I have absolutely no sympathy for Citibank in this instance. They're a bank. Their job is to do stuff like facilitate transfers and keep records. That's their primary mission. If they're too incompetent to do that properly then maybe they shouldn't be in business.
The strength of an organization is it's ability to overcome the weaknesses of any one individual. Developers don't have to have a business sense, product owners don't have to be technical, etc.
In the Dev world, there are QA engineers, code reviews, multiple environments, user acceptance testing, etc, to protect the codebase.
In the corporate world, a CEO doesn't have to know how to do everything. He knows how to make good decisions and to defer to people who are more knowledgeable than him on specific issues.
Good processes stop problems before they make it to production. And while an individual can make a mistake within an organization, the organization's processes will serve as safeguards that prevent that mistake from being propagated throughout the org's codebase.
In the case of Citibank, they should have good processes in place to prevent this kind of colossal mistake. So again the mistake of an individual should not be propagated but reviewed and fixed before affecting anything. As the other guy said, they should have had measures in place to prevent this kind of thing, especially considering it is a significant aspect of their overall business strategy.
