I worked for a bank last year...
I won't name them for obvious reasons. But they are pretty big in Holland and Belgium.
Anyway, I was given root access to their systems, and they didn't even interview me before I started. That should be enough to horrify anyone here, but it actually gets worse. There was a universal login that also gave you root privileges on the system - and everyone had the password to it - so if you wanted to sabotage anything, you were assured of perfect anonymity. You could also, being root, switch to being anyone else on the system - and there was no defence implemented against this. Perfect for impersonation...
The pay for a position of such responsibility was surprisingly low. I won't go into details, but it was low. I was not going to complain, but there were plenty of people there who were not happy about it. Their systems were a real eye-opener, too. We basically had to fire-fight, continually - the worst problem was the trading application logs: They were set up on filesystems that were pitifully small (~100MB) and usually had to be cleared every day.
On about 90% of their systems, there wasn't enough disk space to hold much more than 1 day's worth of logs - certainly not 2 days worth (and since you couldn't archive logs while they were being written to, it meant you were very restricted in how - and when - you could manage the problem, which made proactive management damn near impossible). You had to have someone in front of the system 24/7, because just 4-5 minutes of inattention was enough to allow something major to come crashing down - at a cost of millions, or even billions, of euros.
None of this was scripted, by the way - internal bank policy forbade all scheduled scripts via cron, at, etc, because they are "unsafe" (never mind that once written and tested, they don't err like humans do). So instead they relied on hiring poor schmucks off the street for a pittance (without entry interviews, let alone background checks), giving them instant root access (and to think we worry about terrorists?!?) - and relying on these people to do things perfectly every time. I personally witnessed someone deleting the wrong log files by accident. This brought down one of the major trading applications and cost the bank nearly half a billion euros. Amazingly, the guy kept his job.
With IT policy like this, I'm not surprised people like Jerome Kerviel have managed to subvert security to their own ends. What DOES amaze me is that it took this long! If most people knew how unsafe their bank's' IT systems were, there would be a mass run on every bank, and we would all be stashing our lolly in our pillows and under our beds. If I were a saver, I'd certainly want to be examining my options - gold looks pretty good right now. As things stand, I'm pretty glad the only thing I have in my bank account right now is debt.