This is very bad practice. Passwords today MUST be hashed to cover the possible loss of the password database. The fact that individual elements of the password can be used for authentication means that a reversible encryption is being used instead of hashing, as TP already indicated. This is bad because if both the database AND the encryption key is stolen, then ALL the passwords are lost. Hashing (with strong passwords) makes this impossible. At least the folks that USE strong passwords are safe if the passwords are hashed.
I believe that the reason that some institutions encrypt instead of hash is that the full password may be needed in the backend for some purpose, such as further authentication. Some sites use the last 4 digits of the password as a "security question" when the help desk is contacted. But this is a horrible reason, and is probably done since the security question approach that most reputable sites use has not yet been implemented.
I have even seen the actual password show up in my email when I have had to request a reset - it is more complicated to implement a password reset via email then request a new password, than just emailing the password! The bottom line is that it is easier to just keep the password encrypted (or even in the clear) and use it for other purposes than to just implement a password reset mechanism to prompt for a new password.
Another reason this is bad is that most folks that care about passwords today just use a password manager. Requiring individual elements of a strong password is error prone and much more difficult that just using a secure password manager.
Finally, in cases where weak passwords are commonly used, encryption with as strong key can be safer than hashing, since weak password hashes can quickly be cracked today. But in this case, hashing AND encrypting is preferred, not just encrypting.