The bank I'm using has 2FA for all actions performed in the website, so that's my guess as to why they don't prioritize fixing the lame password requirement.
Exactly. 2FA is much more important than complicated password (not that I'm advocating to have a guessable one here), altogether providing acceptable level of security.