As far as "reviews", your procedures should be risk based. For example, a grocer that cashes checks for well-known customers would not necessarily have the same risk as the check casher down the street that cashes large volumes of checks many of which are for persons personally unknown to the business.
You reviews should include such factors as: current MSB registration (state and federal), determining identity of individual responsible for program, verification of agent status if applicable, existence of AML program and be info provided should ideally be validated by periodic on-site review where possible. I would also verify the name of the independent auditor for the AML program and inquire as to whether any deficiencies had been identified.
I would be careful to ensure that the review is identifying and verifying the existence of required AML program components, not necessarily whether all components are adequate. You don't want to put yourself in the position of acting as pseudo examiner. That being said, absence or obvious weakness in any of the basic AML program pillars should be cause for concern as it could result in heightened risk for the business and ultimately the bank.
When on-site you should review signage, etc. to help you determine whether there are activities in place that have not been fully disclosed to the Bank. You can also accomplish that by cold calling the business periodically and inquiring as to services provided.
Frequency of review should be risk based and might vary anywhere from 6 months to 18 months.
_________________________
Life without Jesus is like an unsharpened pencil - it has no point.