I'm running v4.4 and have been cleaning up entries in Security Audit after enabling Watchtower. The Weak Passwords and Duplicate Passwords lists include Bank Accounts. These do not have a passwords (they are not Logins), so should be excluded from these lists.
