In what context was this done/could you provide more details (without giving away any information that you don't care to share)? Sounds like something I would enjoy doing as well!
Although I can say that most financial institutions are not nearly as scrupulous in checking their systems as you would expect.
When I would work my way through their auth layer, I'd be sending them like 500 login requests every hour. They never contacted the account I used, so I have to assume they weren't checking for abnormalities like that.
The only time I really fucked up was when I tried to do that with a particular broker in Singapore. Singaporean companies have their shit _locked down_. I spent one hour debugging one of their endpoints, and it let off so many alarms that the CTO of their company was woken up in the middle of the night.
I respect the need to abide by an NDA, and I assumed something along those lines would be the case. Thanks for the tidbits nonetheless! The intersection between finance and tech at the highest levels like that has always intrigued me.