FNB Izard County's mobile app fronts a roughly $230M community bank — five branches across Izard and Stone counties in north-central Arkansas, per the FDIC bank-find record and the OCC's 2023 CRA evaluation — and the Android package's .grip suffix (com.fnbizardcounty.grip, per the Play listing) marks it as one of a family of small-bank apps running on the same white-label platform. That sets the integration shape. There is no expectation, here, of a developer endpoint a third party can call cold. The integration rides the account holder's own consent.
Below is what the app actually exposes, the routes that genuinely apply to a small Arkansas national bank, and what comes back to you as deliverables. Compliance, access onboarding, and consent paperwork are part of the build — we handle them with you, they aren't the customer's homework.
What's actually in the app's data
Working from the Play Store feature list and the bank's own digital-banking pages, here is what's reachable for a consenting account. Granularity reflects what is shown to the account holder, not what the bank stores internally.
| Data domain | Where it sits in the app | Granularity | Why an integrator would want it |
|---|---|---|---|
| Balances across DDA, savings, loan and line-of-credit accounts | Account list and detail views | Real-time, per account | Cash-flow snapshots, reconciliation, treasury dashboards |
| Transaction history with user-added tags, notes, receipt photos | Transaction list; the metadata layer is bank-side, not local | Per-transaction | Categorisation, expense tooling, audit trails with attachments |
| Monthly statements (PDF) | Statements archive | Monthly | Bookkeeping, tax prep, retention policy fulfilment |
| Balance & activity alerts | Alerts settings | Threshold-triggered events | Treasury monitoring; webhook fan-out |
| Internal transfers between own accounts | Transfer flow | Real-time, per movement | Treasury automation; reconciliation closeout |
| Debit-card status (on/off, reorder) | Card services | Real-time toggle | Fraud response, card-lost workflows |
| Mobile-deposit records with check images | Deposit history | Per deposit, with front/back imagery | AR reconciliation, audit, dispute evidence |
Routes that actually apply here
Route A — consented session against the bank's own portal
The account holder authorises us, on their behalf, to maintain an authenticated session to my.fnbizardcounty.com and the mobile back-end. Balances, transactions, statements, transfer history and card status are all reachable from inside that session. The studio handles credential vaulting and the OAuth-style refresh layer the integration exposes on top; MFA and device-trust prompts are accounted for at enrolment time. Durability is tied to the white-label platform's release cadence — see the engineering notes for how we absorb that.
Route B — aggregator-mediated read where the customer already has a contract
If the integrating party already pays Plaid, MX, Finicity or Akoya, we read FNBIC through whichever of those networks covers it for the consenting customer. Coverage for a $230M Arkansas national bank varies network to network; we don't promise a network we can't actually pull through, and where coverage is thin Route A still works end-to-end.
Route C — native PDF statements as a low-effort fallback
Where the integration only needs end-of-month statement data — a common case for bookkeeping shops — we run a scheduled PDF fetch and parse against the consenting account. Statement layouts move slowly, so this leg is unusually durable.
For FNBIC specifically, the build leans on Route A. Route B layers in cleanly when the customer already runs an aggregator contract that lights up the bank; Route C is what we recommend if monthly cadence is all that's needed.
An adapter, sketched
The shape below is illustrative and gets confirmed against the consenting account during the build — field names and pagination semantics are pinned to what the portal actually returns, not what a generic banking SDK would assume.
# Illustrative outline — pinned to the real responses during the build.
session = portal.authenticate(
user_id, password,
mfa_callback=lambda prompt: vault.fetch_otp(prompt),
device_trust=device_profile, # avoids repeat step-up
)
accounts = session.list_accounts() # DDA, savings, loan, LOC
for account in accounts:
snapshot = session.balance(account.id)
rows = session.transactions(
account.id,
since="2026-01-01",
include_pending=True,
)
statements = session.statements(account.id, format="pdf")
if account.kind == "loan":
loan_view = session.loan_details(account.id) # accrual, next due
if account.kind == "loc":
loc_view = session.loc_details(account.id) # available credit
deposits = session.mobile_deposits(account.id) # with image refs
# Normalised to your schema, with a per-account-type adapter per kind,
# before anything hits your downstream pipeline.What ships
The handover for an FNBIC build, on the source-code track, is a working package not a deck. It contains:
- an OpenAPI specification covering account list, balance, transactions-by-range, statement fetch, transfer history, loan/LOC detail, and mobile-deposit retrieval;
- a protocol & auth-flow report documenting the portal session model, MFA challenge shapes and any device-trust steps observed during the build;
- runnable Python and Node.js source for every endpoint, wired against the consenting account and committed against a tagged release;
- an automated test suite covering happy path, expired session, MFA challenge, rate limiting and the per-account-type branches;
- interface documentation walking your engineers through deployment, credential rotation, and the monitoring hooks the build emits.
Compliance and data-retention guidance — what's logged, what isn't, how the consent record is kept — is part of the same handover.
Engineering notes specific to FNBIC
Three things we account for on this build that wouldn't apply uniformly to a larger institution:
- Per-account-type unification. DDA, savings, loan and LOC accounts share a single top-level list view in the app, but the portal exposes subtly different payloads underneath — accrued interest for loans, payoff and next-due-date semantics for LOC, posted vs available for deposit accounts. We unify them in the delivered schema rather than papering over the differences, so downstream tooling doesn't have to special-case at every layer.
- Re-validation against the vendor cadence. The
.gripplatform pushes front-end refreshes on a vendor schedule that isn't published to integrators. We attach a drift-check suite to the build: selectors, response shapes and the MFA challenge flow get exercised on cron, and drift trips an alert before the integration silently breaks. - Aggregator coverage scoped to what the customer actually has. Coverage for a roughly $230M Arkansas national bank is not uniform across Plaid, MX, Finicity and Akoya. We scope Route B to the network the customer holds a contract with — and if none covers FNBIC cleanly, Route A still delivers end-to-end against the consenting account.
Consent & the §1033 question
The dependable basis the integration runs on is the account holder's own authorisation to share their banking data. That authorisation is documented, consent-scoped (which accounts, which fields, how long), and revocable from either side. Access is logged. Data not needed for the agreed scope is not retained.
CFPB §1033 — the Personal Financial Data Rights rule — is the forward-looking piece, not present-tense governing law. The rule as finalised in late 2024 had a phased schedule keyed to data-provider asset size, was then enjoined by the Eastern District of Kentucky, and is now back in the Bureau's hands following the August 2025 advance notice of reconsideration (per the CFPB's own reconsideration page). There is no §1033 obligation FNBIC must publish against today; even under the finalised schedule a national bank of FNBIC's size sat outside the earliest large-data-provider tier. The build is designed so that, if a revived §1033 path lights up later for institutions of this size, the same adapter swaps to it without rewriting downstream pipelines. It does not depend on that happening.
GLBA's safeguards rule and FNBIC's own privacy notice still apply throughout. NDAs are signed where the build touches non-public material. Nothing is published or stored that the bank's own customer wouldn't already see on their statement.
Engagement & timing
Source-code delivery for an FNBIC build runs from $300, billed only after we hand the integration over and you've confirmed it works end-to-end against your consenting account; if you'd rather not host anything, our pay-per-call hosted endpoints expose the same data and bill only for actual usage, with no upfront fee.
Delivery cycle is one to two weeks once the consenting account is enrolled and the data scope is settled. Most of the calendar time goes into mapping the per-account-type fields and exercising the MFA and session-refresh paths against the live portal — we do that, you don't.
Tell us the data scope and how you want it delivered and we'll quote and start: send a short brief on /contact.html.
What we cross-checked
The regulatory profile here is pulled from the OCC's 2023 CRA evaluation and the FDIC bank-find record for charter #11252. The app's package identifier, store presence and feature list were taken from the Play Store listing for com.fnbizardcounty.grip. The §1033 framing is pinned to the CFPB's current reconsideration page rather than the 2024 finalisation announcement, so the regulatory state described here is what the Bureau itself says today, not the headline from a year and a half ago.
- OCC Community Reinvestment Act evaluation, FNB of Izard County (April 2023)
- FDIC bank-find record — The First National Bank of Izard County (charter #11252)
- FNB Izard County on Google Play (com.fnbizardcounty.grip)
- CFPB — Personal Financial Data Rights Reconsideration
Integration-desk mapping · OpenBanking Studio · 2026-05-20.
Adjacent community-bank apps
If you're building a unified integration that touches several small Arkansas or regional community banks alongside FNBIC, the apps below sit in the same surface family — similar account types, similar feature sets, similar integration shape. Listed for ecosystem context, not ranked.
- Arvest Mobile Banking — Arvest Bank, the largest Arkansas-headquartered regional, with broadly comparable consumer surfaces (balance, transactions, statements, card controls, deposit).
- Centennial Bank — Conway-based regional with checking, savings, loan and card-control data integrated through its own mobile app.
- Simmons Bank — Pine Bluff-based multi-state regional, similar consumer and treasury surfaces.
- First Security Bank — Searcy, Arkansas community bank with a feature set close to FNBIC's: deposit, transfers, alerts, card controls.
- Bank OZK Go — large Arkansas-headquartered regional, richer treasury layer over the same balance/transaction/statement primitives.
- First Community Bank — multi-state Arkansas/Missouri community bank with a mobile portal of comparable shape.
- CSB Arkansas Mobile — Citizens State Bank Arkansas, another small-community-bank app in the same size band.
- CBNA Mobile Banking — also distributed under a
.grippackage, which makes it a useful structural comparator when scoping cross-bank schema work.
Questions an integrator usually asks here
How does the build handle FNB Izard County's mobile-deposit history, including the check images?
Deposit records and the front/back check images live behind the same authenticated session as the rest of the account view. We pull them under the account-holder's authorisation, store image binaries against your retention policy (not ours), and expose them on the same OpenAPI endpoint shape as transactions so reconciliation tooling treats them uniformly.
Even if CFPB §1033 is revived, does a $230M bank like FNBIC have to expose a developer endpoint?
Under the rule as finalised before the stay, the largest data providers were phased in first by asset size; a roughly $230M national bank sat well outside that early tier. Whatever comes out of the CFPB's current reconsideration, the integration here does not assume FNBIC will publish a developer endpoint — the consenting-customer route is the dependable basis.
What happens if FNBIC pushes a new release of its online-banking front end mid-engagement?
The .grip platform refreshes on a vendor cadence we don't control; we expect drift. The build includes a drift-check suite that exercises selectors, response shapes and the MFA flow on a schedule, so when the front end moves we update the affected adapter, not the whole integration. Maintenance after handover is priced separately.
Can you scope the pull to just the loan and line-of-credit accounts, not the DDAs?
Yes — we set the data scope per account type at consent time, so the integration only ever reaches what the account holder has authorised. Loan amortisation, payoff and next-due-date, and LOC available-credit fields are first-class in the schema we deliver.
App profile — FNB Izard County (factual recap)
- Issuer: First National Bank of Izard County, Calico Rock, AR (per OCC and FDIC records).
- Android package:
com.fnbizardcounty.grip(per the Google Play listing). - iOS: App Store id 1578942990 (per the Apple App Store listing).
- Listed features (per Play): transaction tagging, notes, receipt photos; balance alerts; internal transfers; debit-card on/off and reorder; monthly statement view/save; branch and ATM locator; financial-account aggregation; mobile deposit; sign-in via 4-digit passcode or biometric on supported devices.
- Owner: Wyatt Bancshares (per the OCC's 2023 CRA evaluation).
If your project touches FNB Izard County's data and you'd rather not stand up the session, MFA, schema and re-validation layers yourselves, the fastest next step is a short brief on /contact.html with the accounts you need and the cadence you need them at.