I think a big risk is a cpu level security issue similar to meltdown or spectre that ends up weakening the hardware isolation between tenants to the point where it can be exploited on mass on the cloud providers to wreak havoc. The probability of something like this happening is very low but not zero, I would say same level of probability as datacenter fire or earthquake banks should be planning for how to handle this type of event.
I don't see that this risk is any different than a similar apocolyptic failure happening to your on-prem equipment. There's not much you can do about it differently than the cloud just add some extra controls and hope for the best.
I very much doubt that anyone would not use the cloud because of a theoretical de-isolation bug.
Also, by the time you found out, it would probably already be too late anyway if you were a victim. If not, you just switch it off.
I am not saying that they should not use cloud just that it is important to have a plan in place to deal with a unlikely but high impact security event affecting a cloud provider. Just like companies have business continuity plans in case a data center disaster they need to have plans for evacuate a cloud provider should they need too.
I put on my seat belt when I drive on the highways even though a nasty crash at 120 kph would likely kill me. Not using a seat belt because you will be severely injured anyway is not wise.
Given the amount of profit banks make what is the Downside of having them be resilient against public cloud failures?
We can be almost certain that there are sw and hw vulnerabilities that can be so exploited, given the rate of discovery and knowing what now-public hypervisor and cpu vulns a time traveler from today could exploit eg 5 or 10 years in the past.
