I wonder how many of the use cases for a retail banking API would be simply satisfied by just allowing customers to request a weekly email with a CSV transaction file attached in a sensible format?
Banks should most definitely do this. Or maybe provide a link to a CSV file behind a login-wall (so the details passed over email can't be poached as easily)