How would you structure a SQL query to identify anomalous application patterns across multiple financial institutions over a rolling 30-day window?