Bank statements pulled
before close week starts.
Every month, somebody logs into 12 bank portals, types the same passwords, fishes out the statement PDFs, and renames them. It's the worst job in finance and the riskiest credential exposure on the team. A Loomal agent does the whole loop — securely, with the right TOTP code, audited per fetch.
API Primitives used
vault.getRetrieve bank credentials
Login credentials for every bank portal live encrypted in the vault. Agent retrieves them per fetch — no shared password manager, no sticky notes.
vault.totpGenerate the 2FA code
TOTP seeds are stored encrypted; the agent generates fresh codes on demand without ever exposing the seed itself.
mail.sendDeliver to accounting
Statements get sent from the finance identity to the accounting workflow — DKIM-signed, audit-logged, ready for import.
Statement pulling is the riskiest hour in finance.
Every month, a finance lead logs into a dozen bank portals using credentials shared in a password manager. They type 2FA codes from their phone, navigate menus, download PDFs, and email them around. Every step touches sensitive credentials, every step is manual, and every step is audited as 'don't do this' by every security team that's looked at it.
An agent removes the human from the credential path entirely. The vault holds the logins, the TOTP seeds stay encrypted, and the statements get pulled and delivered without any human ever seeing the password. Finance gets the data; security gets the audit.
How to build it.
vault.getPull credentials
Agent retrieves the bank login from the vault. The credential never leaves the identity boundary — no logs, no clipboards, no humans.
vault.totpAuthenticate
Agent generates the TOTP code on demand from the encrypted seed and completes the 2FA flow.
mail.sendDeliver the statement
Once downloaded, the statement gets emailed from the finance identity to the accounting workflow with the right naming and audit trail.
Example prompt
“On the 1st of every month, log into our 8 bank portals, download last month's statements, and email them to our accounting agent so they can be imported into NetSuite.”
What finance teams build.
Multi-bank close prep
Agent fetches statements from every bank account before close week starts, eliminating the manual download chase.
Subsidiary consolidation
Agents per subsidiary fetch statements into a central accounting workflow with consistent naming and metadata.
Real-time alerts
Agent checks balances daily and emails treasury when accounts cross thresholds.
Audit-ready archive
Every fetched statement is logged with timestamp, agent identity, and the human who delegated the fetch.
Credential rotation
When a bank password changes, you update the vault entry once — every future fetch uses the new credential.
Why statement fetch needs an agent identity.
Bank credentials are the highest-stakes secrets a finance team owns. Sharing them in a password manager is a compliance footgun; rotating them is a logistics nightmare. The right answer is to take the credentials out of human hands entirely and give them to a single delegated identity.
Loomal does exactly that. The vault holds the credentials encrypted, TOTP seeds never leave the boundary, and every fetch is logged against the human who authorized the agent. Finance gets clean operations; security gets the audit trail it's been asking for.
Credentials encrypted at rest
Bank logins and TOTP seeds live in AES-256-GCM vault entries scoped to the finance identity.
Per-fetch audit
Every login, code generation, and statement delivery is logged with the agent identity and timestamp.
Instant revocation
Revoke the agent identity to halt every fetch in flight — no orphaned access.
Take banking out of human hands.
Encrypted credentials, TOTP-handled 2FA, fully audited fetches.