Because root is not the ultimate authority of what goes on in the phone; the hardware is, and the hardware contains a TPM (Treacherous Platform Module). The TPM has secret cryptographic keys it never shares with anyone, neither root nor an unrooted OS. When the phone starts, the TPM checks if the OS has been modified from what the manufacturer supplies or not.

The bank's app can then ask the OS to sign documents using the TPM's secret keys, and the OS forwards such requests to the TPM. The TPM refuses such requests from modified OS but obliges requests from an unmodified OS. The bank's servers refuse to accept documents not signed by the TPM.

Root can't pretend to be a TPM and make up some secret keys to sign documents with because the TPM's signature is itself signed by Google, so the bank can tell the difference between root's signature and a treacherous signature.

If this pretending works 100%, then a malware can use that technique to pretend that the phone is secure, to trick you into using your bank app and steal your money anyway.

I also prefer to own my device and be root on it, while installing all the "pretend I'm non-rooted" functionality on it, I did think "this is basically installing a rootkit to tell the OS 'yes, I'm clean!'.". Then my bank (fuck them very much) decided to add a check for a locked bootloader and refused to work without it. I suppose maybe there's a way for the "rootkit" to lie and say "Yes the bootloader is locked!"?

I didn't read all the comments, but it seems to have been lost that it's a fight between freedom (allowing people to "own" their devices) and protecting the general public from harm (being scammed and losing all their money). We also have to give up some freedoms, eg. we are forced to wear helmets or seatbelts as participants of traffic, to ensure a better protection.

they can to a large degree. but theres many layers to it. I for example hide root from my banking app in Portugal.