alt Hacker NewsAML and fraud are different, and the regulatory requirements you're talking about are only one requirement for banks to follow.. they have additional, internal policies of their own that may affect account and money access. If Apple isn't following a Suspicious Activity Report (SAR), then the actions are their own, and the policies are their own.
This is true, but potential money laundering is a UAR, and the issuing bank decides whether to turn that into a SAR (merchants do not file SARs, although at Apple's scale, the conversation between merchant and bank is continuous and both sides will have fraud and AML experts at every step).
The decision to create the SAR will depend on the outputs of the multi-party investigation, which is the thing that takes time and causes visible issues for consumers.