What does banking etc. server room protection look like? What happens if it fails?

Well, what they are really supposed to do is look to the most effective physical security measures used in the customary practices of high-security data centers in data processing industries in general, plus implement specific measures & practices that their lawyers tell them are required by the collective body of federal regulations that speak to the information security of U.S. financial institutions.

Guidance on best practices and recommendations for the secure design and operation of data centers in general certainly isn't hard to find. You seem interested in the specific details of what access control mechanisms should be in place, how perimeter security should be monitored, etc., (which I'll admit I've always found interesting as well.) This piece from CSO Online is one of the more comprehensive and readable run-downs, listing 19 specific physical security elements that a well-protected data center should implement well. ("Mantraps, access control systems, bollards and surveillance." among them.) Probably not surprisingly, there are compliance certification standards for data center physical security that companies in "highly regulated industries"--financial institutions first and foremost-- are very often required (by practical forces if not directly by legal regulations) to comply with.

Now, talking about info sec regulations that apply to banks and other financial institutions is always a massively complicated endeavor. Such regulations come from, just talking at the federal level, the "Board of Governors of the Federal Reserve System (FRB), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the Consumer Financial Protection Bureau (CFPB)". So says the IT Handbook resource for the Federal Financial Examination Institution Counsel, which is probably one of the best official government sources you're going to find that covers federal information security regulatory requirements for banks comprehensively, coming from that broad, broad swath of agencies. FFEIC's specific page on data center physical security is here. It is a fairly short document, and addresses intruder detection, the training of security guards, and other topics. Look at topics surrounding that specific page in the virtual IT Handbook for information on physical security concerns that will often pertain to data centers as well as other facilities. You might also take a direct look at the Federal Reserve's guidelines regarding information security standards; some of those high-level conceptual standards most definitely do eventually affect how banks do the specifics of providing physical security at their data centers.

So there's some fun night-table reading for you.

tl; dr: They should being doing what responsible companies in other security-intensive data processing industries are doing, plus meeting what the requirements in regulations from any number of different agencies and jurisdictions that oversee financial institutions mandate.