There are some that do, true, but also a boatload that don’t. In my personal experience, most don’t.
Most do, unless they’re some small town bank. That could be the difference, perhaps.
Most interesting, I checked 2fa.directory and lo and behold, one of them shows that use 2fa! It’s the dinky SMS one, but still better then none! Sad part is that a) they never informed me and b) it’s completely optional also c) this must be something from the last year or so as I’m one of those people who actively gives feedback