It's hard to answer your question without the actual policy in front of me, but I'll give it a shot anyhow.
If you determine a customer requires further monitoring, then you should implement processes to do so, and mention them in the policy.
In terms of suspicious activity, you should have processes to ensure compliance with the 90-day timeline.
Your policy absolutely should address continuing suspicious activity, and include parameters for actions such as providing the structuring notice and closing accounts. "Three strikes and your out" seems to be pretty common, but you'll want to word it in a way that allows for flexibility.
If you're stuck, just consult the exam manual, and make sure you're addressing the key risks that apply to your institution. Also, check out some of the Banker's Tools on this site.
_________________________
CFE, CAMS