So you work for a financial institution and you provided your private key to a third party company so they can impersonate your server to host fingerprinting code?! That sounds really irresponsible.
I wasn't working in a financial institution, no. We did provide some services, but it isn't qualified as a bank. And maybe it wasn't they impersonating our server, but yeah, it was fishy.