It's also not like they wouldn't have reasons to double/triple check in this specific case without needing a general patrol policy: It should have been a security concern at the end of Friday that someone had badged in and not left. That's among basic reasons for having these badge systems, in the first place. Someone failing to badge out is a security risk. (It's also a Fire Marshall risk because another reason companies require accurate badge out is that in the case of a fire emergency and they have a badge in process, they are then liable for knowing every employee inside the building in the event of that fire emergency and helping make sure everyone gets out safely.)
Even if the company encourages sleeping at your desk overnight "for productivity", because companies sure do love underpaid labor and accidental burnout, there's an increased OpSec risk for every extra hour someone has access to secure corporate resources. You'd think in a bank where security is supposed to be important at least one security software would be paranoid and presenting alarms about someone still badged in over a full weekend.
I've had a mixture of the two in my years. The growing "Fire Marshall liability" thing (which obviously depends on your state, and other factors) has been pushing companies to do both, even in cases where they weren't convinced for security reasons alone. (Though security reasons alone you would expect a bank to require both in and out.) (ETA: And the article implies that they did have a badge out.)
Even if the company encourages sleeping at your desk overnight "for productivity", because companies sure do love underpaid labor and accidental burnout, there's an increased OpSec risk for every extra hour someone has access to secure corporate resources. You'd think in a bank where security is supposed to be important at least one security software would be paranoid and presenting alarms about someone still badged in over a full weekend.