The reality of laws and especially policies is that they are conflicting on the margins. No one can follow every policy there is, because the only option to do that would be to literally die (and depending on the type of death that likely also breaks multiple policies).

And so even with SEC type of policies this is about balancing the cost of implementing such policy vs the cost of repercussions when ignoring the policy. This is what all the big players learn - so for the banks the fine was most likely still worth it. E.g. here are all the fines that banks got for money laundering and cheating users one way or another and yet they continue doing that, because by doing it they earn way more than what they spend on fines.

Now specifically about using privacy tools. The whole point is that if you use those right, then a government won't be able to pin you down.