How to competently convey to management that the use of personal online banks by employees of the organization is a potential threat to the organization?
For example, the organization's network is compromised, the virus intercepts the credentials from the office and the money "disappears" from the account. Or another reason. The user writes statements to the bank and the police... what are the risks in this case for the organization and for the employees of the IT department?

Judging by your words, the threat here is your negligence to the security of the company's network.

Hint that in this way they can pay for all sorts of illegalities. And block "for the sake of the children." ;)
(Humor, if only)
In general, as I understand it, you are worried about employees who, from working computers, climb into personal Internet banks, right? Those who unsubscribed above write differently, but I understand the question this way. If true, it's none of your concern. The individual has to worry about these aspects himself, as it is written in a bunch of agreements.
And so everything looks more like a watchman complex. Excuse me for being direct.

If you have such aaaaaa virus roaming your network, then you have more serious problems than personal employee accounts, which employees go to 0.0001% of their time.
At you, probably all other problems okoloIT-shnye in office are already solved and there is nothing to be engaged???

Hello, is it possible for people to go to work or is this also a potential threat to the company? If there has already been a precedent in your company, then this is solely your negligence, and employees who do not understand anything.

In my opinion, closing websites for employees is complete nonsense.

This is not your Internet bank at all and not your money, besides, all Internet banks now make transfers via SMS, so everything is already protected up to you, why the hell do you care about other people's Internet banks, I don’t understand at all, you would still ban wallets on work to come suddenly they will be stolen.

If all your software is covered by licenses, then, IMHO, there are no risks. Maybe, in the light of recent trends, it is also worth having a list of employees using the Internet in the organization.
Well, they will come, talk with employees, request some logs, what is the danger then?

There will be no criminal or administrative prosecution of employees of the IT department. BUT, this is only if you did not have a hand in this matter, and were not caught. Maximum - you will be fired for dishonest performance of official duties. This applies even if you work in a bank, even if your job description contains criminal liability for negligence. Negligence can only be prosecuted if someone has been physically harmed.
There is a set of measures that can stop 99% of threats. Namely, the prohibition of running scripts and programs on the workstation that are not from the list of trusted + anti-virus program.
ps The very fact of negligence will also have to be proven. What to do is very difficult if the incident is not regulated by the job description.

License purity. Resources are blocked. The measures are being followed. What I wrote above is an example. In my opinion, online banking in an organization should be blocked, as its use can potentially lead to problems. Users, as a rule, are not able to distinguish between a legitimate banking page and a fake one, and who knows what he opens and launches there. If you think that there are no vulnerabilities in software, then you are mistaken. Antivirus... I work with the support service almost every day and I assure you, there are many new threats (viruses, web resources) that the antivirus does not know about.
>>> Well, they will come, talk with employees, ask for some logs, what is the danger then?
There will be additional the burden on the IT department due to the proceedings. It is not known how long the proceedings will drag on and what it will lead to. Might require some funding. costs. These are risks.
telman8 I did not understand your idea at all.