You're confusing encryption algorithms (RC4) and hash algorithms (SHA-1 and SHA-2). Certificates do not use an encryption algorithm nor do they influence your choice of encryption algorithm.
I don't see MD5 anywhere in that certificate. I think that you are confusing the ciphersuite (which is negotiated dynamically between the client and the server on each connection, and is actually used to directly protect and authenticate the content of the communication) with the certificate (which is issued infrequently -- typically once per year or once every other year -- by a certificate authority and used to authenticate the server's public key, which is one prerequisite for secure session negotiation).
The signature algorithm in the certificate itself is sha1WithRSAEncryption (try exporting the cert and running "openssl x509 -in their_cert.pem -text -noout" for a summary of the content). I also don't see RC4 anywhere in the cert.
It is true that the web server is using RC4 to protect the TLS connections that it negotiates (probably inadvisedly!), and that MD5 is also used in its negotiated ciphersuite, but the use of these algorithms isn't specified, required, recommended, or assumed anywhere in the digital certificate that the server is presenting to authenticate the connection. Rather, the choice of RC4 (and MD5) is made dynamically during the ciphersuite negotiation between the client and server on each connection, presumably based on the (somewhat obsolete) server defaults that the bank has chosen.
I agree with the previous commenter that RC4 can't be specified (or used) in certificates, though MD5 can be used as part a signature method within the certificate, but happens not to be in your example.