I am an inspector at a globally significant bank, what should I ask

What data is stored about an employee's justification for viewing a customer account? Is there an enumerated set of justifications such as "direct customer inquiry" versus "to be used for upselling other banking products" versus "IT debugging" etc. or is it free-form text? Is the justification process more complex if the bank knows that the customer is a public figure, celebrity, or maybe anyone who meets Wikipedia'a notability requirements?

How is data related to Bank Secrecy Act requirements (or similar requirements in a non-U.S. jurisdiction) stored? For example, a U.S. bank must contact regulators about a cash payment of more than $10,000. The payment itself is not information that must be kept secret from the customer, e.g., the bank can share information with the customer about the specific amount, date, etc. However, the act of reporting to regulators cannot be shared with the customer. The question is, from an IT perspective, is the act of reporting part of a "customer data structure"? Is it possible for IT staff to do simple database queries such as "date_that_customer_began < 2022-01-01 and large_cash_payments > 0"? Or is Bank Secrecy Act reporting data segregated into separate database tables or even separate IT systems?

How do the relevant teams rehearse restoring systems from backups? How and when are credentials for departing employees revoked?