A team is reviewing a requirements specification for a banking application. They have experienced reviewers but have noticed that previous ad hoc reviews missed many defects related to security and regulatory compliance. Which review technique would BEST address this problem?