Cloudflare probably is easier than running your own servers and configuring them correctly - I don't know since I haven't used them myself.
But it sounds like you're not very familiar with the importance of the private key. If anyone else other than the bank obtains the bank's private key, the bank would consider that a serious failure, since it means others could impersonate them. The whole point is that you shouldn't give your private key to anyone else, and that without that key, others can't impersonate you.
This "keyless SSL" scheme allows the bank to set up an entity it controls which knows the key. This entity delegates to cloudflare the ability to pretend to be the bank on a request-by-request basis, without divulging the key to anyone. If cloudflare gets compromised, the bank can stop that delegation on demand, the compromise is closed and the key is kept safe.
But it sounds like you're not very familiar with the importance of the private key. If anyone else other than the bank obtains the bank's private key, the bank would consider that a serious failure, since it means others could impersonate them. The whole point is that you shouldn't give your private key to anyone else, and that without that key, others can't impersonate you.
This "keyless SSL" scheme allows the bank to set up an entity it controls which knows the key. This entity delegates to cloudflare the ability to pretend to be the bank on a request-by-request basis, without divulging the key to anyone. If cloudflare gets compromised, the bank can stop that delegation on demand, the compromise is closed and the key is kept safe.