Having a separate phone as a "glorified digital token" is probably within the top 3 things you want to do anyway if you are serious about digital security.
Also, if your bank uses SMS for verification then the phone should have its own phone number which you keep secret. Otherwise it's one data leak and one sim swap attack (https://en.wikipedia.org/wiki/SIM_swap_scam) from breaking your SMS verification.
See the recent discussion about pixnapping: https://news.ycombinator.com/item?id=45574613
Also, if your bank uses SMS for verification then the phone should have its own phone number which you keep secret. Otherwise it's one data leak and one sim swap attack (https://en.wikipedia.org/wiki/SIM_swap_scam) from breaking your SMS verification.