First National Bank of Milaca runs a four-office national-charter footprint out of Mille Lacs County, Minnesota — Milaca, Isle, Gilman, and Zimmerman — and the Android build at com.fnbmilaca.grip (with an iOS twin on the App Store) is the front door for checking, savings, debit-card, and e-statement members. The work this page describes is pulling that member-side data into a fintech, a personal-finance dashboard, or a small-business accounting feed. You give us the target app and what you want from its data. The route, the access path, and the deliverable come from our side.
The dependable basis is the member's own authorization — not a regulatory access right we're banking on being in force. The build runs against a consented session, with FDX-shaped normalization layered on top so a downstream consumer can switch between FNB Milaca and any other US bank without rewriting their ingest.
Where the bank's data sits
The app's own Play and App Store copy names the surfaces plainly. Balance alerts. Payments to companies and friends. Internal transfers. Mobile check deposit. Debit-card reorder and turn-off. Monthly statements. Branch and ATM lookup. The bank's mobile-banking page adds two details that matter to an integrator: a transaction-history download into Quicken or QuickBooks, and a chat-like in-app messaging surface for sensitive document exchange. That second one is rare in a community-bank app and worth knowing about before you scope the build.
| Data domain | Where it surfaces in the app | Granularity | Use for an integrator |
|---|---|---|---|
| Account balances | Account list on the home screen | Per account, near-real-time at session refresh | PFM, cash-flow forecasting, business reconciliation |
| Posted transactions | Transaction list per account; Quicken/QuickBooks export | Date, amount, description, running balance, channel hint | Categorization, spend analysis, accounting ingest |
| Monthly e-statements | Statements tab | PDF per cycle; older history bounded by the bank's retention window | Underwriting evidence, tax preparation, record-keeping |
| Debit-card state | Card management screen | Card status (on / off), reorder events | Card-lifecycle telemetry, fraud-response tooling |
| Transfers & payees | Transfer & Pay; bill-pay and P2P forms | Source/target account, amount, scheduled date, payee identity | Recurring-payment detection, payee-name normalization |
| Branch & ATM locator | In-app map | Static geo data | Low-value for most integrations; useful only for branded clients |
Routes that fit a small national bank
Four routes are realistic for a bank of this shape. The studio picks one as the spine and uses the others where they extend coverage.
1. Member-consented session against the bank's digital channel
The bank issues a session token to the consenting member, the build runs inside that scope, and the data crosses the boundary in the same shapes the app already sees. This is the spine. It covers balances, transactions, statements, transfers, and card state, and it does not depend on a regulatory access right that isn't currently in force. Effort: medium. Durability: high while the bank's session model stays stable.
2. FDX consumer-permissioned data sharing through an aggregator
Where FNB Milaca's accounts are reachable through Plaid, MX, Finicity, or Akoya, the FDX path gives a normalized account-and-transaction feed without bespoke parsing. Coverage among small community banks is uneven — we confirm during scoping which aggregators actually reach the bank and at what fidelity. Effort: low when coverage exists. Durability: high.
3. Authorized protocol analysis of the app's traffic
For fields the consent gateway doesn't surface — statement-PDF bytes, card-on-file state, the specific shape of a payee record — we run an authorized analysis of the app's own request and response surface in a controlled environment. The artefacts feed into the OpenAPI spec we hand over. Effort: medium. Durability: medium; subject to the bank's front-end churn.
4. Native portal export as a fallback
The bank documents a Quicken / QuickBooks transaction download. For an accounting-side use case, this is a serviceable CSV/QFX feed that needs no token at all, only the member's existing login. We use it as a fallback when the consented session is overkill for the consumer's actual need.
An example call from the build
Illustrative pseudo-code. Real field names, auth verbs, and token lifetimes are confirmed during the build against the bank's actual surface, not assumed here.
# Pull balances, recent transactions, and the latest e-statement
# during a consented FNB Milaca session.
session = open_consent_session(
member_id=fnb_member_id,
scope=["accounts:read", "transactions:read", "statements:read"],
redirect_uri="https://your.app/callback",
)
# 1. Accounts visible to this member (consumer DDA, savings, debit cards)
accounts = session.get("/v1/accounts", params={"include": "balance"}).json()
# 2. Ninety days of posted transactions on the chosen DDA
acct_id = accounts["data"][0]["id"]
for tx in session.get(
f"/v1/accounts/{acct_id}/transactions",
params={"from": "2026-03-01", "limit": 200},
).json()["data"]:
yield normalize_fdx(tx) # date, amount, description, running_balance, channel
# 3. Latest monthly e-statement as PDF bytes
pdf_bytes = session.get(
f"/v1/accounts/{acct_id}/statements/latest"
).content
# 4. Handle expiry inline rather than waiting for the next sync
if session.expires_in < 60:
session.refresh(prompt_on_failure=True)
Source we hand over
For FNB Milaca, the package is shaped to the bank's actual surfaces, not a generic template. It includes:
- An OpenAPI / Swagger spec covering the endpoints the build touches — accounts, balances, transactions, statements, transfers, card-state read.
- A protocol and auth-flow report: how the consent gateway issues and refreshes tokens, what MFA prompts look like, and where the session ends.
- Runnable Python or Node source for account list, transaction sync, statement fetch, and a transfer-status read. Tests included.
- A normalization layer that maps the bank's native field names into FDX-flavored shapes, so a downstream PFM can hold one schema across FNB Milaca and any other US bank.
- Automated tests covering the auth happy path, paging on a 200-transaction window, expired-consent recovery, and statement-boundary cases at month-end.
- Interface documentation with field-level notes, retry and throttle behavior, and a short maintenance runbook the next engineer can actually use.
OCC, FDX, and §1033 in context
FNB Milaca is OCC-supervised and FDIC-insured under certificate 5198 (per FDIC BankFind). For an integration, the dependable basis is the member's own express, scoped, revocable authorization — not a future federal access right.
The CFPB's Personal Financial Data Rights rule under §1033 sits in agency reconsideration. The compliance dates that originally would have phased in by institution asset size were stayed by court order in October 2025, and the CFPB published an Advance Notice of Proposed Rulemaking in August 2025 covering representative status, fee assessment, data security, and data privacy (per the CFPB's reconsideration page). A community bank of FNB Milaca's size would have sat in a later cohort even under the original schedule; more practically, the rule isn't in force, so it isn't the thing the build leans on. The Financial Data Exchange (FDX) standard is the de facto US shape the consumer-permissioned path tracks, and that's where we land the normalization layer regardless of how §1033 settles. Consent records, audit logs, and data-minimization defaults are wired into the delivery so the build holds up under whatever framework arrives.
Notes from the build side
A handful of FNB Milaca specifics we account for so the consumer doesn't have to:
- Mixed consumer and small-business roles behind one login. The app surfaces both consumer DDAs and small-business deposit accounts to the same member identity. We tag the role on the way in and split the normalized account lists so a consumer ingest and a small-business ingest don't cross-wire.
- Write-side actions held to their own scope. Mobile check deposit and "turn off my card" are mutations, not reads. We separate those scopes from read-only data sync, so a PFM build doesn't accidentally hold privileges to change card state.
- Older statements bound by the bank's retention window. The portal exposes a finite history. For a use case that needs deeper history, we capture and store statements on the consumer's side from the date of first integration forward, which is the only honest way to build up a long record for a small community bank.
- Quiet vendor changes get caught quickly. Community-bank front ends shift without notice — a redesigned statements tab, a new MFA prompt. We schedule a walk of the integration after delivery so a silent change at the bank doesn't surface a week later as a parse error.
How an engagement runs
Delivery for a community-bank integration of this size runs one to two weeks from scope sign-off. Source-code delivery starts at $300 — runnable code, tests, and the auth-flow write-up, paid after delivery once the integration runs against your environment. The hosted alternative is pay-per-call against our endpoints, with no upfront fee, and is the right pick when you want the maintenance burden to sit on our side rather than yours. Access arrangements — sandbox, member of record, NDA where you need one — are handled with you during scoping, not as a prerequisite list. The next step is a short scope conversation: tell us what you want from FNB Milaca's data and we'll come back with a numbered plan and a price.
Update cadence after delivery
Maintenance is included on the hosted path and optional on the source-delivery path. The default schedule runs a weekly contract test against the live surface and a monthly review of the normalization layer. If the bank's front end changes — a tab moves, a field gets renamed — the test fails before the change reaches your downstream ingest, and we patch the integration before the next sync window. Cadence is configurable; weekly is just the default that catches the most common churn without producing noise.
What we read before writing this
Sources we opened to write this page, on the date in the byline below:
- FNB Milaca — Mobile Banking (data surfaces, in-app messaging, mobile check deposit)
- Google Play — FNB Milaca (com.fnbmilaca.grip) (package identity, feature list)
- FDIC BankFind — First National Bank of Milaca, cert 5198 (charter, supervisor, founding year)
- CFPB — Personal Financial Data Rights Reconsideration (regulatory status of §1033)
OpenBanking Studio integration desk · 30 May 2026
Nearby community-bank apps in the same family
Other Minnesota and upper-Midwest community-bank apps that sit in a similar integration shape — small OCC- or state-chartered institutions, member-consented digital channels, FDX-flavored aggregator coverage. A unified integration spans them with one normalized schema and per-bank adapters.
- Sherburne State Bank Mobile — a Princeton, MN community bank with a comparable consumer feature set.
- First National Bank Minnesota — a separate Minnesota community bank with overlapping naming and a similar digital posture.
- Minnco Credit Union — East Central Minnesota credit union; same regional member base, credit-union side of the ledger.
- Community Bank Mankato Mobile — southern-Minnesota community bank with mobile balances, transfers, and check deposit.
- Minnesota Lakes Bank Mobile — Lakes-area community bank, similar small-footprint integration shape.
- First Bank & Trust Mobile — multi-state community bank (SD / MN) with comparable consumer surfaces.
- Stearns Bank Mobile — central-Minnesota community bank with consumer and small-business sides under one login.
- Highland Bank Mobile — Twin-Cities-metro community bank, similar digital channel.
- Bremer Bank Mobile — larger regional bank in the same geography, useful as the higher-volume comparator.
Common questions from FNB Milaca integrators
Which fields in the FNB Milaca app are worth pulling for a personal-finance use case?
The account list with current balances, ninety days of posted transactions per DDA, and the latest monthly e-statement PDF cover the bulk of a PFM ingest. The biller list and saved payees from the Transfer & Pay flow are useful for spend categorization.
Does the size of FNB Milaca's footprint affect how the build is scoped?
It is a four-office OCC-chartered national bank, so the surface is small and predictable. We scope to the consumer or small-business product set you actually need rather than mapping everything the app exposes.
How does the integration handle consent expiry on a member's session?
Member consent is scoped at the time it is granted and refreshed during the consented session. The build wires the refresh path and surfaces a re-consent prompt the moment the gateway returns an expiry, so the downstream feed does not go cold without a signal.
Can the same integration cover both consumer and small-business accounts at FNB Milaca?
Yes, but we treat them as separate scopes. Consumer DDAs and small-business deposit accounts sit behind the same login, and we wire the role on the way in so a consumer's account list and a small-business user's account list don't get cross-wired in the normalized shape.
FNB Milaca: app profile
FNB Milaca is the consumer and small-business mobile app of First National Bank of Milaca, an OCC-supervised national bank headquartered in Milaca, Minnesota, with offices in Isle, Gilman, and Zimmerman. The app is published under com.fnbmilaca.grip on Android and is also available on the App Store. Per the app's own description, it covers balance alerts, payments to companies and individuals, internal transfers, mobile check deposit by photographing the front and back of a check, debit-card reorder and turn-off, monthly statement viewing, branch and ATM lookup, and account security via 4-digit passcode or biometric on supported devices. Per the bank's website, the online channel adds a chat-like in-app messaging surface and a transaction-history export into Quicken or QuickBooks.
Mapping reviewed 2026-05-30.