Any off-boarding procedure fails - at that scale, if even one in one thousand fails, you can expect a couple of failures per year. ensuring these get caught is part of "solid offboarding".

They had that on the financial side. The eng/HR side was behind for sure.

Do you even begin to understand how many applications a large bank actually manages?

That's not an excuse. If a bank can make sure that they do not mistakenly just deposit free money into people's accounts by mistake, they can ensure that a person who has left (possibly on bad terms) does not keep access to critical systems.

That's an entity that specializes in RISK MANAGEMENT.

Hello tip, meet iceberg.