Introduction
We talk daily with financial institutions currently banking MRBs and some that are interested in doing it. We also talk regularly with state and federal regulators, state officials tasked with administering state cannabis programs as well as marijuana and marijuana-related businesses.
Hypur’s technology was designed to fill in the gaps between financial institutions’ existing systems and the regulatory requirements of banking highly regulated and cash-intensive businesses. Our cannabis banking compliance software includes features specifically designed to help financial institutions bank marijuana businesses.
We know what it takes to bank MRBs. We work with financial institutions every step of the way – from early-stage exploration through board and regulator approval to policy development and boarding their first MRB account.
Table of Contents
Why consider banking MRBs?
There are many factors to consider when deciding whether you should bank MRBs. The two most common reasons we hear from banks and credit unions for why they’re considering banking state-legal cannabis businesses are: (1) the revenue opportunity; and (2) the market conditions.
Revenue opportunity
Banking MRBs requires different processes (staffing, technology) and more risk so banking services should be priced differently. Volume-based or tiered pricing is common and is what we recommend as it provides the best risk-based approach. Financial institutions with only a few MRB accounts or who served state-licensed cannabis accounts before their state allows retail cannabis sales often charge fixed monthly fees. These financial institutions typically move to volume-based pricing when retail sales start or if they take on more accounts.
Most MRBs have struggled to get or keep a bank account so they understand how challenging it is for a financial institution to serve them. Because of this, they’re grateful to have an account and will pay higher fees for the privilege.
Banking MRBs can generate considerable non-interest income which is a great way to supplement traditional revenue as competition from non-traditional banking players increases.
Market environment
Financial institutions that are early adopters and develop a reputation and an understanding of the market, can be market leaders.
Customer acquisition costs are low. In most markets, there is little to no competition serving MRBs. Even in more mature markets, the industry is growing rapidly so there will be plenty of new business opportunities.
As mentioned above, MRBs are appreciate of financial institutions that provide them an account and are very compliant, providing considerably more information during initial and ongoing monitoring than traditional accounts.
With the cooperativeness of MRBs, favorable pricing, and the efficiencies provided by purpose-built MRB banking software, MRB accounts can be not only your most profitable but also your most compliant accounts.
Done properly, banking MRBs can generate significant profits and additional deposits while avoiding CMP’s, enforcement actions, and criminal prosecution.
Is banking MRBs a fit for your financial institution?
We talk to a lot of banks and credit unions who are interested in banking MRBs and using Hypur’s compliance software to help. Some are much further along in the process than others.
For those in the early “curiosity” stage, we typically bring up the concept of “Permissible vs Appropriate”.
Although banking MRBs is a permissible activity, the appropriateness of this activity for a particular financial institution can only be determined through a regulatory onsite examination. Given the discrepancy between state and federal laws on state-legal cannabis businesses, this complicates the due diligence and evaluation process.
Just because your institution can bank MRBs, doesn’t mean that it should.
What to consider before banking MRBs
Before banking an MRB customer you should evaluate your institution on the following:
1. CAMELS composite rating
We recommend a composite rating of 2 or better. If you are currently rated a 3 or below, it’s doubtful your primary regulator will be enthusiastic about your involvement in this vertical.
2. Board of Directors support
This is a critical component of the due diligence process prior to banking MRBs. All aspects of the program must be thoroughly reviewed and approved by your board and carefully documented in the minutes.
Questions and responses from each board member should be noted in the minutes. Examiners have even queried institutions as to the tone and tenor of the board discussions.
3. Enforcement actions
Although it’s best to have no enforcement actions, research shows many financial institutions banking MRBs have been under a consent rider within the past five years.
4. Staffing expertise
You must have a strong Chief Compliance Officer with significant BSA/AML experience. A strong compliance program must be in place before, during, and after regulatory examinations.
5. Training
Anticipate additional training for staff involved in handling MRB accounts. Both federal and state laws should be studied thoroughly. You also need to understand the industry – know how a dispensary (medical and recreational), a grow, a cultivator, a marijuana-infused product (MIP) manufacturer, vape companies, etc. operate. You should also know the legal differentiation between THC products, non-THC based CBD products, and hemp products.
6. Third-party auditors
Finding a qualified third-party auditor with MRB experience may be difficult. This is an emerging vertical so there are fewer qualified individuals with this specific type of experience.
7. Sufficient allocation of resources
Are you prepared to invest considerable human and financial resources in an MRB program? Are you willing to invest in staff training and technology and allocate senior leadership time to developing and monitoring your program? It’s best if senior management is supportive of your MRB banking program because you may receive pushback from employees who object to the product.
8. Proper technology
Banking MRBs involves significantly more documentation, ongoing monitoring, and reporting requirements and there is little to no room for error.
Traditional banking and AML/BSA systems weren’t designed to meet the demands of cannabis businesses so you should be prepared to supplement your current systems with technology designed specifically for banking marijuana businesses.
Recap
In short, if you want to bank MRBs be prepared to:
- take your current compliance and due diligence processes and raise them several degrees;
- embrace transparency; and
- set the bar to supervisory expectations – not just regulatory compliance.
With proper planning, policies and procedures, and technology a successful cannabis banking program is very possible.
The ideal situation would be if the FFIEC published a comprehensive MRB Examination Handbook providing both guidance and best practices. Unfortunately, that has not happened.
An InfoBase search of the FFIEC for “marijuana” or “cannabis” produces few hits with the notable finding being that MRBs are ineligible as a Phase II CTR Exemption.
Additionally, there are numerous regulations either directly or indirectly influencing opening and operating any account related to an MRB.
In the absence of an FFIEC handbook, financial institutions are forced to piece together best practices and operating standards using the limited guidance available to them: primarily the Cole Memo and a FinCEN document.
Cole Memorandum
UPDATE: The Cole Memo was rescinded on January 8, 2018. While the Cole Memo may no longer be in effect, it provides a terrific outline of items financial institutions should consider when developing an MRB banking program.
The Cole Memorandum consisted of two documents issued by the Department of Justice (DOJ):
- Guidance Regarding Marijuana Enforcement
- Guidance Regarding Marijuana-Related Financial Crimes
The Guidance Regarding Marijuana Enforcement document was issued on August 29, 2013, and states the DOJ expects individual state and local governments to establish strong regulatory and enforcement policies and procedures regarding MRBs to protect public safety, health, and other law enforcement interests.
Additionally, the document lists eight enforcement priorities important to the federal government including preventing distribution to minors and preventing revenue from going to organized crime.
The Guidance Regarding Marijuana Related Financial Crimes document was issued on February 14, 2014, and includes an emphasis on BSA concerns.
FinCEN MRB banking regulatory guidance
The other important guidance is FinCEN’s FIN-2014-G001 dated February 14, 2014, which outlines BSA Expectations Regarding MRBs. This document is helpful in that it includes a risk assessment outline and specific due diligence requirements.
The FinCEN document echoes the Cole Memorandum in that a financial institution should consider whether an MRB implicates any of the same eight priorities or violates state law.
FinCEN MRB SAR requirements
The FinCEN guidance also includes three MRB Suspicious Activity Report (SAR) filing requirements
- Limited
- Priority
- Termination
As long as an MRB account remains open, recurrent SAR filing requirements exist.
The FinCEN SAR requirements apply to any account an institution knows, suspects, or has reason to suspect includes funds derived from illegal activity; and yes, the federal government considers all MRB activity illegal despite state legality.
A checking account opened for the dispensary owner – including those ancillary supporting businesses and individuals will trigger FinCEN SAR reporting requirements.
MRB SAR filing requirements can be burdensome. Which is why Hypur’s marijuana banking software includes automated SAR generation and submission.
Risk analysis
At the end of the day, banking really boils down to risk management and regulators have been placing increasing importance in taking a risk-based approach to products offered and individual customer relationships.
Financial institutions should adopt risk management practices commensurate with the level of risk and complexity of an activity.
To satisfy this requirement, especially for MRBs, financial institutions should strongly consider performing a risk analysis on the business and individuals involved in the business. Separate risk ratings and scores should be assessed based on their marijuana-related involvement.
Financial institutions should anticipate close regulatory scrutiny of their risk analysis regarding their MRB banking program, their MRB business accounts, and the individuals associated with the businesses.
Assessing and continually monitoring risk at multiple levels can be burdensome, especially if your current systems weren’t designed to accommodate this.
Hypur’s MRB bank compliance software allows financial institutions to assign and maintain multiple primary and secondary risk ratings and scoring for both businesses and the individuals involved.
Cannabis banking regulations – challenging but possible
Upon reviewing the somewhat limited MRB banking regulatory guidance, your initial reaction may be less than comforting because although the DOJ has outlined its priorities, they still leave the door open for enforcement actions at their discretion.
Although banking MRBs may seem daunting, the rewards may well be worth the effort. Especially considering many banks and credit unions have very successful MRB banking programs that benefit their institution and provide a great service to the communities they serve.
The first step in banking the cannabis industry is creating a marijuana banking policy specifically designed for serving these businesses.
MRB banking policy: Where to start?
Financial institutions often ask if there is an MRB banking policy template that has gone through both legal and regulatory review they can utilize.
Unfortunately, there isn’t a “proven” MRB banking policy template. Even if such a policy did exist it would only serve as a framework.
Differences in state marijuana laws and in how each financial institution interprets the patchwork of regulatory guidance mean you would need re-write most of the policy.
Having reviewed numerous MRB banking policy manuals, we have seen both ends of the spectrum: some were extremely well crafted with a great deal of detail while other policies were merely a minor extension of the institution’s existing BSA/AML policy.
You need a dedicated MRB banking policy
Banking MRBs is so unique, that a detailed dedicated policy – not just a few tweaks to your current BSA/AML policy – is a must.
Your current banking technology platforms weren’t designed for the unique requirements of banking MRBs so you need to develop procedures outside your primary systems specific to serving these businesses.
Your MRB banking policy should address how you will fill the gaps between the capabilities of your current banking systems and the requirements of banking MRBs.
Types of MRB’s
There are several types of MRBs with vastly different levels of risk and your policy should address any procedural difference between the various types.
MRBs are broken down into the following tiers:
Tier I MRB
Businesses that generally manufacture, distribute, or dispense marijuana (i.e., they touch the plant), and are generally a state-licensed marijuana business. Examples include:
- Marijuana dispensaries
- Marijuana cultivation (growers)
- Marijuana oil (THC and CBD) extractors
- Marijuana-infused product producers (edibles)
Tier II MRB
Businesses that are still considered marijuana businesses, but are typically not a state-licensed marijuana business, because they don’t touch the plant. These businesses are specifically focused on providing products and services to Tier I MRBs. Examples include:
- Sellers of products related to growing marijuana (lights, watering systems, fertilizer)
- Sellers of products for consuming marijuana (vape pens and cartridges, pipes, bongs)
- Industry associations
- Payroll providers
- Advertising and media providers
- Some software providers
Tier III MRB
Businesses not specifically focused on providing services to Tier I MRBs (selling to Tier I MRBs is incidental to their overall business and revenue). These businesses are typically professional service firms. Examples include:
- Consultants – accountants, lawyers, registered agents
- Commercial property owners
- Some software and technology providers
Bear in mind that technically, anyone that derives income from the cannabis industry becomes an MRB so it’s wise to include provisions in your policy to cover accounts of owners and employees as well.
Educate Yourself
Given the importance of MRB accounts staying in compliance with state cannabis laws, procedures to ensure this must be part of your MRB policies.
You should establish a deep understanding of how your state cannabis licensing works and the requirements and capabilities of license holders. You should understand things like:
- who can own a hold a license
- does a license entitle holders to open multiple locations
- what type of license is needed for a retail operation vs. a cultivator
- are there any requirements covering employees of licensees
Educate yourself on the industry. Understand the different product types (flower, extracts, edibles) and different business types (retail, cultivation/grow facilities, extraction, marijuana-infused product (MIP) producers, etc.).
Creating an MRB banking policy
There are two approaches to creating an MRB banking policy:
- A stand-alone MRB policy
- An addendum to your existing BSA/AML policy
Either way, you should start with a strong BSA/AML program with experienced compliance staff and a history of examinations without any significant findings. Any BSA deficiencies should be rectified prior to boarding MRB accounts as they will be amplified by serving MRBs.
MRB banking policy framework
The scope of this article is not to outline every possible detail to include in your MRB banking policy but rather to provide an outline you can build on with details specific to your institution and appropriate to your MRB program.
Recommended sections of an MRB banking policy include:
Governing laws
This section of your policy should contain or summarize the specific state laws and federal guidance (Cole Memo, FinCEN guidance, etc.) that surround banking MRBs in your state. Any county or local rules should be included here as well.
This is also a good place to set forth definitions that will be utilized throughout your policy.
BSA requirements
Your policy should address the three specific types of MRB SAR filings as well as the requirements, triggers, and red flags for those filings. Specific policy statements for recurrent SAR’s should be included in this section.
Initial due diligence
This section should include all typical new account documentation, plus MRB-specific documents and information such as:
- State cannabis licenses
- County or local municipality cannabis permits, if applicable
- Leases, or title information if the property is owned, for all business locations
- Beneficial ownership (pay extra attention to this area as it’s drawing increasing regulatory scrutiny)
- Anticipated deposit activity (used to help establish baseline activity for the merchant)
- Business balance sheet, P&L statement, and tax returns
- Personal financial statements
- A firm understanding of how the business operates, including products, major vendors, and all sources of revenue
Ongoing due diligence
This section should include steps your staff should perform on an ongoing basis to ensure MRB clients remain in compliance with state laws and your institution’s policies.
This section should include any documents and information to obtain from your MRBs on an ongoing basis and how often this information should be obtained.
Your policy should require you to maintain current copies of all necessary state and local cannabis licenses and permits.
This section should also include steps to ensure MRB account 314(a) and OFAC compliance.
Activity monitoring
This section should include policies and procedures including:
- Matching deposits to sales data
- Comparing actual sales data to baseline levels
- Monitoring the source and destination of account activity
- Case management processes to track resolution of abnormal or suspect activity
- Comparing financial statement and sales data to income, sales and excise tax payments, and tax returns
- Ensuring deposits were derived from permissible state-legal marijuana transactions
Ensuring compliance with tax obligations is especially important in cash-intensive industries and highly taxed industries like cannabis, so your policy should include tax compliance procedures.
Physical site examinations
This section should include your physical site examination requirements including how often physical site inspections should be performed and what should be performed during each inspection.
Frequency of site inspections can be based on the risk rating you assign each merchant and are typically performed monthly, quarterly, semi-annually, or annually.
Physical site visits serve to confirm a business is operating according to their operating manuals, charters, etc. and consistent with information they have provided to you.
Risk analysis and ratings
This section should include your process for primary and secondary risk analysis and scoring for MRBs and the individuals involved.
Covenants
We recommend your MRB policy include covenants that all MRB clients must agree to prior to opening their bank account.
Your covenants should include items such as:
- Volume limits
- Requirements to provide documentation that is either recurrent or that requires updating
- Notification of changes to management or beneficial ownership
- Non-disclosure agreement
- Any other rules you deem necessary to properly bank these clients
Your covenants should not contain any rules that could be construed as attempting to circumvent BSA reporting requirements, such as requiring cash deposits be under $10,000.
Legacy MRB cash
Your policy should address how you will treat legacy cash.
Legacy cash is cash that was earned or generated prior to a client opening an account at your institution.
Some institutions accept legacy cash but as a general rule, we recommend not accepting legacy cash. A compromise is to have an independent accounting firm conduct a full forensic study to ensure the source of the cash was bona fide state-legal marijuana transactions before accepting legacy cash.
Financial institutions should have procedures in place to detect unusual and suspect transactions for all accounts.
Monitoring deposits at the aggregate level is sufficient for most accounts.
For accounts deemed higher risk, including cash-intensive and highly-regulated industries, financial institutions need to go a step further and determine the source of the funds.
To verify the source of MRB deposits we recommend financial institutions take an additional step and determine the source of the funds at the transaction level.
Cannabis transaction monitoring
When banking MRBs you need to ensure funds deposited into your institution are from bona fide, state-legal marijuana sales.
Since all states have laws governing what constitutes a legal marijuana sale you need to determine if a sale was permissible under state law.
Doing this requires monitoring MRB sales at the transaction level. This is obviously much more difficult than just monitoring deposits at the aggregate level.
Why transaction level monitoring is needed
Examples of state-imposed marijuana transaction restrictions include:
- Consumer age (recreational cannabis sale)
- Valid medical card holder (medical cannabis sale)
- Maximum amount purchased during a period of time (resident and non-resident)
- Sale occurred at an address of a licensed marijuana business
Comparing a cash deposit from an MRB to their anticipated activity does very little to help you determine if those funds were received from a bona fide sale that meets the criteria above.
Pro-active monitoring
Determining the source of funds after a deposit has been accepted or when you receive monthly/quarterly/annual sales data from a client is too late and can put the safety and soundness of your financial institution at risk.
In cash-intensive and highly-regulated markets, like legal cannabis, we recommend a pro-active compliance approach utilizing as close to real-time data as possible to prevent suspect transactions from entering your institution.
What activity should be monitored
Your MRB banking policy should include procedures to detect unusual and suspicious transactions for both credits (receipts) and debits (disbursements).
Where the money goes is just as important as where it came from.
Deposit activity
We recommend dividing sales activity into three categories:
- Estimated Activity – reported by the client
- Anticipated Activity – derived from baseline analysis and estimated activity
- Actual Activity – reported by the client on a regular basis
You should track the source of deposits (e.g., sales, investment, loans, etc.). Sales deposits should approximate revenue and supporting documentation should be reviewed for other deposits.
Disbursement activity
You should monitor disbursements for unusual transactions. Utilizing lists of “whitelisted” vendors for recurring operating expenses (rent, utilities, etc.) is a common way to help you focus on higher-risk disbursements.
Baselines and trends
To better identify unusual and suspect transactions, you need to establish baselines and trends to determine anticipated activity.
We recommend establishing tight thresholds (“triggers”) around your anticipated activity levels even though this can result in a large number of transactions that need investigating.
Activity outside of thresholds should be red flagged for further review.
You should establish procedural actions to take related to investigations of red flagged transactions. You should also establish strict case management procedures for documenting and tracking all unusual activity and baseline deviations.
Detecting, reviewing, and documenting red-flagged transactions can be very labor-intensive and we encourage financial institutions to automate the process to reduce the likelihood of errors.
Establishing baselines in a new industry
If your institution is new to banking MRBs you won’t have results from current accounts to establish baselines for new accounts. Further complicating establishing baselines is that the legal cannabis industry is growing rapidly so data that is only one-year old is probably out of date.
Luckily, there is a lot of publicly available information, including:
Sales data from your state
Most states with legalized adult use (recreational) or medical marijuana maintain detailed historical sales data. This information is typically available on the website of the state agency responsible for overseeing your state’s cannabis program, your state’s department of revenue, or your state’s department of health.
Other states’ information
If legal marijuana sales is relatively new in your state sales will probably grow rapidly so other states with more established programs can be a great resource for estimating anticipated activity.
Be sure to choose a state with a program similar to yours (e.g., medical vs. recreational, and for medical states with a similar number of medical marijuana cardholders and qualifying conditions).
Market data
Several research companies publish sales data and trends for the legal cannabis market. These companies include ArcView Market Research and New Frontier Data and Headset provides sales data trends at the product level for the marijuana industry.
Applicant information
You should also utilize information provided by the client. Information like their expected sales, the size of their store (to calculate sales/sq. ft.), and the location of their operation (low traffic rural location, high traffic downtown location, high tourist area, etc.).
With the rapid growth of legal marijuana sales and the lack of operating history for many MRBs, using a combination of information provided by the account holder, information from states, and industry data is recommended.
You will likely need to adjust anticipated sales volume frequently which, based on your policies, may require various levels of approval or adjustment of policies.
Importance of technology
Regulators are placing increasing importance on financial institutions utilizing technology during the entire client lifecycle. However, even the newest banking technology platforms weren’t designed to meet the unique regulatory requirements of industries like cannabis.
As a result, financial institutions must develop procedures to pick up where their core and BSA/AML systems leave off. This often means a lot of spreadsheets, paper, and manual processes – not what regulators want to see.
Technology is not an option
Without technology, banking MRBs is hard to scale – the labor costs quickly erode profits – and difficult to satisfy regulators.
Increasingly, our financial institution customers are designing their policies around our technology. They also often provide our scope of services to their regulator prior to taking MRB accounts or in response to a request by a regulator to implement technology to address deficiencies.
Hypur’s technology
Our products provide financial institutions with technology-based solutions to help them bridge the gap between their primary technology platforms and regulatory needs of cash-intensive and highly-regulated accounts like MSBs and MRBs.
Our products use point-of-interaction data to help financial institutions make better decisions and prevent suspicious transactions before they enter their institution while reducing expensive and error-prone manual processes.
Payments
After researching regulatory guidance, becoming an expert on your state’s marijuana laws and marijuana businesses, and creating an MRB banking policy the hard begins – actually banking MRBs.
Cannabis banking software
Traditional banking technology platforms weren’t designed for the unique needs of MRBs – leaving gaps between the needs of marijuana banking and the capabilities of traditional banking systems.
You wouldn’t bank traditional customer accounts without using technology so don’t bank MRBs without the proper technology. Banking MRBs compliantly and profitably requires specialized marijuana banking software.
Our technology, which works alongside traditional banking systems, was designed to help financial institutions meet the needs of cash-intensive and highly-regulated industries.
Many of our products include features designed specifically for marijuana banking which are referenced below as applicable.
Opening your first MRB accounts
Be selective
We can’t stress enough to be selective in which MRBs you provide services to. The cannabis industry is very new and faces capital constraints so there are a lot of inexperienced and undercapitalized operators who may cut corners to save time or money.
If possible, start with accounts you have an existing banking relationship with. The logical next accounts are any MRBs you developed a relationship with during your research and due diligence about banking MRBs.
Acquiring clients
We caution against publicly advertising that you are banking MRBs. You will almost certainly receive unwanted publicity and a flood of inquiries that need to be vetted.
In most states little sales and marketing is required to find MRB accounts – word travels quickly. Networking with well-respected local attorneys and consultants focused on the cannabis industry is an effective way to identify well run MRBs.
Even if other banking options exist in your state the growth of the industry means many financial institutions may be at, or will soon be at, their cannabis industry limits. Additionally, new MRBs enter the market every month and financial institutions frequently discover they have been unknowingly banking an MRB and drop them and they will be looking for a new financial institution.
New account due diligence
New MRB customer documentation can be overwhelming. Enhanced due diligence for MRB accounts is significant – requiring a lot of information and a lot of documents from a variety of sources.
Most financial institutions require additional levels of review and approval of MRB accounts. The entire new account onboarding process can be incredibly time consuming and fraught with risk – especially if it’s done manually.
Hypur’s solution
Hypur Diligence, our enhanced due diligence software automates the collection of information and documents during the initial due diligence process, ensures files are complete, required reviews and approvals are performed and maintains an audit trail of all activities.
Ongoing due diligence
Many of the documents collected during initial due diligence need to be tracked, updated, and reviewed regularly.
An example is state marijuana business licenses (city or county licenses are also required in some locations) which financial institutions should be hyper-focused on to ensure their marijuana business clients remain licensed.
Hypur’s solution
Hypur Comply helps financial institutions manage license expirations by sending automated document requests to clients asking them to upload updated documents.
Activity monitoring
In part-four of this article series we discussed the importance of establishing estimated activity and anticipated activity levels at the deposit and transaction levels and establishing triggers around these.
The challenging part is monitoring actual activity (especially at transaction level) and comparing it to estimated and anticipated activity to detect activity outside your triggers.
Transaction level triggers
The need to monitor account activity at the transaction level (not just the deposit level) is a primary area where MRB banking differs from traditional accounts.
Examples of transaction level triggers include:
- Maximum transaction amount
- Maximum aggregate sales volume over various periods of time (volume limits)
- Maximum number of sales transactions over various periods of time (velocity limits)
- Zero-dollar sales transactions
- Sales with no sales/excise tax
- Looping activity (repeated similar transactions at the same merchant to avoid maximum individual sale limits)
- Smurfing activity (similar transactions at different merchants to avoid maximum individual sale limits)
Core systems and BSA/AML software can’t help you ensure MRB transactions comply with state-mandated marijuana sales at the transaction level.
You could try to do it using spreadsheets and sales data provided by your clients, but this would be a time consuming and error prone manual process that no regulator would approve of.
Hypur’s solution
Hypur Comply enables financial institutions to analyze MRB transactions at the invoice level (a step deeper than transaction level data) against volume and velocity triggers and to detect zero-dollar and tax-free transactions. Depending on the point-of-sale system or accounting system used by a merchant, invoice data is analyzed in real-time or on a daily basis.
Hypur Commerce, our electronic marijuana payments solution verifies the age of the consumer, validates their identity to prevent fraud, restricts transactions to a specified geo-location, and helps detect looping and smurfing.
Client reputation monitoring
Your new account due diligence should include researching the reputation of each prospective client for red flags about their character and any potential reputational damage to your institution for associating with them.
You should also continually monitor your MRB clients’ reputation. Looking for things like violations of federal, state, or local laws, losing their license for selling products to a minor, etc.
We recommend using several services, including Google Alerts to constantly monitor clients’ reputation. A log should be maintained of items discovered and their resolution.
Hypur’s solution
Hypur Comply includes 24/7 online reputation monitoring and notifies a financial institution when news items are found involving a client. It also includes case management tools to document each item’s resolution and maintain an audit trail.
Physical site visits
Physical site visits should be performed periodically and can be performed by financial institution staff or an independent third-party free of conflicts. Site inspections should be performed by someone knowledgeable about marijuana businesses, so they can detect unusual activities or activities not consistent with a client’s stated business.
Proof of each site inspection should be maintained. Site visit reports should include proof of the date, time, and location the audit was performed. This is especially critical if a third-party inspector is used to ensure they visited the location on the day they say they did.
Even with the lack of regulatory clarity and the challenges created by the unique requirements of banking cannabis businesses, it is absolutely possible for financial institutions to sustainably and compliantly provide banking services to marijuana related businesses.
Banking MRBs is not a fit for most financial institutions but sophisticated financial institutions that dedicate the proper resources to an MRB banking program can do so profitably and with great success.
