Both solutions would make it safer, but not impossible to get around. Someone can get the PIN Code in some more analog (getting the paper with the PIN) or digital way (interception with physical access to a phone) and getting into the persons mailbox.
Even if those attacks wouldn’t happen there’s always the chance of something more complex like calling the carrier support and saying you’ve change your address and then a week later ask for a new SIM. It can go wrong very quickly, asking for a govt ID is the easy way to solve it all.
To be fair we can have a better solution, we simply force the fucktards that run banks and other places who send SMS codes to use a simple 2FA method without bullshit apps, just provide a QR code and live with it.