Every AI bookkeeping demo you’ve seen ends the same way: “just connect your bank.” That connection hands a third-party system read access to your live account. Sometimes write access. For a small business or a lean B2B team, that’s a risk that doesn’t need to exist. Here’s a pattern that gives you the same automation — categorised transactions, draft journal entries, VAT flags — without any of that exposure.
What “connect your bank” actually means
Open Banking aggregators (Plaid, TrueLayer, Yapily and others) use OAuth tokens to pull your transaction feed in real time. The token scope is usually accounts, transactions, and sometimes payments. You authorise it once and forget it. The aggregator stores a refresh token that stays valid for 90 days or more.
That token is a credential. If the aggregator is breached, or if the AI platform you’ve bolted it to is breached, an attacker sees your full transaction history and — depending on scope — may be able to initiate payments. For most small businesses the risk is low in absolute terms. But the upside of the live feed is mostly convenience, not capability. You can get the same bookkeeping output from a file you export yourself.
The statement-drop pattern
The idea is simple. You export a statement, drop it in one place, and automation handles everything after that. No credentials shared. No persistent connection. The AI only ever sees a file you chose to give it.
Here’s how it works in practice:
- You log into your bank yourself and export a CSV or OFX statement — weekly, fortnightly, whatever suits you.
- You drop that file into a watched folder: a shared drive, a specific email inbox, or an upload endpoint you own.
- An automation picks it up, parses the rows, and sends each transaction to an AI model for categorisation.
- The model returns structured output — category, VAT treatment, confidence score — which writes into your accounting system or a review spreadsheet.
- You approve or correct. Done.
The AI never touches your bank. It reads a file. That’s the whole boundary.
What the automation actually does with each row
Each transaction row becomes a prompt. A minimal version looks like this:
POST https://api.openai.com/v1/chat/completions
{
"model": "gpt-4o-mini",
"response_format": { "type": "json_object" },
"messages": [
{
"role": "system",
"content": "You are a UK bookkeeping assistant. Categorise the transaction below using standard nominal codes. Return JSON with fields: nominal_code, category_name, vat_treatment (standard, exempt, zero, outside), confidence (0-1), notes."
},
{
"role": "user",
"content": "Date: 2026-06-14. Description: AMAZON WEB SERVICES EMEA. Amount: -43.20 GBP. Account: Business Current."
}
]
}
A typical response:
{
"nominal_code": "7504",
"category_name": "Computer & Internet Costs",
"vat_treatment": "outside", // AWS charges from Luxembourg: outside scope for UK VAT
"confidence": 0.91,
"notes": "Reverse charge may apply if VAT-registered. Confirm with accountant."
}
Run that for every row in the CSV. Anything with confidence below 0.75 goes into a short review queue. Everything else posts automatically. In a real build for a UK supply-chain operator, this approach saved 30 minutes per document conservatively — and that’s before volume compounds.
Parsing the CSV before you send it
Most UK bank exports use a simple comma-separated format. A Barclays business export, for example, has columns in this order:
Number,Date,Account,Amount,Subcategory,Memo
Strip the header row, skip zero-amount lines, and map each row to a plain object before it hits the prompt. Don’t send the raw CSV string — parse it first so the model gets clean, consistent input every time.
Where to drop the file
Three options, in order of simplicity:
- Email inbox: A dedicated address like
statements@yourdomain.com. An email parser (Zapier, Make, or a small webhook) watches it, extracts the attachment, and kicks off the pipeline. - Shared drive folder: Google Drive or SharePoint. A trigger fires when a new file appears in a specific folder. Straightforward to set up, easy for non-technical staff to use.
- Upload endpoint: A small API endpoint you own. More setup, but gives you full audit logs and the cleanest separation of concerns.
All three work. Pick the one your team will actually use every week.
What you still need a human for
The model will misfire on unusual transactions — a director’s loan repayment, a mixed-purpose purchase, anything with a vague description. That’s fine. The confidence score surfaces those. Spend five minutes a week on the review queue rather than an hour on the whole ledger. Your accountant still reviews the period-end output. The automation handles the volume; the human handles the judgement calls.
This isn’t a replacement for an accountant. It’s a way to hand them tidy, pre-categorised data instead of a shoebox.
The honest summary
Live bank connections solve a convenience problem. The statement-drop pattern solves a bookkeeping problem. They’re not the same problem. If you’re comfortable with the credential exposure and your aggregator has solid security, a live feed is fine. If you’d rather keep AI at arm’s length from your account — which is a perfectly reasonable position — you lose nothing except the need to export a file once a week.
The automation still runs. The categorisation still happens. The VAT flags still appear. You just stay in control of what the system sees.
If you want to see how document automation fits into a broader workflow for your business, our pricing page shows what a build typically costs and what it includes.


