I'm not sure banks and financial institution more generally rely on ECDSA to the same degree Bitcoin does. This is not to say that they win and Bitcoin loses, only to point out that things might be more nuanced on this front. And as you correctly point out, BIP360 is an option, plus already using simple P2WPKH addresses only once would do the trick already, with the only problem being the public key being exposed as transactions are still unconfirmed in the mempool: a highly resourceful quantum attacker could observe the public key, use quantum to obtain the private key, and then double spend the same inputs hoping miners choose its transaction instead of the original one (doable with RBF).