A non-technical article on the topic of password policy choice,
Why Canada's banks have weaker passwords than Twitter or Google
It seems to come down to cost of (a) attracting and retaining customers, and (b) insurance.
Still, even if they want to let people use a bad password, for their (short term) convenience, why can't they support better passwords for those willing to use them?