I worked for a bank with 28000 total engineers. I know because part of what i did was crunching github and gitlab data and detecting double accounts (and deleting account from people not there anymore). I'd say 3/4th of them were just cost of doing business. Including me (my role wasn't really necessary, the stuff i did was cool and everything, but a bit useless).
At this scale, having someone take care of deleting double/expired accounts is just good hygiene and I would not consider that useless. Forgotten accounts are a security risk.
forgotten account that a former employee can re-activate or login with? I would think banks would be fined by regulators or risk their license over even a single instance of that.
Any off-boarding procedure fails - at that scale, if even one in one thousand fails, you can expect a couple of failures per year. ensuring these get caught is part of "solid offboarding".
That's not an excuse. If a bank can make sure that they do not mistakenly just deposit free money into people's accounts by mistake, they can ensure that a person who has left (possibly on bad terms) does not keep access to critical systems.
That's an entity that specializes in RISK MANAGEMENT.
