what even is the benefit of this from a security perspective? this does not seem to be an anti-robot measure, because as the discussion above the implementation of a script could relatively easily pass this. it is not adding security, as far as i can tell, beyond increasing the processing required. if someone has gained illicit access to your password they have your password, even if it is just on the clipboard, and they can thus complete the challenge to gain entry.
so i must be missing something, because i doubt the people at a major banking institution are complete dunderheads when it comes to security and privileged access. so they must have a reason.