Banking has many security challenges: privacy, regulatory compliance, MFA, third-party vendor threats, insider threats, api security, cloud security, incident response and breach management. What can we learn from how banks are adapting to this new security landscape by supporting central policy management? What are the concerns and unique challenges that are driving the momentum to externalize application security policies? And how has their current strategy worked out so far?