All the restrictions banks give don't make the password less guessable. Lots of people can still use their birth year, or their postal code. Banks are mainly a PITA, not really "securer".
There's a difference between non-complex and guessable. You don't need to have a 16+ character password to make it non guessable. My comment was referring to brute forcing rather than guessing...