I'm speaking from some first-hand experience, but it's probably because PKI, or public key infrastructure, can be a bit of a big hammer in actually deploying certificates. Then what assurance of certificates are you deploying, and are they proprietary?
S/MIME was very good, but the point is that there are ways of establishing identity and having digital certificates, or proof of the message originator and who sent it and whether it has been tampered with, that can be added and done better.
Absolutely, there are technologies. If we standardized on one, that would be good. I don't know if we need full public key infrastructure. We have to be careful about what digital certificate approach we take, given the massive community that would be involved in the financial community.