I don’t see it.
Imagine for a moment the there is no oversight. Every intern can ship prod code with their own homemade crypto.
How do you, in a retail business, agree to accept credentials that anyone can mint for free?
I mean obviously it happened. But… this doesn’t even seem like a compliance mistake. It’s a business-level mistake.
If you've never worked in a large corporate environment you don't know how stupid things become. In a perfect bureaucracy nobody thinks.