Anyway, MY QUESTION is: is it safe to use a PC with windows 7 without any updates or any kind of protection whatsoever ONLY to access bank webpages and never saving any passwords? Or am I still under some considerable risk?
If you only, and I mean ONLY visit bank websites, then the possible risk of somehow getting malware is highly unlikely. You want to go to the bank website directly though. Don't use Google or some other search engine. Reason I say this is then you'll need Ad mitigation since Ads can be laced with a malicious payload. It's called Malvertising. Bank website's can be hacked, but it's not that easy to do and would be something more for a state sponsored actor.
I'm here to tell you it's a bit of a fallacy that you need every Windows update imaginable otherwise you're somehow "exposed". I only have but four updates installed for software/hardware needs. I'm a bit unorthodox., but this ship is pretty tight none the less, let me tell you. Emphasis on the unorthodoxy on my malware protection/anti-hacking strategy. I look for things like alternative data streams, hooks, rouge modules, etc. I go above and beyond and I don't use an anti-virus. Last time I got infected was when I ran Windows 98se. And I had AVG installed of all things. Anti-virus software now-a-days is full of shenanigans with the interception of your TLS encrypted connections and sending telemetry back to home base. I think it's Norton that now packs a crypto miner. Ah, hello? what ever happened to the core of the software of virus mitigation? Modern day anti-virus software is vastly over bloated and useless for many reasons. Chances are you'll get more false positives then negatives. I also run my browser in Sandboxie. So if you're interest in that, and willing to learn check that out. My install is highly customized though.
What I do in the absence of anti-virus software is just upload each and every single cotton picking download (some images as well) to Virus Total. The general consensus is four hits and you toss. But it depends on what you have there, and if you know how to read the relations and behaviors if available at VirusTotal. Read my post here on how I use a file hash.
Firewall recommendation for Win7
It's probably waaay over the top for you though. I should do a video post on my website for this. Been meaning to.
Anyway, your router is probably more prone to being infected. Not saying Windows updates and software updates or even firmware updates should be avoided. It's just how you use them and which you decide to install. I can tell you a lot of the Windows updates invoke telemetry beyond what your other installed software does behind the scenes you don't know about.
I've been of the opinion that the likelihood of an "update" turning into a downgrade is more statistically probable than lightning on the moon. I can't tell you how many times something I've had here whether it be hardware, software or an OS get completely hosed because of an "update." And it looks true for lots for others as well just me being on various tech forums for almost two decades. Heck, just two days ago an update to a software I use hosed it over. It's called Protonmail Bridge. I'll spare the description of what it does...
If there's one thing you should keep updated on that old laptop is the browser. Eventually that may be harder to do as updates progress...
Something else. You said, " I was going to install all kinds of anti-virus on it." Bad idea. They'll work against each other.
Being perfectly honest. I'd just install Linux if you're just going to use this old laptop for banking transactions. Plus, you'll benefit from the speed improvement from Linux. Linux isn't for everyone, but simple browser apping shouldn't be much of an issue. Zorin looks promising.
Zorin OS - Make your computer better.
The other thing about Linux is you petty much don't need anti-virus software and don't have to scan everything and what not like I do all the time in Windows. Yes, Linux has viruses and there's still a hack potential, but it's not as prevalent as Windows. Heck, most servers run Linux and they're hacked all the time. The chief difference though is that a server has open ports utilizing all or damn near all seven layers of the
OSI model. Without an open port you can't connect to that website, cloud service, and everything under the sun you may connect to.