These people are proposing to manage people's money, without having a serious understanding of how to secure it. For me, it's akin to watching someone build a bridge that people's cars are going to be driving across without having a background in civil engineering. I may not be able to tell them how to build the bridge, but I sure know it's going to end poorly when they try to do it themselves.
As a first step, add an NofM authentication process with a pair of sophos/utimaco HSMs doing rate/key/encryption management.
Thanks, that is nice to actually have a suggestion.
One note is that I think you vastly overestimate the competency level of organizations. Just because they are large and have an air of security does not mean their systems are terribly secure. I can speak from personal experience that huge government organizations that ought to know better have absolutely glaring security holes.
But yes, we should all strive to do better. I think NofM encryption in particular would be a great improvement.
As a first step, add an NofM authentication process with a pair of sophos/utimaco HSMs doing rate/key/encryption management.