RA Explained: Part II

RA Explained: Part II

RA Explained: Part II

 
 

The Age of COVID

 

As I completed my last blog in which I recalled a story about the importance of why we have Risk Assessments, I began to think about COVID and the global economic shutdown.  Very few people outside the medical field would have ever expected or contemplated putting infectious disease into a risk assessment.  Of course, we as risk professionals have all planned for disasters including extreme weather, partial shutdown, and disaster recovery for the servers going offline.  We have planned backup contingencies, such as having a backup site for the servers, or hot or cold sites for our key staff to work out of, in case we could not get to the office. But very few of our plans contemplated that an infectious disease would shut down the nation and quarantine us for months.  This is the new world we find ourselves in and we need to prepare accordingly.

 

Being Prepared

 

A few friends of mine in the IT field told me about how their office was not prepared for COVID and the shutdown. They were not prepared to give all staff a laptop and work remotely. Only the executive level staff previously had laptops. The amount of increased traffic from the virtual workload caused servers to become overloaded and shut down.

 

Like most of us, they figured they would spend a few hours firing up the hot site and work would return as normal. COVID has changed that type of thinking.  As risk professionals, we now must take into consideration that COVID, or something like it, will hit again soon. We will need to add this reoccurring risk to our best practices and incorporate it into our risk assessments and work with the business to remediate and lower the risk.  

 

Incorporating COVID into the Risk Assessment

 

How should risk professionals, compliance professionals and internal audit professionals incorporate the risk of COVID or infectious diseases into our risk assessments? First, learn from the real-life examples you just experienced in the first half of 2020.  Take a hard look at your team, your department, your organization as a whole.  Spend time getting into the details.  Don’t just focus on what went wrong, but spend time on what went right as well, as those are wins into which you can build. In your review / findings report be sure to call out those functions that did well.  It is important to recognize the staff who exceeded expectations during this time of uncertainty.  

 

 “Recognition is not a scarce resource. You can’t use it up or run out of it.” ~ Susan M. Heathfield

 

For the tasks that did not go as smoothly, take a hard look at why things went wrong. Don’t blame people. Identifying and remediating risk is not about blame, but about finding solutions.  Below are a few best practices I like to use when helping the business come to terms with any risk identified and how to get the train back on the tracks.

 

Best Practices in Four Steps

  1. First – Education
    You must educate the business function you are working with on what the risk assessment is and why you identified it as a risk. Help them to understand your risk methodology, scoring and why you ranked the risk as you did.  Allow them to counter your ranking. Listen to them and if they present a good factual argument, consider changing your ranking.  Risk professionals are not tyrants that are looking for the “ah ha, got ya” moment. We support the business. Our job is to make the business stronger, so it can succeed at its core mission.
  2. Second – Support
    Once the risk level has been agreed upon, it is now time to get to work to reduce the risk. While some risk professionals might say, my work is done at this stage and leave the business to fix the problem on their own, that is not how I like to work.  I want to support the business function in their remediation efforts.  I feel it is my role to provide support to the business to help reduce future risk.  An example of this is recording the issue in a log and tracking the progress. Schedule ongoing status update meetings for the business, attend those update meetings, and offer guidance or advice. Most of all, keep senior management informed of the status of each risk and where it is in the remediation process. A well-informed management team can help “grease the wheels” when needed.
  3. Third – Update the Risk Assessment
    It is important that you regularly update the risk assessment with all the newly identified risks.  For small risk, annually is fine. But for larger risk, such as the shutdown that COVID created, it would be a good idea to update your risk assessment sooner, rather than later, since the risk that COVID and the shutdown created are still very fresh in your memory.
  4. Fourth – Share the Knowledge
    In addition to updating the risk assessment, ensure that the business functions are also updated on what new risks have been added.  They need to be able to prepare to address the risk or at least plan for them in the future.  You do not want to be “that” risk assessment professional that brings an updated risk assessment to a meeting, but management does not know that new risks have been added. Trust me, the meeting will not go well.  No one likes being surprised, especially during a risk assessment meeting. 

 

Final Thoughts

 

The past few months have been stressful on staff and management alike.  COVID took most businesses by surprise. No one was prepared to fully go remote with little warning and for an unknown period of time. While remote work may now seem to be the way of the future, most business were not considering it at the end of 2019, and are now just coming to terms with how to manage staff (and risk) remotely. While a lot of staff might cheer this concept for personal reasons (less commute time, more comfortable work environment, etc.) as risk professionals it opens a Pandora’s box of new risk we need to consider. Our work with identifying and risk ranking what COVID has created has only begun. 

 

“The future has many names: For the weak, it means the unattainable. For the fearful, it means the unknown. For the courageous, it means opportunity. ~ Victor Hugo

 

I would love to hear your thoughts and stories about how COVID has impacted your risk department. Please reach out to me via LinkedIn.

 

Chris Gunias
HDCS, Inc. |  Chief Compliance Officer 

Share on facebook
Share on twitter
Share on pinterest

Subscribe to our Newsletter

Our mission is to help bankers make informed decisions about whether to serve the cannabis industry and how they can do it both safely and profitably. So subscribe to our blog to stay up to date on the latest information on legislation, regulations, market insights, and compliance best practices. 

 

Each week, we’ll notify you of any new articles we post. 

Banking Cannabis: A Valuable Profit Center?

Banking Cannabis: A Valuable Profit Center?

Banking Cannabis: A Valuable Profit Center?

 

The cannabis industry is among the highest risk segments a financial institution can bank.  In no other industry do “legal and compliant” businesses coexist routinely with “illegal and non-compliant.” This places a burden on the financial institution to appropriately vet cannabis related businesses (CRBs) and monitor their ongoing transaction activity to ensure that illegal funds do not enter the regulated financial services industry.

 

 As a former bank CEO, and a subject matter expert in cannabis banking, I have spent a good deal of time contemplating the risks financial institutions take in banking the cannabis industry. I have also examined the resources potentially required by an institution in order to do it safely without present or future regulatory consequences. It all begins with the right enhanced due diligence program to thoroughly vet the CRBs. This goes beyond a normal “KYC” program as it requires the institution to take additional steps in understanding the licensing, ownership (including beneficial ownership) and adherence to the hundreds of local and state laws and regulations, which are subject to constant change.  Beyond that, the financial institution must develop a system of monitoring, auditing and reporting for each CRB account, which is typically beyond the scope of what they do for any other commercial industry. 

 

 Why Should a Financial Institution be Interested in Banking the Industry?  

 

The good news is that the cannabis industry can be a significant source of profit and liquidity for a financial institution. While most institutions are not immediately in need of excess liquidity right now, that wasn’t the case a year and half ago and probably won’t be the case in the intermediate future.  The cannabis industry represents a negative cost of funds on interest earning liabilities for a financial institution and a source of fee revenue (HDCS targets an additional 100bps of spread after all expenses). This can all be accomplished without “price gouging” the cannabis customers.  Furthermore, because the cannabis industry has been largely locked out of basic financial services, cannabis businesses will be loyal customers and target rich prospects for a number of cross-sell opportunities. 

 

It may be self-serving to say that I recommend that financial institutions hire external subject matter expertise before developing a cannabis banking program. But, that is why I created HDCS, and the truth is that there are very few people in the banking industry who have deep domain knowledge of both the regulated financial services industry and the legal and compliant cannabis industry. This is critical as the consequences of error in this industry can be significantly detrimental to the financial institution. Most likely, it is more efficient for an institution to rely on external subject matter expertise than to build and retain teams with this specific industry knowledge. This becomes even more important after federal banking guidance is issued, and federal cannabis banking enforcement begins in earnest. 

 

Today, roughly $20B in legal cannabis revenues are flowing through the U.S. banking system. The unspoken truth is that probably much more illegal cannabis revenue is also flowing through the system. Financial institutions in states in which cannabis is legal will have to contend with cannabis in one way or another.  The financial institutions that choose to openly bank the industry need to put appropriate controls and processes in place.  But once they do, they will find a loyal and profitable new customer base. 

 

A Solution Created by Bankers for Bankers

 

We would be happy to meet with you to understand your objectives and risk appetite and share our view of the best practices involved in establishing a safe and profitable cannabis banking program. Let us give you a tour of our data portal and demonstrate what a risk-focused and profitable cannabis banking program could like for your financial institution. At HDCS, one of the many things that separates us from our competitors is that we have an affordable solution for vetting your cannabis customers created by bankers for bankers. 

 

Use this link to schedule a video conference at a time that is convenient for you and your team, or you can email me directly at a.montgomery@hdcompliance.com

 

Andy Montgomery
CEO and Founder | HDCS, Inc.

Share on facebook
Share on twitter
Share on pinterest

Subscribe to our Newsletter

Our mission is to help bankers make informed decisions about whether to serve the cannabis industry and how they can do it both safely and profitably. So subscribe to our blog to stay up to date on the latest information on legislation, regulations, market insights, and compliance best practices. 

 

Each week, we’ll notify you of any new articles we post. 

Scientists and Veterans Sue the DEA?

Scientists and Veterans Sue the DEA?

In this week’s video, I talk about a lawsuit taking place in my home State of Texas.

 

A group of four hemp producers sued the State of Texas last month over the ban of smokable hemp, which currently prevents the production, distribution and sale of products intended for smoking or vaporization.

A Travis County Judge (Lora Livingston) granted a temporary injunction that effectively voids the ban until the conclusion of a trial set to begin in February.

 

I will be keeping a close eye on this lawsuit here in Texas.

 

Also there is a fairly new, bipartisan bill that was introduced in the House earlier this month.  H.R.8179 titled Hemp and Hemp-derived CBD Consumer Protection and Market Stabilization Act, if passed could be a game changer for our friends in the hemp industry.

 

Click here to ready my blog on Hemp 

 

In this week’s video I thought about talking about how the House passed the SAFE Banking Act for a third time; however, I will wait to discuss the SAFE Banking Act when it passes both the House and the Senate.

 


 

So instead, today I talk about an ongoing lawsuit between a team of scientists and military veterans against the DEA and its scheduling of marijuana.

Share on facebook
Share on twitter
Share on pinterest

Subscribe to our Newsletter

Our mission is to help bankers make informed decisions about whether to serve the cannabis industry and how they can do it both safely and profitably. So subscribe to our blog to stay up to date on the latest information on legislation, regulations, market insights, and compliance best practices. 

 

Each week, we’ll notify you of any new articles we post. 

In this week’s video, I talk about a lawsuit taking place in my home State of Texas.

In this week’s video, I talk about a lawsuit taking place in my home State of Texas.

In this week’s video, I talk about a lawsuit taking place in my home State of Texas.

 

A group of four hemp producers sued the State of Texas last month over the ban of smokable hemp, which currently prevents the production, distribution and sale of products intended for smoking or vaporization.

 

A Travis County Judge (Lora Livingston) granted a temporary injunction that effectively voids the ban until the conclusion of a trial set to begin in February.

 

I will be keeping a close eye on this lawsuit here in Texas.

 

Also there is a fairly new, bipartisan bill that was introduced in the House earlier this month.  H.R.8179 titled Hemp and Hemp-derived CBD Consumer Protection and Market Stabilization Act, if passed, could be a game changer for our friends in the hemp industry.

 

Click here to read my blog on Hemp 

Share on facebook
Share on twitter
Share on pinterest

Subscribe to our Newsletter

Our mission is to help bankers make informed decisions about whether to serve the cannabis industry and how they can do it both safely and profitably. So subscribe to our blog to stay up to date on the latest information on legislation, regulations, market insights, and compliance best practices. 

 

Each week, we’ll notify you of any new articles we post. 

No medical marijuana for Nebraska?

No medical marijuana for Nebraska?

 

In this week’s video I talk about why Nebraska’s Supreme Court removed a medical marijuana initiative from this November’s ballot.

 

Share on facebook
Share on twitter
Share on pinterest

Subscribe to our Newsletter

Our mission is to help bankers make informed decisions about whether to serve the cannabis industry and how they can do it both safely and profitably. So subscribe to our blog to stay up to date on the latest information on legislation, regulations, market insights, and compliance best practices. 

 

Each week, we’ll notify you of any new articles we post. 

Another win for safe cannabis banking!

Another win for safe cannabis banking!

 

California passed AB.1525, which provides protections for the State’s financial institutions servicing the cannabis industry, right before the end of the 2020 session.

 

Also mentioned is California’s DOB guidance

Share on facebook
Share on twitter
Share on pinterest

Subscribe to our Newsletter

Our mission is to help bankers make informed decisions about whether to serve the cannabis industry and how they can do it both safely and profitably. So subscribe to our blog to stay up to date on the latest information on legislation, regulations, market insights, and compliance best practices. 

 

Each week, we’ll notify you of any new articles we post. 

Cannabis related lawsuits?

Cannabis related lawsuits?

This week’s video I talk about a lawsuit that could shake up the cannabis industry in the state of Florida.

Share on facebook
Share on twitter
Share on pinterest

Subscribe to our Newsletter

Our mission is to help bankers make informed decisions about whether to serve the cannabis industry and how they can do it both safely and profitably. So subscribe to our blog to stay up to date on the latest information on legislation, regulations, market insights, and compliance best practices. 

 

Each week, we’ll notify you of any new articles we post. 

Is it Time to Discuss the Realities of Cannabis in Your Bank with your Board?

Is it Time to Discuss the Realities of Cannabis in Your Bank with your Board?

Is it time to discuss the realities of cannabis in your bank with your board?

 

By Andy Montgomery | CEO and Founder of HDCS | Former Bank CEO

 

Is Banking Cannabis Safe?

 

It is very unlikely that the SAFE Banking Act for cannabis banking will get past the Senate this year and become law. Still, if you pay acute attention to regulators at the State and Federal level, you can hear a decided change in the tone of their voices regarding financial institutions that choose to provide services to cannabis related businesses. In nearly every speech she gives these days, FDIC Chairwoman, Jelena McWilliams, points out that member institutions would be fine with their regulators in banking cannabis if they adhere to the existing guidance. Chairman Hood of NCUA has been making those same comments about its member institutions for some time. And a few States have acted to provide statutory protections to financial institutions that provide services to the cannabis industry.

 

Are you Unintentionally Banking Cannabis?

 

The truth is that approximately $20 Billion goes from legal cannabis related businesses into financial institutions each year. That amount continues to grow and does not include the illegal or illicit cannabis business, some of which flows undetected through the financial services industry illegally. As there are a limited number of financial institutions across the nation openly accept cannabis deposits, a good portion of cannabis revenue is flowing into financial institutions without the institution’s knowledge, or, at least, without a risk-based program that identifies and mitigates that risk. And, as “best practices” get learned and implemented, more and more BSA/AML audits are uncovering hidden cannabis deposits.

 

What is Your Bank’s Risk Appetite?

 

We find in our outreach that financial institutions take one of three positions as it relates to cannabis:

 

  1. The financial institution doesn’t want to bank cannabis now or in the future. This is the most common position. However, in presenting this risk policy, institutions need to ensure that their practices and deposit portfolio match their risk appetite statement.
    If the institution does not adjust current policies, training and oversight, not only could the institution ultimately be presented with the unwanted finding that they are banking cannabis, but because they don’t have enhanced due diligence in place they could find that it is banking illegal cannabis business.
  2. The institution wants to be ready for cannabis when a SAFE Banking Act passes. We run into a surprising number of institutions in this category. Given the statements that regulators are making, one has to wonder if it makes sense to wait for congressional action.
    Cannabis businesses will be very loyal/sticky customers to the institutions that are early movers in the space and, as they have previously been shut out of the financial services industry, the businesses represent a number of cross-sell opportunities.
  3. The institution is openly banking cannabis. This number is a small part of the industry. What is smaller still are those banks that have approached the industry with the intention to create safe and profitable programs. Our advice to these banks is to not have an ad-hoc program, but instead approach the business with the thoughtfulness and preparation that Is needed for what is the highest risk deposit industry.

 

SAFE Banking is on the Horizon

 

When a Federal cannabis “Safe Banking Act” is eventually passed, it will be accompanied by increased regulatory scrutiny and a tightening of standards for all institutions regardless of risk appetite for the industry. As of today, we do not have Federal guidance providing the governance and rules for banking cannabis related businesses. When FFIEC establishes the rules for institutions, each institution that is in a state in which cannabis is legal and flourishing will have to put controls and protocols in place to ensure that it is adhering to the new regulations, state and local laws, and the risk appetite that was established by its board of directors.

 

There is a Safe and Profitable Solution

 

At HDCS, one of the many things that separates us from our competitors is that we have an affordable solution for vetting your cannabis customers created by bankers for bankers.

 

We would be happy to meet with you to understand your objectives and risk appetite and share our view of the best practices involved in establishing a safe and profitable cannabis banking program. Use this link to schedule a video conference at a time that is convenient for you and your team, or email me directly at

a.montgomery@hdcompliance.com. Let us give you a tour of our data portal and demonstrate what a risk-focused and profitable cannabis banking program could look like for your financial institution.

Share on facebook
Share on twitter
Share on pinterest

Subscribe to our Newsletter

Our mission is to help bankers make informed decisions about whether to serve the cannabis industry and how they can do it both safely and profitably. So subscribe to our blog to stay up to date on the latest information on legislation, regulations, market insights, and compliance best practices. 

 

Each week, we’ll notify you of any new articles we post. 

Risk Assessments Explained by Chris Gunias

Risk Assessments Explained by Chris Gunias

Risk assessments explained by Chris Gunias

 

Why Ask Why?

 

A few years back, as the head of a compliance department at a large money services business (MSB), I was asked why we needed to conduct an internal risk assessment again, considering over the past 10+ months the company completed an independent review and three state regulatory exams. The supervisor who asked the question said, in a half joking manner, “We’ve completed the last risk assessment 12 months ago and passed all our audits and exams this past year, how much risk could we really have?”

 

Assessing the Assessment

 

It was a good question. Over the past year, we had received very high marks on our audits and exams with only minor findings and recommendations. I decided I was going to use this as an educational opportunity and to teach my AML staff the importance of conducting a risk assessment on an annual basis, regardless if you think you need it or not.

 

I began the conversation, repeating the supervisor’s question and asked my staff how many of them agreed. It was about 50/50 (of a staff of 12) between agreeing that we needed an annual risk assessment and not needing one because of the recent successful exams. This was about what I expected since over half the staff had only been in the AML field for around a year or so.

 

In order to make this an interactive learning environment, I pulled out a dry erase marker and had the staff call out to me, as I wrote every new product or service we offered in the past 12 months; all new AML monitoring typologies and best practices we developed; any new risk categories we created for Enhanced Due Diligence (EDD) / Know Your Customer (KYC) as well any current industry trends or news they could think of that might pose a risk to the business. After half an hour of having topics yelled out to me, we have an impressive list of over 30 items.

 

Light Bulb Moment

 

Next, I had the staff pull up the previous year’s risk assessment and compare how many of the items on our list were already covered and if so, what risk rating they were assigned. It was during this next half hour period that I could see the “light bulbs” go off over their heads. Each of my staff members began to realize that 20 or so items on our list were not included in last year’s risk assessment. They understood that the MSB world is incredibly fluid and new risk arise all the time. Just because we identified the risk as part of a suspicious activity review, wrote up a methodology on how to identify the activity and a procedure on how to work the problem, the risk was still there and needed to be memorialized. This, I told the “class” was why an annual risk assessment is so important.

 

In order to protect your company from risk, you must first know what the risk is and how much danger it presents. Then you can work on mitigating the risk.”

 

Risk, I told them, can be mitigated down to low, but the risk never leaves. An annual risk assessment that incorporates new risk as well as reviews older existing risk is important to make sure that ALL Risks, not just Current Risks are always being reviewed. The example I used was, if a building sitting on a flood plain buys flood insurance, the risk is still present. All the insurance did was give peace of mind that if damage were to happen, the company would receive funds to rebuild. You still must review and rank the risk and determine your best estimate of the amount of damage the flood would create every year to know how much insurance to keep. The same goes for any other industry like MSBs, credit unions and banks. To protect your company from risk, you must first know what the risk is and how much danger it presents. Then you can work on mitigating the risk.

 

As I saw nods of understanding from the staff, I felt this was a good time to address the original question from the supervisor, “We’ve completed the last risk assessment 12 months ago and passed all our audits and exams this past year; how much risk could we really have?” I repeated the question aloud once and then a third time to the team. I encouraged the supervisor that it was a fair question and in my opinion a trap that a lot of compliance people can get themselves into. I asked my staff “Why have independent audits and regulatory safety and soundness exams if they don’t identify all the risk for you?” I of course received the typical, it’s required by law answer, but for the most part, the team did not have the years of experience to answer the question. So, I asked a different question “Why are we required to have an annual independent audit and regulatory exams by the states?” The staff knew these audits were required and if we failed our MSB license could be jeopardized, but they did not understand the true reasoning behind them. It was what I expected. So, I sat down and looked each person in the eye and told them my thoughts on the matter.

 

I said, the states require that we take steps to protect the citizens of those states from being scammed, from allowing fraud into our system and that we do our part in helping to stop the “bad guys” by filing suspicious activity reports. Furthermore, I told them, the states require that we be financially sound and have safeguards in place to protect the integrity of the financial system. In short, the purpose of the regulatory exams and the independent audit is to make sure we are compliant with laws and regulators first and foremost. However, we have to have a strong AML program to ensure that honest people can transmit their money safely and that we do our best to stop the dishonest ones is the reason why we have regulation in the first place, and the key tool that every AML department has to achieve this task is its risk assessment. Without knowing where our risk lie, how can be put in measures to reduce the risk and safeguard our customers?

 

A risk assessment is not just an annual thing you do to get it over with. It is something that must be embraced and nurtured.”

 

 As the meeting was nearing the three-hour mark, I had one final parting bit of advice for my staff. I told them; I had been in the compliance industry for over 15 years. Some of you will get out of compliance after a few years and try a different industry, some of you will grow and become superiors and managers and possibly even BSA Officers. All of you, no matter what industry you go into or what level of management you achieve, will need to understand that regardless of the business you are in, and the department you work for, there will always be risk. Understanding that you need to identify those risk sooner rather than later and put a plan in place to mitigate the risk will ensure that you will be successful in your career. A risk assessment is not just an annual thing you do to get it over with. It is something that must be embraced and nurtured. The risk is never going to leave, and new risks are right around the corner. Reviewing and updating your risk assessment on a regular basis will ensure you stay on top of your risk. Plus it never hurts that having a strong risk assessment process will impress state regulators as well as your future manager. This is something that all of us should strive to do.

 

As the staff headed back to their desk, the supervisor who asked the original question came up to me. He told me that he appreciated how I answered his question and that I included the whole staff. He thought it was good that the knowledge I passed on reached every level of the staff. He appreciated that I could have just told him and him alone the answer, but that I included everyone. I thanked him for asking the question in the first place. It was a good opportunity for me to show case one of my core management beliefs, that “We all learn and adopt together.”

 

He looked at me with a inquisitive look, “We all learn and adopt together?” He asked. That is correct I replied, but that is a story for another time…

 

Chris Gunias
HDCS, Inc. / Chief Compliance Officer

Share on facebook
Share on twitter
Share on pinterest

Subscribe to our Newsletter

Our mission is to help bankers make informed decisions about whether to serve the cannabis industry and how they can do it both safely and profitably. So subscribe to our blog to stay up to date on the latest information on legislation, regulations, market insights, and compliance best practices. 

 

Each week, we’ll notify you of any new articles we post. 

Enhancing the Enhanced Customer Due Diligence

Enhancing the Enhanced Customer Due Diligence

Enhancing the enhanced customer due diligence

 

Most bankers are remarkably familiar with customer due diligence; however, banks that allow higher-risk customers (casinos, jewelers, MSBs, etc.) are familiar with enhanced customer due diligence. Furthermore, banks that have successfully implemented a cannabis banking program understand that there is an ENHANCED, enhanced customer due diligence.

An integral part of knowing your cannabis customer is knowing the industry and knowing the regulatory and legislative outlook regarding the industry.

 

The FDIC and FFEIC on Due Diligence

Currently, there is no mandate from Congress allowing for federal safe banking guidance for the cannabis industry. However, there is some guidance from FinCEN and the FFEIC BSA/AML manual defines customer due diligence and enhanced due diligence.

Recently, FDIC’s Chairwoman McWilliams has been quoted to say that that she thought bankers would be “OK” with regulators if they conduct due diligence that ensures licensed entities comply with state regulations and follow the 2014 FinCEN guidelines, including the filing of suspicious activity reports (SARs).

 

The NCUA and NAFCU

In March of 2019, NCUA Chairman Hood stated that credit unions would not be sanctioned for providing financial services to cannabis related businesses in an interview with Credit Union Times.

In 2019, the NAFCU released a fifteen page “Marijuana Banking” brief which provides a legislative outlook and regulatory landscape including the NCUA, Treasury, SBA, USDA and the FDA. The NAFCU also released a few FAQs for credit unions on banking marijuana related businesses. This document addresses the costs associated with banking cannabis related businesses. It considers compliance costs, legal costs, educational costs, logistical costs and reputational costs.

 

FinCEN

In FinCEN guidance FIN-2014-G001, financial institutions are reminded that, “…the decision to open, close, or refuse any particular account or relationship should be made by each financial institution…” and “Thorough customer due diligence is a critical aspect of making this assessment.” This guidance also goes on to list seven essential steps in the due diligence process and lists eleven red flags, but it also states that this list is not, …”an exhaustive list.” So outside of the eleven red flags provided by FinCEN how would a financial institution know if their cannabis customer is violating local, state or federal laws or implicating one of the Cole Memo priorities? The answer is in knowing your customer along the local, state and federal laws.

On July 22, 2019, a joint statement was released titled Risk-Focused Bank Secrecy Act/Ant-Money Laundering Supervision. This statement reminds financial institutions that, “As federal banking agencies have previously stated, banks are encourage to manage customer relationships and mitigate risks based on customer relationships rather than declining to provide banking services to entire categories of customers.”

I should also mention that a financial institution isn’t just responsible for conducting EDD on the primary owners of their cannabis related businesses, they also need to know all beneficial owners and key management.

Recently, FinCEN released a few FAQs regarding customer due diligence and they also release a quarterly Marijuana Banking Update.

 

What About Hemp?

Industrial hemp may have been made federally legal (removed from the Controlled Substance Act) by the 2018 Farm Bill; however, not every State has allowed for legal industrial hemp (although this is rapidly changing). It’s important to know your State’s specific plan.

There is some helpful guidance for banking industrial hemp customers. In December of 2019, there was a joint statement released titled Providing Financial Services to Customers Engaged in Hemp-Related Businesses, and on June 29, 2020, FinCEN release additional guidance regarding due diligence requirements under BSA for hemp related business customers. And recently, the USDA released guidance on servicing direct and guaranteed loans with hemp producers.

In June of this year, the NCUA released interim guidance regarding the hemp industry, and in August of 2019, the NCUA released guidance on servicing hemp businesses, but it has not released specific guidance for marijuana businesses.

It is important to note that although industrial hemp is federally legal, these customers are still considered high-risk, and therefore, the customer due diligence must still be enhanced. Here is a link to my blog to learn more about hemp.

 

CSBS

The Conference of State Bank Supervisors provides an up to date insight in their living Cannabis Job Aid. This encompassing document provides a hemp job aid, marijuana job aid, state by state cannabis policies, territory cannabis policies, Indian Tribe hemp status, and reference documents.

This is a great resource for the implementation of a cannabis banking program and for ongoing monitoring. The CSBS also references several documents already mentioned is this article along with the FFIEC’s BSA/AML Examination Manual, which defines and outlines enhanced customer due diligence.

 

Let’s Not Forget About the Cole Memo

And with most guidance, the eight Cole Memo priorities are typically included. Even though it has been rescinded, FinCEN guidance FIN-2014-G001 has not been rescinded and it defines these priorities.

Ensuring that a cannabis related business is not implicating any of the Cole Memo priorities is an integral part of the initial and ongoing customer due diligence.

 

California’s Department of Business Oversight

HDCS’s clients are not just in California; however, this report released in October of last year gives some insight not only on enhanced customer due diligence but on cannabis banking programs in general.

 

Enhanced Customer Due Diligence starts with Knowing Your Customer

In a cannabis banking program, cannabis related businesses must provide full transparency. There is no privacy in cannabis banking, there must be full disclosure. The bank’s personnel must know the owners, beneficial owners, managers, employees, and typical day-to-day operations and how those daily operations compare to similar businesses. How does the BSA officer obtain this information?

It starts with a thorough site visit audit. A site visit audit is the cornerstone of proper enhanced due diligence within a financial institution’s cannabis banking program. You must familiarize yourself with local cannabis laws. Is this customer in hemp or marijuana? Is this customer a cultivator? A producer? A microbusiness? A dispensary? A testing facility? Is this a vertically integrated company? Each type of business has its own specific regulations that it must comply with to maintain a license, to maintain a legal status.

Once you know the laws for each specific business, you will need to create a checklist. Some items can be checked off before you even walk onto the property. Some information should be located through the local cannabis regulatory website before your site visit. You should also determine how often you and your staff will conduct these audits.

Once you have gathered everything via internet, it is time to visit your potential new customer. And bring your camera, regulators love pictures.

 

Labor Intensive and Expensive? We Have an Affordable Solution.

“Risk comes from not knowing what you are doing.” ~ Warren Buffett

 

At HDCS, one of the many things that separates us from our competitors is that we have an affordable solution for vetting your cannabis customers created by bankers for bankers.

We already know the local and state laws and guidance.

We have created thorough Site Visit Audits that you and your team can utilize.

We also have training programs for you and your staff along with training for the cannabis related business.

We would be happy to meet with you to understand your objectives and risk appetite and share our view of the best practices involved in establishing a safe and profitable cannabis banking program. Use this link to schedule a video conference at a time that is convenient for you and your team, or email me directly at b.postar@hdcompliance.com. Let us give you a tour of our data portal and demonstrate what a risk-focused and profitable cannabis banking program could look like for your financial institution.

 

Becky Postar
HDCS, Inc. / Director of Product and Business Development

Share on facebook
Share on twitter
Share on pinterest

Subscribe to our Newsletter

Our mission is to help bankers make informed decisions about whether to serve the cannabis industry and how they can do it both safely and profitably. So subscribe to our blog to stay up to date on the latest information on legislation, regulations, market insights, and compliance best practices. 

 

Each week, we’ll notify you of any new articles we post.