'too stupid to be allowed near source code'
So smug you miss the point! Step away from the keyboard for a moment!
Who said anything about the cap being set in source code? After all, this isn't the year 2000!
Its not locked in source, its just locked to hackers! The cap has to be set in-branch (in-person) or using a system that can't simply be pwned by exploiting weak points in A. the online banking session, B. weak support staff, C. weak telephone password reset systems. (The kind of thing that was used by hackers to hijack the email accounts of NSA / CIA security staff in USA in 2015 etc...)