alt Hacker NewsIt's not just corporate policy, it's regulatory requirements in the US.
You must block financial activity, and you must not communicate any details to the customer, upon reasonable suspicion of money laundering activity. There's a process and a prescribed timeline for getting things resolved. There is no penalty for a false positive, but there are large penalties for false negatives.
Having watched hundreds of these things happen, all of the details point squarely to an AML problem. For closed loop gift card programs, the merchant, program manager, issuing bank, and possibly the seller all get involved. It takes time.
This doesn't require shutting off a user's access to their data though -- just preventing financial activity. Apple might not have adequately fine-grained permissions around account suspension to support this, and obviously they should fix that!
AML and fraud are different, and the regulatory requirements you're talking about are only one requirement for banks to follow.. they have additional, internal policies of their own that may affect account and money access. If Apple isn't following a Suspicious Activity Report (SAR), then the actions are their own, and the policies are their own.