My suggestion prevents this risk. Don't give anyone your
private keys. This prevents any message you have not seen (or
processed) from being signed. By having the bank sign their
own messages, rather than some untrusted third-party, then
what is contained within the message remains within their
control.
You are suggesting that the largest banks in the world, not to mention
any other company that outsources email sending are likely to make a
major change in their current business practices wrt email.
This is certainly a bracing approach to requirements analysis if nothing
else.
From where I sit what you have sucessfully argued is the case for
per-user keying.