Because root is not the ultimate authority of what goes on in the phone; the hardware is, and the hardware contains a TPM (Treacherous Platform Module). The TPM has secret cryptographic keys it never shares with anyone, neither root nor an unrooted OS. When the phone starts, the TPM checks if the OS has been modified from what the manufacturer supplies or not.

The bank's app can then ask the OS to sign documents using the TPM's secret keys, and the OS forwards such requests to the TPM. The TPM refuses such requests from modified OS but obliges requests from an unmodified OS. The bank's servers refuse to accept documents not signed by the TPM.

Root can't pretend to be a TPM and make up some secret keys to sign documents with because the TPM's signature is itself signed by Google, so the bank can tell the difference between root's signature and a treacherous signature.

And is there no way to make the TPM think that the OS is unmodified?

To avoid confusion, the actual name is Trusted Platform Module.