PMP Practice: Use methods to support compliance

Jambo Cloud Solutions is developing a multiplayer mobile game using two-week sprints. The regulatory compliance team has flagged potential violations of children's privacy regulations (COPPA-equivalent in their jurisdiction) that could result in substantial fines if not addressed. The product owner, Rohan Mehta-Singh, has identified three compliance-related user stories that must be completed to avoid regulatory penalties: Story A: Implement parental consent workflow (Story Points: 8, Probability of regulatory audit if not completed: 35%, Estimated fine: $180,000) Story B: Add age verification at registration (Story Points: 5, Probability of regulatory audit if not completed: 60%, Estimated fine: $120,000) Story C: Create data deletion request system (Story Points: 13, Probability of regulatory audit if not completed: 25%, Estimated fine: $200,000) The team's demonstrated velocity is 20 story points per sprint. Jambo must prioritize compliance work for the next sprint but can only fit one major story due to already-committed feature work consuming 12 story points. The CFO has asked her to calculate the expected monetary value of the regulatory risk for each story to inform the prioritization decision. Based on standard risk quantification, which story presents the highest expected monetary value of regulatory exposure if NOT completed in the upcoming sprint?