Well, let's go in order.
1 : How to keep communication secure: by directly accessing the database through your application, there is no way (explanation below). How would this communication be done securely: a web service on the database server, exposing high-level calls, with authentication, etc.
2 : Risks:
2.1 : Your database must have username / password. This in no way means security over a network. Think of it this way: Your application needs to keep this information. Anyone with access to the application could extract such data and compromise the Bank. You could limit the IPs that access the database, but this reduces the problem a little.
2.2 : If your application accesses the database directly, an error in the application could compromise the data. The integrity should be kept as close as possible to the database.
2.3 : If your application accesses the database directly, there is nothing between the two. This means that you are exposing a database that accepts any command, any statement.
3 : I honestly do not have experience with an architecture where the desktop application directly accesses the database. In addition to security for access, perhaps with VPN, it is imperative to use stored procedures in the database to expose only complete calls. Never expose the database openly.
Other advantages of an abstraction layer (web service):
The service sends / receives data at the highest level of the application, which reduces client / server communication. The web service is on the same server as the database, and all calls and intermediary queries are local to the server. Remember: you pay for data coming in and out of the server ...
If you need to change the database, you can change the web service and keep everything running. Will it be possible to immediately upgrade all client applications? The web service you control, and you can upgrade, offering the same methods to the clients, which do not even come to change.
Similar to item 1, the performance web service-database is much larger than client-database. Quick query-update cycles if kept on the same server can take minutes if there is a round trip to the client.
If a call has the potential to change many records, do you accept that these records are sent to the client, updated and returned to the server? What if each trip takes 30 seconds?