You can usually get around the need to give the profile phone permissions by toggling the option to keep the profile running in the background and then changing profiles to one that can receive SMS.
I'm not personally sure what, if any, data an app would see if it has the phone permission in a profile but the profile is denied phone/SMS access.
While I have, and use, a Mullvad subscription for my more secure profiles, I also maintain a Surfshark subscription for general use as it allows unlimited connection's.
You may want to consider fingerprint + pin for log in to your daily driver profile. It is substantially more convenient than inputting a secure password while offering very good security against the vast majority of threats. Then establish a profile for if/when you need a truly secure environment and only use that as needed and while accounting for your environment.
For banking, you are inherently going to lack a lot of privacy. KYC requirements mean that the government is going to know that you have an account and a fairly casual subpoena will get them every record your bank has on you. Using the app requires that you receive a text and, apparently, your daily driver phone has the associated Sim card in it. So after the bank records, they will subpoena the phone records for that number and thus be able to geolocate you with a high degree of precision and fairly far into the past.
Interacting with the banking system in a privacy preserving, and secure, manner is hard. It also usually requires that you have substantial funds. Irrevocable trusts, multiple layers of shell companies in select jurisdictions, multiple corporate bank accounts, lawyers (from the correct jurisdictions) on retainer/hired to appropriately structure & manage the whole set up, captive insurance and lending companies; the list goes on.
XMR is pretty good and a hell of a lot cheaper and easier to set up.