LOL, when I meet some people working for banks they usually complain about all the regulatory compliance they have to do and how pointless it is. Doesn't seem to me like working at a bank helps to see how necessary all that is.
A lot of people complain about having to maintain secure passwords and other IT security measures, too, but that doesn't invalidate the measures.
I'm first to agree that the regulatory burden on banks has gone too far, but all too often, people not seeing the point behind compliance frequently do so for the reasons as above (they don't understand it), and jump to conclusions.
If your friends substantiated why they believe so, please do follow up.
