Long story short, I've tried to enable all the exploit protections in the Exploit protection settings. I've discovered one banking app won't start without Dynamic Code Loading via memory and another one without DCL via storage.
This guideline on app quality discourages the use of DCL. This article mentions obfuscation. Is that the main reason banking apps would use DCL?