Currently the module only checks the group requirement when adding users to roles. Users are removed from the role the same way they were using civicrm_member_roles when their membership expires, but we have yet to add a check for when a user is removed from the group.