Not that it justifies arbitrary UI updates but that has a different risk profile. It would be a potentially existential crisis for a bank to (for example) push an update to backend systems that credits one account without debiting another, especially at scale. In comparison, changing the graphical interface of clients which connect to those systems has a rather isolated blast radius.