And how does that relate to the fact that banks would like to have a weaker version of TLS 1.3? If a nefarious entity is stealing your data they're (probably) MITMing your connection with the bank, in which case TLS 1.3 is likely an improvement for you and the bank and so is the forward secrecy part. If it's more along the lines of social engineering then the whole TLS thing becomes moot.
Sure they might be inside the bank's network in which case being able to more easily decrypt traffic could help in sighting this kind of activity, but there's easier ways of stealing people's data and impersonating them than infiltrating a bank.
But the bank follows the regulations that tell it to give me all my money back, if there's some fraud. I don't have any money to lose if the bank does not implement security properly. Only the bank has to lose.
They'll refund you after you've already lost the money, or the attacker might use the bank details as part of larger-scale identity theft that might come to leave you in hot water with law enforcement if he uses your identity to commit a crime. All that inconvenience is your own loss, and the bank paying damages for that doesn't really "fix it"
Sure they might be inside the bank's network in which case being able to more easily decrypt traffic could help in sighting this kind of activity, but there's easier ways of stealing people's data and impersonating them than infiltrating a bank.