do you have an organizational structure implemented, where all users pertaining to a specific region are part of a OU (or child OU) that is clearly identified with the region? If this is the case, then you have to simply create a security group based on the top level OU, including its children, and then populate a hidden field in the request based on the region field with the security group name. In this approach, you have to set up the request type user access based on the hidden field.
If the above is not the case for you, then a custom mapping should be implemented, but it will eventually end up in the same hidden field approach.
let me know if the above helps.
--remember to kudos people who helped solve your problem