Forcing you to use stored procedures is probably a security decision.  If all of your database interaction is performed through sprocs, then they can grant the account your application connects to the database to execute permissions on your sprocs, and deny access to the underlying tables.  Without sprocs, the connection would require select, update, delete and insert privledges on each underlying table.

If your application is compromised or your connection credentials discovered, the worst an attacker could do is call the stored procedures you've written, which would require discovery time and would make it impossible for them to just alter and delete data without passing through your business rules first.