Just to be clear, I'm not talking about small companies. IME, the smaller companies I've worked with have been far less likely to do this kind of thing, because the level of trust is greater when "everyone knows everyone".
The liability issue you raise with regulated external sites is a fair point, and so are your comments about internal segregation in some contexts. However, please remember that not everywhere has the same legal rules and precedents as the US.
This whole field is rather young to make too many general claims about what is and isn't considered acceptable, particularly if an employee has been explicitly told that company equipment and networks are monitored and use may be recorded. How much employees should be explicitly warned about -- for example, whether this kind of SSL-defeating technique should be highlighted even if you're already saying you might read communications -- is something of an open question at least ethically and possibly legally as well. Heck, workplace surveillance generally is a very two-sided issue, and even where the law is relatively settled already, it can be a source of serious problems and disagreements.
But the general principle we were discussing was that sysadmins can have a lot of control about what happens on company networks, and that stands. Even if, for legal, moral or ethical reasons, an organisation chooses not to log the content of things like IM and e-mail communications, the technical tools to do so exist right now. And while you (and I, for the record) might choose to avoid working for an employer who we knew to use such monitoring, the reality is that unless you actually work in their IT department, you're never going to be able to determine reliably what is actually being done and it's all a matter of trust.