How would it not be? "I refuse cookies" is not a protected class, thus a private business may discriminate it at will. Same way a business could refuse to admit patrons not wearing shoes or carrying a firearm.
GDPR does not regulate cookies, it regulates usage of PII (personally identifiable information). So blocking cookies on principle is not against it, but collecting PII without consent is. Forcing the user into accepting, such as saying "click accept or pay" also is.
European courts have jurisdiction in the EU, and CNBC is accessible in the EU unlike some other US websites, so they have to follow GDPR at least for EU visitors. And as far as I know cookie rejection must not influence the basic functionality of the site.
I'm not an expert on the GDPR (and I'm frankly sick of hearing about it) but surely what it bans is tracking cookies, and not cookies necessary for the proper function of the website?
Exactly, it regulates collection of PII, which includes most tracking cookies.
It doesn't really regulate "refusing service due to disabling of browser features", but then again it's a complex law, so someone (even a court) might argue otherwise, but it's doubtful.