[2rsf]

I suppose the regulation will not mention "rooted devices" but will talk about the bank's obligation for risks and mitigations

[Jensson]

Yeah, as long as banks are held liable for you getting hacked they will want to check the integrity of your system in their programs.

And you don't want a world where banks are not liable for such things, they have to be or they wouldn't spend any resources on their systems.