My impression is that there is a lot more auditing going on in the conventional financial system. Not to say that it's not bad, but there are at least some (legit) outside eyeballs on your system.
My financial company has amazing enforcement around code quality, deployments strategies, separation of concerns, testing enforcement, escalation, approvals, backups, minimum security standards, vulnerability remediation and so much more. All of this is aimed at being able to keep compliant at scale. It's a large burden, but it's one you take when you hold people's money.
