For BankID it somewhat does, because only registered services can make the request
I'm not an expert on digital banking, but this sounds like a no-brainer... Aside from marginally increasing compliance costs, why would this not just be the norm everywhere?