Skip to site navigation Skip to main content Skip to footer content Skip to Site Search page Skip to People Search page

Bylined Articles

Should We or Shouldn't We? That Is the Question

By Arthur A. Coren
September/October 2017

Should We or Shouldn't We? That Is the Question

By Arthur A. Coren
September/October 2017

Read below

Arthur Coren
Arthur A. Coren

Over the past few years the number of states that have legalized marijuana in some form has grown substantially to the point where, as of this writing, 29 states and the District of Columbia have legalized marijuana for either medical or recreational use. This recent acceptance of marijuana by a significant number of states has created a brand new industry, which is estimated to generate approximately $7.0 billion in 2017 and $24.5 billion by 2025. This industry is clamoring for acceptance into a financial system that allows participants to bring the cash generated into the secure environment afforded by our banking system. This will not only provide security to the marijuana related businesses ("MRBs"), but will also permit better accounting, monitoring, and taxing of funds generated by those businesses.

Yet the fact that the distribution and sale of marijuana remains a crime subject to enforcement under the federal Controlled Substances Act ("CSA") creates a significant dilemma for financial institutions, leaving them asking, "should we or shouldn't we?"

The basic guidance to financial institutions entering this line of business is offered by the "Guidance Regarding Marijuana Enforcement" (August 29, 2013) issued by then-Deputy Attorney General James M. Cole (the "Cole Memo") which provides direction to federal prosecutors concerning enforcement of marijuana related activities under the CSA and the guidance issued by the Financial Crimes Enforcement Network ("FinCEN") on February 14, 2014 (the "FinCEN Guidance"), addressing how financial institutions can provide services to MRBs consistent with their obligations under the Bank Secrecy Act ("BSA"). But, practical steps to implementation of a system to service MRBs still remain difficult for some financial institutions to discern.

When a financial institution looks to its regulators for clarification and direction, it may receive mixed signals, depending on the particular regulator. The state banking officials in those states where cannabis use has been authorized offer support for banking MRBs. However, in a joint letter in August 2014, all of the federal banking agencies pointed out that they were currently reviewing the FinCEN Guidance as well as the Cole Memo for "inclusion in the Federal Financial Institutions Examination Council BSA/Anti-Money Laundering Examination Manual." However, they said, "further clarity from Congress on the legal treatment of state-licensed marijuana-related businesses under federal law would provide greater legal certainty for both marijuana-related businesses and banks and credit unions." The agencies added, "generally the decision to open, close, or decline a particular account or relationship is made by a bank or credit union, without involvement by its supervisor." Anecdotal evidence may suggest that one federal regulator or another may allow financial institutions to "bank" MRBs, at their own risk, but no official public statement to that effect is available.

Added to that are the chilling effects of the significant civil money penalties imposed over the past few years for an institution's BSA/AML violations, FinCEN's enforcement actions against executives and directors, the negative impact of a BSA order, and the potential federal criminal law violations. It is also important to remember that both the Cole Memo and the FinCEN Guidance were issued under the prior presidential administration and those positions could change at any time. In fact, in a letter to the Governor of Washington dated July 24, 2017, Attorney General Jeff Sessions reiterated that, "Congress has determined that marijuana is a dangerous drug and that the illegal distribution and sale of marijuana is a crime." Reminding the Governor that the Cole Memo does not inhibit the Department of Justice's enforcement of federal marijuana laws "regardless of state laws," he confirmed, "the Department remains committed to enforcing the Controlled Substances Act." Citing a 2016 report that, according to Attorney General Sessions, "raises serious questions about the efficacy of marijuana 'regulatory structures'" in the State of Washington, he asked the Governor to "please advise as to how Washington plans to address the findings...including efforts to ensure that all marijuana activity is compliant with state marijuana laws" and the federal marijuana criminal law objectives.

Still, many institutions are considering "jumping in" or at least "dipping a toe in the water". While such action is complicated and requires involvement of the bank's management team, board of directors, regulators, and legal counsel with "hands on" experience in such matters, those institutions may wish to consider the five-step process outlined below as a basic approach to answering the fundamental question.

  1. The bank's board and management should determine the bank's risk appetite by reviewing its business objectives, evaluating the reputation and legal risks in serving MRBs including that such activity is a serious crime under federal law, and its manpower and systems to manage those risks. As discussed in greater detail below, in establishing its risk appetite, the bank may decide to do business with customers based on their relationship to the cannabis industry. The bank may decide that while it is willing to establish banking relationships with customers who have a limited or indirect involvement with cannabis it may not want to have a relationship with MRBs that actually "touch" the marijuana.
  2. The financial institution should meet with its regulator(s) and discuss its plan to service MRBs. That discussion should be open and honest with the full sharing of information and plans so a legitimate assessment of the bank’s ability to implement its plan can be accomplished by both the bank and the regulator(s). The institution's representatives should come away with an understanding of the guidelines the regulators expect to be followed and the protocols and standards that the regulator(s) will apply during examination. The regulator(s) should provide the bank with the "red flags" their experience has identified as that experiential knowledge is critical to the financial institution avoiding pitfalls and establishing a safe and sound program.
  3. Once implementation has been decided upon, the institution may wish to adopt a system categorizing the particular customer by the level of the MRB's risk involvement in the industry. The MRB may be categorized as a level 1 risk business because it is involved in the growth, processing, dispensing, or sale of the marijuana. These businesses actually handle the product in one form or another. Level 2 risk businesses might be those that do not "touch" marijuana but rather provide services to the level 1 risk MRBs. Such companies may include security firms and consulting firms that assist in the level 1 risk businesses accomplishing their goals. Level 3 risk businesses might be those that are only "incidentally" involved with MRBs. This type of customer might be landlords, financial service companies, or payroll processing companies. The initial due diligence as well as the ongoing level of monitoring will follow the level of risk based on the particular category into which the customer falls.

    The decision to open a MRB deposit account or make a loan should be accomplished on a case by case basis with proper enhanced due diligence of each potential customer before each relationship is established. The due diligence should include verification of the potential customer's licensing with a full review of the actual applications and complete documentation of the services to be performed, the products to be sold, and the types of customers the MRB will be handling. Procedures for bringing the customer into the bank should be established based on the risk category into which the customer falls. The initial due diligence should include completion of questionnaires, with review of the questionnaires and due diligence information by the Chief Credit Officer for loan relationships and the Chief Compliance Officer for deposit accounts. Under no circumstance should the relationship be established without the requisite officer approval(s). Online computer searches of the customer for negative information should be conducted and ongoing monitoring for suspicious activity are imperative. Monitoring of the customer's cash in-take compared with business peers should be utilized. Model risk management should be in place with regular independent validation of the system. The intake and ongoing monitoring system should identify whether the MRB calls into play one of the Cole Memo priorities such as preventing the sale of marijuana to criminal enterprises or minors, or providing a cover for illegal drug traffi cking or other illegal activities.
  4. The personnel and monitoring systems must be in place before any accounts are opened. While a bank does not necessarily need a separate department to consider and handle MRBs and the BSA Officer and his/her support team may be sufficient, a group of trained personnel specifically focused on the MRB customers is strongly recommended. The institution should make sure it has a BSA Officer and/or "team leader" familiar with the industry, the BSA/AML monitoring requirements, and the implementation and operation of the systems used to monitor and report on the MSB relationship. The number of persons assigned to the team must be sufficient to meet the tasks involved.
  5. The bank should have a system and the manpower in place that allows for the filing of suspicious activity reports ("SARs") where it has reason to suspect that a transaction (i) involves funds derived from illegal activity, (ii) is designed to evade BSA regulations, or (iii) lacks a business or apparent lawful purpose. Because the sale of marijuana is illegal under federal law, the filing of one of three SARs is usually involved with MRBs. The Marijuana Limited SAR is filed where the bank reasonably believes that the MRB is not involved in activity that implicates one of the Cole Memo priorities or violates state law. The Marijuana Priority SAR is filed when the bank reasonably believes that the MRB's activities do implicate one of the Cole Memo priorities and a Marijuana Termination SAR is filed when the bank has reason to believe that the MRB activity violates BSA/AML laws. Such filings are going to be required and will be a daily occurrence when banking MRBs.

It appears that the cannabis industry is here to stay and will only continue to expand over the coming years. For financial institutions there is a significant amount of money and funds to be identified in banking MRBs and one could assert that there is a significant public service to be provided in such activity. However, we strongly recommend that, at a minimum, a bank consider the steps identified above, including the potential federal criminal law violations, if the bank is going to say "we should" to banking marijuana related businesses.

Arthur A. Coren, a partner at Duane Morris LLP in its Los Angeles office, has represented large banking institutions, as well as community banks and their holding companies, for more than three decades. Art focuses on regulatory matters, M&A, capital raising and corporate governance.

Reprinted with permission of WesternBanker.