It was too easy to spot this one. A sys admin working at an exchange would very easily bypass 2FA from inside, he don't need to ask you to disable it.