps that are forced to use sketchy anti-patterns like screen scraping and asking for user/pass instead of each bank issuing a per-app token. The banks are just fine with this because anything that explodes will be the middle app's fault and they want to preserve their otherwise moatless situation. Consumers can't really tell banks apart so they have to force retention.

From my view, PSD2 has been slowly and terribly introduced. Would love to hear from some people who are AISPs or PISPs though.

The problem isn't banks not having APIs, the problem is not having standard APIs for accessing them. The situation wouldn't be any better if every bank had its own proprietary API, hence why Plaid exists.

The situation would be better than it is now, even with every bank implementing their own proprietary API. As it is now, the APIs may or may not exist - and a lot of times the fall-back for these services is web-scraping, using the same full access credentials the user has to use to log in otherwise. It's a security nightmare and it's fragile.

At least if the bank implements some sort of API that means some thought was probably given toward using tokens instead username/password, and some thought was given toward scoping the APIs - at least into read-only and read-write capable access.

Although if you read between the lines in some of the service descriptions and backend documentation, a lot of what Plaid (and Yodlee, and others) do is now a mix of scraping and private APIs the banks provide, but those APIs are only available to commercial entities they've signed a relationship with.

Obviously the ideal is public standardized APIs all banks provide with established security-focused practices and read-only limited data access as an option. But proprietary per-bank APIs available to the general public would be a good step forward.

> The situation would be better than it is now, even with every bank implementing their own proprietary API.

Well, I think that would barely change everything on the consumer side. Nobody is going to go through and integrate with the hundreds of credit unions and local banks just for their app - if anything it only encourages a few extra companies enter the battle with Plaid.

Hopefully FedNow fills this void, at least for the U.S. market. https://www.frbservices.org/financial-services/fednow/about....

Chase is the only big US bank I'm aware of which lets you give Oauth tokens with limited permissions to third parties.

Capital One and Citi both have OAuth APIs that permit different levels of permissions.

And the Capital One flow was utter crap the last time I had to program against it. A past company I was in used a Plaid competitor that suddenly had to implement Capital One flow, which was utter shit, including their (Capital One) Sandbox environments that basically didn't work.

Banks are so held in last century technology...

FDX is an emerging standard. You can see the members of the group here: https://financialdataexchange.org/FDX/The%20Consortium/FDX/T...

Quite a few in Canada.

What is the bank's incentive to offer this? Answer that and you'll have the answer to your question.

I see it as a differentiator and unique competitive advantage. New banks aren't solely competing on interest rates and fees, but also on social and personal interests.

I'll post a snippet we recently added to our pitch deck:

> Accounts like those catering specifically to the LGBTQ+ community (https://joindaylight.com), the Black community (https://firstboulevard.com), individuals interested in supporting renewable energies (https://www.tomorrow.one/en-EU/), and social media creators (https://www.trykarat.com/) have proliferated. Retail accounts catering to the unique wants and needs of software developers is a natural next step.

Wells Fargo worked with Plaid to implement a direct API (incl. oauth) because it meant Plaid would no longer hold onto the credentials of millions of WF customers.

Regarding Canada, there has been some (slow, small) progress in this area. https://www.canada.ca/en/financial-consumer-agency/services/...

The only way this will happen in the US is if Congress requires it. The vast majority of the infrastructure to make it happen already exists. Especially with the large custodial banks offering “white label” services.

The Federal Reserve could go ahead and do exactly this without Congress's help. You know, actually serve the people and come up with a solution to the changing times like they did with ACH back in the 1970s. That's probably asking too much of our leaders though.