These are all good ideas, but unfortunately really not that easy to implement, largely due to institutional inertia, but also because it would put the bank at a competitive disadvantage with others: Often, security and convenience really are trade-offs.
> Don't depend on another channel for resetting any of the credentials.
What if a customer's house burns down with their phone and Yubikey in it?
> For person to person instant transfers, have velocity limits and legal framework to clawback and prosecute in case of fraud.
That's not up to a single bank.
> For large value transfers, require payees to be added to the account and have a 1-2 days cooling off period.
"Why are you telling me what I can and can't do with my own money!?"
Sometimes, large value transfers really do need to happen quite spontaneously to a previously-unknown recipient, e.g. for a used car purchase.
> Use a pre-registered and securely couriered FIDO2 token (Yubikey)
That would indeed be great, but not a single bank I've done business with supports FIDO. In fact, I haven't even heard of one that does (I might just open an account with them!)
> Don't depend on another channel for resetting any of the credentials.
What if a customer's house burns down with their phone and Yubikey in it?
> For person to person instant transfers, have velocity limits and legal framework to clawback and prosecute in case of fraud.
That's not up to a single bank.
> For large value transfers, require payees to be added to the account and have a 1-2 days cooling off period.
"Why are you telling me what I can and can't do with my own money!?"
Sometimes, large value transfers really do need to happen quite spontaneously to a previously-unknown recipient, e.g. for a used car purchase.
> Use a pre-registered and securely couriered FIDO2 token (Yubikey)
That would indeed be great, but not a single bank I've done business with supports FIDO. In fact, I haven't even heard of one that does (I might just open an account with them!)