Maybe those banks are relying too much on Windows?
To an extent, insofar as the initial attack vector was, allegedly, phishing emails read by clerks who were, probably, using Windows. The actual malware (at least initial stages) could be assembly-based, so your question could be phrased as "Maybe those banks are relying too much on $(uname -m)?"
I'm amazed that daily reconciliation didn't catch up with this.
Reconciliation wouldn't. The operations were disguised as transactions, so your money would be wired to another bank and the two banks would reconcile without a hitch. Note the following tidbit from the article: "criminals [...] sought out employees charged with administering cash transfer and ATMs" - apparently it all started and/or ended with cash. Started with fake cash transactions, ended with real ones?
Having said that, and not knowing any details, I assume there were both serious security shortcomings (beyond careless employees who click on juicy links and attachments on the same computer that handles their customers' money) and procedural/accounting gaps involved.