There is regulation, that's why we have mandatory 2FA for bank accounts. I think (but am not sure) that SMS phase-out is also part of that regulation, but that might also just be banks being happy to force their software onto more devices to do who knows what.