When I was involved with this it was SFTP for the transfer, to a write-only folder (you couldn't list contents) and the file uploaded had to be PGP encrypted with a key the bank gave us and we verified over the phone before starting the process.
Even if it had been email, or plain FTP, the file was encrypted and only the bank had the key... even we couldn't decrypt it, due to the nature of Public Key encryption.
Plain old FTP is not considered secure by any means, and is largely disappearing - SFTP is standard now.
It's sftp in my experience. And all keys have two year expiration, which is stressful because ssh keys don't have a real expiration do they just send you an email saying "give us new keys" and you have to hope the cutover goes smoothly.
Slightly OT, but OpenSSH now supports the use of signed certificates, giving you the ability to expire and re-sign credentials. The feature was added recently, so I'm confident they're not using it yet.
When I was involved with this it was SFTP for the transfer, to a write-only folder (you couldn't list contents) and the file uploaded had to be PGP encrypted with a key the bank gave us and we verified over the phone before starting the process.
Even if it had been email, or plain FTP, the file was encrypted and only the bank had the key... even we couldn't decrypt it, due to the nature of Public Key encryption.
Plain old FTP is not considered secure by any means, and is largely disappearing - SFTP is standard now.