When you create a new account (Easy Savings in my case), you need to manually look for the option to secure your account by PIN code and eventually some biometric that's supported by your device. The other not-so-obvious option is the automatic logout feature.
When a user is on-boarding, it would be better to require the user to secure its account at least by entering a PIN code. After PIN code creation, it would make sense to offer to enable biometric security (as supported by the device).
To complete the circle, it would be sensible to set the automatic logout to 0 seconds.
This way the account is secured by default / design, just like other (banking) apps that hold sensitive information. If the user chooses to deviate, it should be intentional (along with some warnings and confirmation dialogs).
