I can't understand why a financial institution would underpay someone who has such responsability.

The recent hacking of BMP shows the risk this creates (poorly paid employee with debts sold his password to hackers).