Given the same voice get processed and recorded during a normal phone call to the bank so you would need to give consent just to talk on the phone (and they do have a disclaimer when you are calling in Europe).
Most likely this is buried deep in some massive EULA you accept when you open an account.
All processing is supposed to require explicit and meaningfully informed consent for each separate use; one of the GDPR training lessons we get over here is basically "Bob has a bunch of customer's emails he got from the sign up process, is he allowed to use them to send adverts for a new product?" and the answer is "No, that's only allowed when the customers explicitly consented to that, you can't just use any data they happen you have given you for whatever new purpose you want".
EULAs are a bit more of a mess, as all the advice I've been given says "don't hide stuff like that" while all the websites I visit are "we're going to do this anyway because we think we can get away with it".
Importantly, you can also revoke consent at any time under the GDPR. Unlimited consent isn't possible, so the bank would have to make the (dubious) claim that such processing did not require permission at all.
> Processing personal data is generally prohibited, unless it is expressly allowed by law, or the data subject has consented to the processing
- https://gdpr-info.eu/issues/consent/