Most of us are thinking in a paradigm where someone else controls the hardware and the operating system source code. When the open source community controls their own hardware and the OS source code, everything changes.
Even if all of the banks signed an exclusive contract with google to only do any banking on Android using a proprietary app, and to let google have exclusive access to a required banking app and the authentication keys (a worst case scenario), we would always find a way to run that app in a safe way on the Librem 5.
I can see an app like that being installed in to a secure area on the Librem 5, in to an artificial environment that the banking app believes is an actual Android OS, where all inputs and outputs to that environment are carefully controlled by PureOS. It’ll be like the people in the Matrix who would never suspect that they weren’t living in the real world. The only real thing would be your banking transactions. The OS will keep tight controls on the app and what it can and can’t see about you. Compatibility layers and random data generators would create everything the app needs (false data if necessary), to cause the illusion to them that they are spying on you. The banks and commercial interests will be guests in our world. We will not be their guests. One way or another, we will make the Librem 5 do what we need it to do in a way that keeps us in control. If nothing else, you might be able to VPN in to a rooted Android phone or tablet at home, to do banking. If that is all you use that phone or tablet for, spying on you gives them nothing.
Stopping the banks from giving your banking transaction information to commercial interests is a separate issue that would probably require interventions through the courts.