
Plaid Launches in the UK - jessedhillon
https://blog.plaid.com/plaid-in-the-uk/
======
lapusta
Open Banking is a big buzzword at the moment. It is good to distinguish
different aspects of it:

1) Regulation. What you heard as "PSD2" \- is essentially a directive by
European Commission and EBA demanding banks to open up access to accounts data
and payment initiation. Neither it defines by what means this access should be
provided, nor when it should be available - each European country Central Bank
can decide on its own.

2) Technical Specification. Examples are OpenBanking UK specification or The
Berlin Group - would be groups of banks or local regulators trying to define
common standards. Think of interface definition that describes both APIs as
well as journeys/workflows.

3) Compliance. In the EU some of the banks (mostly large ones) are now
required to be PSD2 compliant, which means they would need to expose their
APIs through the standards described above. In the US, where there is no such
requirement - the only way to access the bank account is to emulate a browser.

4) Third-Party Providers or Aggregators (Plaid, Teller, Tink, SaltEdge,
Bud...) - would essentially provide access to the accounts of multiple banks
via APIs. If you look at Plaid in the US - their codebase is probably 50%+
screenscraping/user emulation scripts in order to retrieve your accounts from
e.g. Bank of America. For the EU fin-techs its a bit better, but still depends
per country (remember Berlin Group vs UK OpenBanking?).

~~~
Nursie
> would be groups of banks or local regulators trying to define common
> standards

Why 'would be' just out of interest?

AFAICT Open Banking is an organisation that has been given a mandate by the UK
government, through the competition and marketing authority, and is funded by
the nine largest retail banks. In the UK it _is_ the defacto standard, and
compliance of the CMA 9 is mandatory.

While there is so far no consistent standard across the EU, at least within
the UK this one is set and pretty much non-negotiable.

(Disclaimer - I have consulted with Open Banking and continue to do so, but of
course I do not speak on their behalf)

\-- edit --

I'm particularly interested in this -

> Third-Party Providers or Aggregators (Plaid, Teller, Tink, SaltEdge, Bud...)
> - would essentially provide access to the accounts of multiple banks via
> APIs.

As AFAICT this would be explicitly disallowed unless all the users of said
APIs are themselves accredited. You can't just get accredited for PSD2/OB API
use, then expose that information to non-accredited entities. If this is what
Plaid are doing then I wouldn't expect their accreditation to last all that
long.

~~~
lapusta
> Why 'would be' just out of interest?

The scenario is typically the following. After the EU Commission approves the
directive, each country has to transform it into the national law and define
the authority/approach/timelines. In the case of the UK, it's indeed the way
you've described.

> As AFAICT this would be explicitly disallowed unless all the users of said
> APIs are themselves accredited.

In UK Plaid would have to follow the OpenBanking regulation indeed and provide
access according to the consent of the account owner. In the US they are just
storing your password and using it according to their privacy policy.

~~~
Nursie
I'm not sure they would be allowed to provide access to another party _at all_
, if the other party wasn't accredited, regardless of consent.

I'm sure they've looked into this with their lawyers, but acting as an escape
route for banking data to non-approved entities is not likely to be smiled
upon.

~~~
cormac_q
They are allowed to provide access but with a few stipulations:

Firstly, the consumer _must_ be aware that they are sharing their data via
Plaid (i.e. Plaid can't hide behind the scenes).

Secondly, there are certain exceptions for needing to be regulated by the FCA
- particularly if you don't show any data back to the user.

In practice, it makes sense to be regulated by the FCA regardless because
asking to share bank information/transactions with Plaid can turn users off
and you're limited with what you can do with that data without being
regulated/authorised.

Source: Fintech founder in the UK/Ireland.

~~~
Nursie
I find that surprising, given the lengths OB go to to ensure that only
registered, accredited entities can participate in using their APIs. I'm not
saying you're wrong, just that I find it surprising.

(Source, I consult with OB and have a hand in their PKI, I don't speak for
them and I'm not part of or informed well about anything to do with the
regulatory environment)

------
sschueller
Use at own risk* [1]

[1]
[https://github.com/plaid/link/issues/68](https://github.com/plaid/link/issues/68)

~~~
fortytw2
There's legitimately no alternative, "secure" way to access someone's banking
data other than by asking for a username/password and then 'impersonating'
them / asking for 2FA codes etc etc. As a commenter on the issue says, there
is no oauth-esque mechanism implemented by banks.

I think plaid is the lesser evil when compared to rolling all of that on your
own for N different banking institutions.

~~~
ChrisSD
Have you read about
[https://www.openbanking.org.uk/](https://www.openbanking.org.uk/)

The nine largest banks and building societies are required to participate.
Many others do so voluntarily.

~~~
weberc2
What percentage of the world's banks are covered? Or perhaps what percentage
of the world's population banks in those covered institutions? Or perhaps what
percentage of the total banked wealth (terminology?) is held in covered
institutions?

~~~
ChrisSD
On an article titled "Plaid Launches in the UK" I would assume the most
relevant territory is "the UK".

But if instead the question is "what's the alternative" the answer is
"government intervention" as shown by the UK.

~~~
weberc2
It depends on the audience. Many businesses don't want to restrict themselves
exclusively to the subset of UK banks that follow that initiative. And
government intervention is hardly a pragmatic solution (how many companies can
afford to lobby every government in which they'd like to do business?).

------
dmix
I don't have anything to say about the product/launch but that homepage is one
of the better designs for a marketing website I've design in a while.

The typography on the docs page is excellent:
[https://plaid.com/docs/quickstart/](https://plaid.com/docs/quickstart/)

~~~
Silhouette
It looks OK if you have your browser set to the default 16px font size. If
not, that page might not look good at all, because unfortunately it uses a
fixed line-height but keeps the browser-configured font-size.

------
leoc
In the UK, 'Plaid', capitalised and in writing, usually refers to
[https://en.wikipedia.org/wiki/Plaid_Cymru](https://en.wikipedia.org/wiki/Plaid_Cymru)
. It's not pronounced the same as 'plaid' though.

~~~
ChrisSD
Yes this link was not what I initially expected. My first thought was that
Plaid Cymru was expanding to the whole of the UK, not just Wales.

~~~
sgt101
Interesting to understand what you imagined the objectives of such an
expansion would be?

~~~
twic
The Irish Nationalist Party once got an MP elected in Liverpool:

[https://en.m.wikipedia.org/wiki/T._P._O%27Connor](https://en.m.wikipedia.org/wiki/T._P._O%27Connor)

In that case, the objective was to argue for home rule for Ireland. And to
look out for the large Irish community in Liverpool.

------
fauigerzigerk
Doesn't Open Banking
([https://www.openbanking.org.uk](https://www.openbanking.org.uk)) make this
sort of middleman unnecessary in the UK?

~~~
celticninja
Open Banking means you can access your own banks API, however if you have a
lot of customers and you need to access lots of different APIs from different
banks then you use an intermediary 3rd party, e.g TrueLayer and you use their
API to access the open banking API of the customers bank.

~~~
fauigerzigerk
I don't think that's entirely correct. Open Banking means that all
participating banks allow access via the same API, which is documented here:

[https://openbanking.atlassian.net/wiki/spaces/DZ/pages/16320...](https://openbanking.atlassian.net/wiki/spaces/DZ/pages/16320694/Open+Data+API+Specifications)

The biggest UK banks have a legal obligation to participate and many smaller
ones are participating as well.

I can see why a third party API gateway would still be useful internationally
though.

------
chrisseaton
Plaid is how most people refer to Plaid Cymru, a Welsh nationalist political
party, in the UK.

~~~
subhero
And to me as a continental european, Plaid always triggers
[https://youtu.be/LU8seZlfhw4](https://youtu.be/LU8seZlfhw4)

;)

------
jeandenis
Would love to hear from HNers in Europe (and elsewhere) which countries Plaid
should go to next!

And also what the biggest pain points are to building fintechs in other
markets.

~~~
Nursie
Presuming you are from Plaid - can you tell me what your position is on what I
think I'm seeing - OpenBanking APIs opened up to non-accredited organisations
using yourselves as a gateway - and whether that's in keeping with your
accreditation?

I.E. The APIs available in the UK are designed to open data up to competition,
but only within the limits of those orgs that are FCA accredited for PSD2
Roles of various sorts. Are you allowed to let others piggyback on those?

------
dan1234
Looks interesting but there doesn’t seem to be al list of supported banks?

Pretty happy with Truelayer ([https://truelayer.com](https://truelayer.com))
but more competition is always better.

------
segah
Am I missing something or have Yodlee and Intuit account aggregation have
provided this service now for more than a decade?

------
rahimnathwani
Plaid has registered as an AISP ('Account Information Service Provider'),
which means that they can register for and use the Open Banking APIs provided
by UK banks.

These APIs use an authorisation flow similar to what you see when you 'Login
with Google' or 'Login with Facebook'. At some point in that flow, you are
redirected to your bank's web site to allow access, and to select the
account(s) for which you are allowing access. At this point, you are on your
bank's web site, you can check the URL to make sure you're not being phished.

On the face of it, it seems like any company that's building on top of bank
transaction data should just register as an AISP themselves, as the
integration with Open Banking APIs doesn't look that complicated. But Plaid is
one of a number of third parties that insert themselves in between.

In general these services suggest some combination of (i) easier integration,
i.e. less development and maintenance, (ii) additional intelligence on top of
the raw data, e.g. categorisation of transactions, (iii) no need for
maintenance.

There's one obvious con: the AISP's logo has to be shown in the authorisation
flow. So, even if your users know you, they might not be willing to share
their information with 'Plaid' or whichever third party AISP you've chosen.

I don't know how real the development/maintenance/integration issues are. I
could imagine that registering with 30+ banks and testing your code against
all of them might be a hassle. But if their API backends all behave in the
same way, then maybe you just need configuration parameters for the endpoint
and token(s). If their backends have slightly different behaviour, though,
then perhaps you need to branch your code based on the bank.

One thing that's encouraging about Plaid entering this space: their free tier
appears to support up to 100 bank accounts for free. This should be enough for
anyone who wants to set up their own self-hosted Mint equivalent. And, if all
the accounts are in the UK, then you're giving Plaid just read-only access to
your accounts, which is much less of an issue than providing your login
credentials to them or another party.

In case you're curious to see which other companies have registered as AISPs
or PSPs (payment service providers), the full list of third party providers is
available here: [https://www.openbanking.org.uk/provider-categories/third-
par...](https://www.openbanking.org.uk/provider-categories/third-party-
providers/)

------
fyfy18
Anyone know how this compares to Teller
([https://teller.io/](https://teller.io/))?

~~~
Nursie
Teller is a system which relies on screen scraping and taking your passwords
(AFAICT, though the comment below says they use the mobile APIs, it's much the
same regardless).

In the UK this is no longer necessary and FCA accredited organisations (Or
qualified organisations from across the EU) can gain access to Bank APIS which
allow much easier, programmatic access with much more granular access and far
fewer security implications.

IIRC teller have also been subject to blocking and possible lawsuits from
various banks for their scraping activities and are not well liked in the
industry.

(--edit-- I am rate limited here so cannot respond below, just to say that if
OB APIs are not performant, that'll likely be down to the participating banks.
I would expect them to improve over time.

I'm not trying to say teller is illegal - I doubt very much that it would have
survived this long if it were illegal - simply that the security model is not
so great and the banks don't like it and continue to try to block it. 'Stevie'
would probably do well to get himself accredited before the banks find a way
to keep him out permanently.)

~~~
lol768
Stevie does address some of the legal side in a comment here:
[https://news.ycombinator.com/item?id=14606475](https://news.ycombinator.com/item?id=14606475)

>In the UK this is no longer necessary and FCA accredited organisations (Or
qualified organisations from across the EU) can gain access to Bank APIs which
allow much easier, programmatic access with much more granular access and far
fewer security implications.

I don't have a horse in this race, but in my experience the Open Banking APIs
are:

* Not performant

* Poor at handling and reporting errors

* Limited in their functionality

------
SifJar
Is there a list of supported UK banks anywhere?

~~~
gertrunde
They are leveraging the Open Banking API, which the nine biggest banks are
legally required to support.

The Open Banking website lists 34 banks that currently support it.

------
unfunco
Da iawn! bendigedig!

------
dx7tnt
You should launch in Wales: Plaid Cymru!

------
bad_name_throw
Same name as a nationalism party in Britain - not going to be popular with a
lot of people...

~~~
sgt101
Plaid Cymru are unlikely to stir negative associations with anyone in Britain.
They are no menace to democracy!

~~~
bad_name_throw
Nationalism doesn't have a great track record...

~~~
sgt101
I think that Welsh independence would probably not be optimal, but I am pretty
confident that it wouldn't be malign.

