I post this having had a similar experience twice over the past two weeks...
Both times, applied for two different kind of financial service, the kind where they do require quite a lot of personal information... so provided what they required via their initial forms ...etc, and then shortly after submitted received an email asking for further personal financial info (ie. bank statements, tax returns ...etc), VIA EMAIL!!
For those not aware, sending anything via email is about as unsecure as it is possible to get. Whatever you send passes through multiple email servers between you and the receiver, with zero encryption most common.
I mention this to them both times, both times they emphasise how serious they are about security, but this is the only way they have to submit this information.
It's such a concern that some online services still send passwords via email, which "should" be the most obvious security issue to avoid. As someone that has project managed largish online sites/apps in the past that required the submission of personal information, one of the first things you consider is how this data can be submitted securely. The fact this financial service obviously has not considered the risks is a little concerning, in what other security measures do they or do they not have in place for users personal data?