Even outside of that, I doubt that most other banks (like large corporations) really understand what is going on sometimes at the bottom of the organizations. When I was working for a large bank in the US doing Win XP to Win 7 migrations, I had access to the list of all users IDs and the names associated with them, departments they worked at, systems they had access to, and the password reset tool that worked on any account. Oh yeah, and I was a contractor. They even let me take unencrypted financial data home - I was station to work somewhere, then deploy in another building 20 miles away, but between where I worked and where I lived. My boss let me take home the unencrypted machines and just drop them off in the morning. Security was such a joke.