this is the primary (official) reason why most banking apps require an unrooted device, and check that the bootloader hasn’t been tampered with. they don’t really care what you do with your phone, but a custom ROM doesn’t have to comply with the usual official checks and balances, and so theoretically could be malicious.
the bank “trusts” the official OEM rom, because the OEM rom belongs to a company that can be “controlled”. ie. pressured into ensuring apps are safe, etc.
the bank doesn’t trust the open source rom, because it isn’t “owned” by an entity that can be controlled.
a reason lots of companies don’t like open source, is because"who do you sue when something goes wrong?". closed source isn’t any safer, but at least you know who to sue when it breaks.
yup, feed it to the cat, and observe what happens…
/s