TOTP is not good enough for banking where you really want to confirm specific transactions, not generate codes that an active attacker intercepting your session could use to do anything.
Fair point, but if one declines to install their proprietary apps it just falls back to SMS verification which is obviously terrible.
Kraken (a cryptocurrency exchange) allows you to set up one TOTP token for regular logins, and another, separate one for withdrawals... obviously not as good as individual confirmations but still a heck of a lot better than SMS!
I feel equally threatened by a potentially weak bank app running on my phone all the time as I would my carrier giving away the keys to the castle.