{
  "question_text": "You must complete a new risk assessment within 30 days if which of the following happens?",
  "options": [
    "A person or group gains 25% or more ownership of Advanced Compliance Technology, Inc.",
    "A staff member misses a scheduled training session",
    "Transaction volume is higher than usual for one week",
    "A customer asks an unusual question about check cashing fees"
  ],
  "correct_answer": "A person or group gains 25% or more ownership of Advanced Compliance Technology, Inc.",
  "correct_response": "Correct. An ownership change of 25% or more is one of the events that requires a new risk assessment within 30 days. The other triggers are a significant change in your customer base and a government notice flagging high-risk activity in your area.",
  "incorrect_response": "An ownership change of 25% or more requires a new risk assessment within 30 days. Missing a training session, a temporary spike in volume, or an unusual customer question do not trigger a formal reassessment.",
  "unsure_response": null,
  "question_bank": [
    {
      "question_text": "A risk assessment covers five areas of the business. Which of the following is one of those five areas?",
      "options": [
        "The types of customers served",
        "The number of staff working each shift",
        "The profitability of each service offered",
        "The age of the business's physical location"
      ],
      "correct_answer": "The types of customers served",
      "correct_response": "Correct. Customers are one of the five areas. The five areas are: products and services, customers, locations, transaction volume trends, and regulatory changes.",
      "incorrect_response": "A risk assessment covers five areas: products and services, customers, locations, transaction volume trends, and regulatory changes. Staff scheduling, profitability, and building age are not part of the formal risk assessment.",
      "unsure_response": null
    },
    {
      "question_text": "How long must every completed risk assessment be kept?",
      "options": [
        "At least five years",
        "At least one year",
        "At least three years",
        "Only until the next assessment is completed"
      ],
      "correct_answer": "At least five years",
      "correct_response": "Correct. Every completed risk assessment must be kept for at least five years.",
      "incorrect_response": "Completed risk assessments must be kept for at least five years — not one or three years, and not only until the next one. This ensures the records are available if a government examiner asks to review them.",
      "unsure_response": null
    }
  ],
  "enrichment_content": "<p><strong>When you need a new risk assessment within 30 days:</strong></p><ul><li>Someone gains 25% or more ownership of the business</li><li>Your customer base changes significantly</li><li>The government flags your area as high-risk</li></ul><p><strong>What a risk assessment covers:</strong> products and services, customers, locations, transaction volume, and regulatory changes. You must also complete a new one before adding any new product, service, or location.</p><p>Keep every completed assessment for at least <strong>five years</strong>.</p>"
}