I've wondered about this as well.
Someone smarter from an engineering side could correct me, but I think the easiest way to 'kick them out' would be to just add a script to the page initialization that if the user status = banned, kick them to a banned page or some such thing. It would at least take care of letting them "in" until their session expires.
Also +1 you would think they would do this automatically.
@CarolineS, Also in addition to my answer, add this context object
in place of redirect_url of setRedirectUrl context-object
Once the condition is matched, it will take user to logout page.
P.S: Do not add redirect variable directly without condition into page init, it will take you into a continuous loop, and can result to server down error into your community.