This sounds like the closure was due to Anti Money Laundering. I suspect this sort of activity triggers the banks AML procedures and it's standard operating procedure (sometimes mandated by law) that you can't disclose if an account was closed due to AML breaches. Obviously agree that you weren't money laundering but that's what this closure sounds like.
Technically, if a SAR was filed, even the engineer he spoke to would not have known. Every training I've ever taken in that field basically says you don't tell anyone but your company's team that you filed such a report. Not a coworker, not even a Manager.
As I was reading your story and got the the part where they said they didn't have a bounty -- for some reason I anticipated that the next line would be them telling you that you could keep the $5,000.
I suspect they know they have a lot of vulnerabilities and they don't want to encourage people to poke around. I mean, their passwords aren't even case sensitive. This is also probably why they fired you as a customer, to discourage anyone else from even trying.
