Oh, of course - I understand most (if not all?) major banks have serious ethics issues from the top-down - but money-laundering is a business-objective and is distinct and separate from online banking security.
The $70m fine (a joke to a multi-billion-dollar company) is insignificant to the potential damages from a class-action lawsuit from a wide-ranging vulnerability in their online banking platform - hence their focus and over-engineering on their online banking security - while the risks from credit-card abuse and individual identity-theft are much more limited in scope - and are a known-quantity.
The $70m fine (a joke to a multi-billion-dollar company) is insignificant to the potential damages from a class-action lawsuit from a wide-ranging vulnerability in their online banking platform - hence their focus and over-engineering on their online banking security - while the risks from credit-card abuse and individual identity-theft are much more limited in scope - and are a known-quantity.