I know you are re-thinking the implementation of user permissions, and it seems to me that could be a huge job.
So the only quick solution I could come up with, without a complete overhaul of the permission implementation of manager is to treat each bankaccount, and maybe even cash accounts, as a separate (sub)module.
Since it looks like user permission is granted per user/business/module, and with the assumption that there will be a limited amount of bankaccounts per business. If I place this on topic, it could look something like this.
The bankaccount numbers are so long because I read somewhere IBAN numbers can be up to 34-positions.
Anyway; whatever you come up with. Thanks.