I also wonder about this myself, and my conclusion is that it probably increases the bank's systems attack surface for very little gain (in their eyes).
Very few people have the knowledge and interest in interacting with a bank's API, so there's little upside with a lot of downsides. Even if read-only, something like this has to be architected correctly and we all know this is most often not the case.
On the other hand, if businesses are built around these APIs, banks might perceive them as competition and no executive is going to choose to support them.
Even though I (and probably others in HN) can see the value in offering more modern banking features built in top of official APIs, just look at what has happened with e.g. Twitter's API and others. Eroding your own vendor lock-in is generally frowned-upon by most companies, no matter how much we believe it might be win-win for everyone.
Very few people have the knowledge and interest in interacting with a bank's API, so there's little upside with a lot of downsides. Even if read-only, something like this has to be architected correctly and we all know this is most often not the case.
On the other hand, if businesses are built around these APIs, banks might perceive them as competition and no executive is going to choose to support them.
Even though I (and probably others in HN) can see the value in offering more modern banking features built in top of official APIs, just look at what has happened with e.g. Twitter's API and others. Eroding your own vendor lock-in is generally frowned-upon by most companies, no matter how much we believe it might be win-win for everyone.