Marijuana remains federally illegal under The Controlled Substance Act, but this has not stopped multiple states from making marijuana legal to some extent. Several other states, counties, and cities joined this past Tuesday, November 6th,and with many new faces in favor of legalization being voted in, we should expect to see quite a few new bills signed into law over the next few years. It is inevitable that financial institutions across the country will find themselves with accounts that are in some way related to the marijuana industry. As more and more states legalize the production, sale, and use of marijuana, it is imperative that institutions take notice and make a risk-based decision on whether to bank Marijuana Related Business (MRB) accounts.
When determining this, it is important to understand that there are different levels in the MRB arena. Marijuana-related businesses have been generally broken down into three tiers.
The first tier is considered the riskiest of the three, and requires the most due diligence and oversight. This tier consists of businesses that are part of the supply chain and physically come in contact with marijuana. This may be through the manufacture, distribution, or dispensing of marijuana, or other products containing marijuana. Some of the products and businesses included in the Tier I designation are: cannabis seeds, processing companies, testing facilities, retail delivery, planting, packaging, transporting, cannabidiol, cultivation, infusing, medical dispensaries, hemp, harvesting, wholesaling, and recreational retail. This tier also includes all directly related businesses such as growers, providers, and dispensaries.
The second tier includes businesses that pose a moderate risk, since they do not directly manufacture, distribute, or dispense marijuana or other products containing marijuana. These businesses will directly provide other products and services to Tier I businesses though. Under current federal law, these companies can be viewed as “aiding and abetting” Tier I businesses, which results in the moderate-risk classification. Some on the MRB products and services included in Tier II are: hydroponic supplies, payment processing, packaging supplies, advertising/public relations, licensing consultation, training/education, industry associations, and marijuana-related software.
The third and final tier include the businesses that pose the least amount of risk. These businesses do not specifically focus on selling to Tier I MRBs; however, Tier III companies may incidentally sell to MRBs, although they may not depend on these sales for the majority of their revenue. Because Tier IIIs are known to serve Tier I MRBs though, they are still at risk of being viewed as “aiding and abetting,” which is why they are still considered to present above-normal risk. Tier III may include any type of business, but these are a few examples: attorneys, accountants, registered agents, and financial institutions.
Since federal law prohibits the distribution and sale of marijuana, financial institutions must file SARs when funds are derived from these illegal activities. This includes SARs on companies and individuals who are dually licensed under state law. Increased scrutiny and due diligence is required on these accounts and can be an added burden on Compliance and BSA departments.
As with all audit or review activities, the internal and/or third-party group will determine the areas of focus based on risk. When a financial institution decides to offer accounts to any of the previously mentioned tiers of MRBs, the risk profile is elevated and will receive more scrutiny. This is not to say an institution cannot or should not offer these accounts though.
FinCEN has given the financial industry some specific requirements to consider when banking these customers. It clearly states the enforcement priorities for banking these accounts, including: preventing the distribution of marijuana to minors; preventing revenue from the sale of marijuana from going to criminal enterprises; preventing the diversion of marijuana from states where it is legal in some form to other states where it is not; preventing state-authorized marijuana activity from being used as a cover or pretext for the trafficking of other illegal drugs or other illegal activity; preventing violence and the use of firearms in the cultivation and distribution of marijuana; preventing drugged driving and the exacerbation of other adverse public health consequences associated with marijuana use; preventing the growing of marijuana on public lands, and the attendant public safety and environmental dangers posed by marijuana production on public lands; and preventing marijuana possession or use on federal property. These guidelines are designed to assist in offering accounts and ensuring that illicit activities are still being reported.
When SARs are required, they will fall under one of the three categories: “Marijuana Limited”, “Marijuana Priority”, and “Marijuana Termination”. “Marijuana Limited” covers areas where MRBs do not appear to be implicating one of the priorities defined. “Marijuana Priority” covers areas where MRBs appear to implicate one of the priorities defined. “Marijuana Termination” covers areas where MRBs are terminated in order for the institution to maintain an effective anti-money laundering program.
It is important to note that the main goal for the bank is to effectively manage the activities of the bank, and banking MRBs is no different. Auditors will be looking to ensure the institution has taken the time to develop and implement strong policies, procedures, and controls around the bank’s activities. Strong controls and effective account management ensure these activities do not add unwanted risk to the institution or its products.
If and when your bank decides to go all-in on banking these businesses, remember to adjust your audit or review scope to ensure all applicable accounts are reviewed. At a minimum, you will want to ensure the policies, procedures, and processes are reviewed to ensure strong controls. File set-up for these customers can also assist in monitoring for specified activities, and should contain, at a minimum: copies of any state license, all business formation paperwork, a list of companies providing services, verification of all state and business licenses, copies of financials, site visits, and all CIP and beneficial ownership information.
Information accurate as of 11/7/2018