1. Legislation - many companies don't have a choice because they're based in countries which force them to retain access logs for a certain period of time. Some don't admit this because they understand it goes against their business model. NordVPN despite the Nordic name is actually based in Panama for this very reason.
2. Liability - if somebody was using their services to hack the CIA or distribute child porn, they could find this person and work with relevant organisations which would decrease their criminal liability. As it stands NordVPN can track these people but only as they are currently online and doing bad things then their connection disappears into the ether. There's no historical footprints.
3. Billing - it's useful for many analytics and advertising. They can suggest higher tiers to higher users, maybe market them something they are interested in, the general stuff.