When it comes to application security, in addition to being governed by strong regulations, a financial institution is also exposed to high risks. After all, the impact, should someone with malicious intent succeed in exploitation, is high - both for the institution and for its clients. The probability of an intrusion happening is also higher for this type of institution - they are highly targeted.
This is especially problematic, since, depending on how they handle AppSec, the institution's relationship with its customers is in check. We also cannot leave aside legal issues, such as restitution costs and image damage.