I honestly don't know of an "easy" way to do that. If you have enough time on your hands you could decompile it and take a look. You could also try running it on a spare phone with a ROM that doesn't contain Google Play Services (or where it's been disabled). However, SafetyNet isn't the only line of defense. These apps often have their own root checks, which doesn't pose a problem for us because the Android image isn't rooted. (But it runs inside LXC, and you can attach a root shell into it.)
Another thing they don't like sometimes is the system build fingerprint not being recognized. We have an overlay(fs) system that allows users to customize everything inside the Android container without the hassle of rebuilding the system images or having to stay on the ball when we update things. It's not hard then to pick up the build fingerprint line from a "trusted" device and just drop it in build.prop.
All of this is a bit of a hassle, to put it mildly. But if we try to talk to any bank or contactless payment provider right now, they'll tell us to kick rocks. I guess it's a matter of time until we grow or a very smart person figures out a very clever hack. :)