It's very country dependent. In the US, I don't think many banks do that, but I heard in Europe this is used a lot more, presumably due to more regulatory bs.

It's worth noting GrapheneOS with the locked bootloader will meet basic integrity, and that's what most apps need anyway. Strong integrity requires a whitelisted OS by Google and hardware to support it, but there are many older devices that do not meet it, so it will likely inconvenience too many people to be enforced for now.