Aggressively deleting all records the moment it’s legally allowed is the name of the game. Records are a real liability for banks so the moment they can go they’re gone.

Unless the fines become existential or the c-suite goes straight to jail this won’t change.

A lack of backups designed for “just such an occasion,” of course.