This is about a Wikipedia article about the Trusted Computing Base. The Wikipedia article is pretty good but I note that the authors accept the idea that an application is to be protected by function outside itself—some “security policy”. The charter of a real world bank is to keep their customer’s money safe without reference to some exogenous “security policy” crafted by someone else. I also note that they assume that a computer system has just one critical application and thus one TCB.
Perhaps there is here implicit reference to a police force connected with a legal system the is effective at suppressing bank robbers and fraudstrs. In the capability perspective there are what might be viewed as exogenous rules, but those rules are very simple and do not involve banking theory—no exogenous banking law or enforcement is needed.
It seems clear to me that a computer system may have several critical systems each with their individual TCB. These TCB will generally overlap, yet be distinct.
There may be a hierarchy among TCB's. A small TCB might support the bank logic that insures that dollars are not misplaced and a higher one might protect the loan prudence algorithms.