Account balance is a litmus test. If you can't liberate even that information, you've lost control over the banking and your own device.
> 2FA is either a standard TOTP generator or an SMS.
For now. Be grateful while you have it. Most banks everywhere are moving to 2FA through push notifications to their proprietary app, and are deprecating other channels. TOTP is becoming unusual in a bank; where I live, I haven't seen it in use in banking in over a decade (though I'm not counting SMS here; they're technically kind of like TOTP, but they're generated by the service, not on your end).
Between that and a web-wide push for passkeys, having a locked down smartphone is already becoming a soft requirement for doing anything on the web.
"lost control" seems odd, before 1999 I got a bank balance by phoning up a number and putting a ton of other numbers in, so I'm not sure when I ever had control
I guess I could automate my browser or write something, but the lack of a published API doesn't mean I don't have theoretical control over my device (in practice I rely on a linux distribution and firefox/mozilla to create/maintain the browser engine)
Sure in the future they could hypothetically enforce non-free methods to access my bank, and hypothetically all banks could do this, but that's certainly not the case now.