We ran into a similar situation a while back. Every customer is different however I'll give you some insight as to what happened with us: we discovered that they cashed >$1000 as you did, and gave them a soft warning about the requirements. They then did it 1-2 more times, at which time we required that they register with FinCEN, to which they fought us again stating that "it was not their policy to do so, it wasn't normal, etc." and we put them on final warning. It then happened AGAIN, and we gave them the ultimatum, at which time they registered.
Some key takeaways from the situation were 1) the fact that it happened once prompted a 100% review of all deposits, which is quite the cumbersome task (especially with this one, as they cashed TONS of checks), so it will weigh heavily on review staff 2) the fact that it happened once means that clearly there is either no policy or a breach in policy, something that can absolutely happen again, which makes your risk more significant.
I'd say look into why it happened. Do they have a policy at all, and was this just one isolated deviation? If so, how was policy able to be broken in this instance? And is it worth it to provide necessary resources to this customer to ensure they're doing what they say they're doing? Fees are great, but if the cost of monitoring outweighs the benefit, it might be best to give them the ultimatum. Even then you'll still have to monitor, but that will be one less factor to look for.
Life is like a bicycle. To keep your balance, you must keep moving.