TBH this doesn't sound that different than what is considered normal when IT puts a web filtering software on.
Normally you end up with a breakdown like this;
*Exec--full access (even though they shouldn't because they are the most likely for a phishing and other attacks)
*Officer/Compliance/BSA--essentially open access but sites such as shopping, Youtube and others questionable sites are blocked
*CSR--Only sites that they need to do their job (Sec. of State searches, check ordering etc.)
I'm assuming you are reviewing a customer's website in order to determine if they are offering any *extra* services they didn't tell you about but personally I find that step to be slightly above and beyond in performing it for all customers.
The one item method no one else has mentioned is to simply use your own personal cell phone/tablet.
Groups like thisisme08 describes above are pretty common and what I've experienced. Hopefully your BSA Officer should be at the highest level, with virtually no restrictions, your BSA staff could be staggared with access (depending on how many you have and the different levels of staff).
I'm not a big fan of blocking sites "just because", or blocking Facebook or YouTube so staff won't waste time looking at it. Sites should be blocked based upon risk to the bank, and I can make an argument that all staff should/need to have at least some access to the internet, tellers included, they're not robots, they're people. You do need a strong Information Security training program for everyone. Like Randy said, there is there more than one way to skin a cat and not just with Internet access restrictions, as you can get around many of these restrictions with emails, personal devices and such, so IT needs to think hard about the types of restrictions they put in place and the protections the bank has. A teller can just as easily email themselves from their personal email a virus/malware embedded document as they can click on a link.
They key is training, including heavy social engineering training. Cher - I think your IT department needs a little training themselves.
My my 2 cents.