No, that's just BS.

The web has a secure storage standard and OAuth + MFA is just as secure as anything your bank could cook up in an app. In fact, I'd be shocked if banks did a better job of security in their apps vs what browsers and standard auth flows provide.

Banks just like selling the idea that "if it's encrypted, it's secure". But trust me when I say this, bank security across the board absolutely sucks. The company I work with does financial data ingest and... yeah... There's more than a few institutions where we had to pull teeth to get them to send stuff through an encrypted transport (SFTP, for example, they want to just use FTP).

The OS/browser could give this capability to web apps via an API.