There has been virtually no previous study discussing how external pressures impel banks to stay compliant. These external pressures could be a compelling force driving banks to comply. Hinged on the Neo-Institutional Theory (NIT), this study examines how the external pressures, namely, regulative, normative, and cognitive expectations, drive banks to comply. The research findings reveal that information security policy compliance in banking organizations is directly driven by normative expectation. Normative expectation encompasses the pressures of fulfilling social/moral obligation and conforming to the industry norms defined by the standardized information security mechanisms. Since the findings uncover that normative expectation is a significant force in the institution of banking, this study suggests drafting internal organizational policies to (1) meet normative expectation and (2) provide a new avenue for risk assessment based on the normative elements.