Possible threat: How do you control access to the feeds? Usual RSS feeds are unprotected; you could have a RSS feed over HTTPS + Basic auth, but is it sufficient for your security guidelines (since it's a bank, I doubt it)? Even if it passed muster, are you sure you want to have two different access paths into the system? More specific ways of authorization will break most RSS readers (as they don't have significant support for more complex authorization schemes).
Also, some people use web-based readers (Google Reader); how do they authorize? Once you allow a web-based RSS reader to spider your RSS feeds, how do you prevent it from sharing this content with other users?