forgotten account that a former employee can re-activate or login with? I would think banks would be fined by regulators or risk their license over even a single instance of that.

The bigger question is why such a large bank does not have solid off-boarding procedures.

Any off-boarding procedure fails - at that scale, if even one in one thousand fails, you can expect a couple of failures per year. ensuring these get caught is part of "solid offboarding".

They had that on the financial side. The eng/HR side was behind for sure.

Do you even begin to understand how many applications a large bank actually manages?

That's not an excuse. If a bank can make sure that they do not mistakenly just deposit free money into people's accounts by mistake, they can ensure that a person who has left (possibly on bad terms) does not keep access to critical systems.

That's an entity that specializes in RISK MANAGEMENT.

Hello tip, meet iceberg.

A security risk which only gets worth with time.