My bank doesn't _and_ there's a redirect to a different domain (rbs.co.uk homepage does to personal.rbs.co.uk, rbs.co.uk/englandandwales or the login link goes to rbsdigital.com). Serve a redirect on the non-HTTPS rbs.co.uk to some other plausible domain with a valid HTTPS certificate, and I probably wouldn't notice.
Last time I checked, about 2 years ago, none of the Swedish banks used HSTS. And a couple of them used HTTP on their main page and and HTTPS on their internet bank which was put on some weird domain. Chrome's changes has since then forced them to move everything to HTTPS but I would be very surprised if they all use HSTS now.