It's not like people blame the staff working on wiring the network hardware here. For any company in that position I'd assume they realize their dependence on that part of the infrastructure for their core business. I don't really see the relevance of how long compliance processes take, that's part of the industry and WF didn't discover the internet last week. Salaries in finance reflect that frustration, who cares.
If the answer to that challenge was one of "too hard", "it works for now" or "too expensive" that's still a strategic failure that impacts their core business now.
It's because management doesn't want to touch the topic. No CIO wants to risk breaking something so they all pray to God nothing breaks on their watch and they can get their retirement package or move on to the next job and it's someone else's problem.
This is why sometimes absurd amounts of money are paid to keep the old system going as it is. It's "safer" than to move to a new one with the associated risks and teething issues.
If the answer to that challenge was one of "too hard", "it works for now" or "too expensive" that's still a strategic failure that impacts their core business now.