State vs. Federal: Banking Cannabis

A Former Regulator’s Perspective

Cannabis has had a rocky road, starting with the Marihuana Tax Act, Boggs Act, and then the Controlled Substances Act. Prior to the 2018 Farm Bill legalizing the production of hemp, a banker looking to take on cannabis in any form likely had this conversation:

Banker: “Can we bank Cannabis?”

Regulator: “Cannabis is federally illegal.”

Well, that’s not really an answer. In fact, other answers that provide a similar level of information include but are not limited to:

1. “Dogs are not cats”

2. “Water is H2O”

3. “In 1958 the ‘Onions Futures Act’ banned the trading of futures on onions in the US”

My point is, your regulator is not going to tell you can or cannot do something outside the bounds of their regulatory scope. The last time I checked, cannabis and all other scheduled controlled substances are regulated by the Drug Enforcement Agency (DEA) and codified in title 21 of US Code.

So where does banking cannabis become a concern for financial institution regulators? Let’s start from the ground up. First and foremost the goal of regulation is to ensure financial institutions operate in a safe and sound manner. Safe and sound means that the institution is not causing undue risk to their stakeholders or the financial system. This goes for each product and program that the financial institution chooses to create. Higher risk programs are by definition going to be on a regulator’s radar, because they may expose the bank to reputational, operational, or strategic risks that could eventually affect the bank’s financial condition. Responsibility is on management to draft a program which is capable of identifying, mitigating, and managing risk, communicating exposures for managerial action, and ensuring the activity and program align with the board’s risk acceptance criteria.

So why else is cannabis a concern to regulators? Simple, The Bank Secrecy Act (BSA). The BSA is administered by FinCEN and at the financial institution level codified and overseen by the federal agencies (OCC, Fed, FDIC, NCUA). The agencies overseeing your institution are attempting to ensure that the BSA, and all of its subsequent amendments since its inception in 1970, continue to be adhered to. Initially the BSA was implemented to “identify the source, volume, and movement of currency and other monetary instruments transported or transmitted into or out of the United States or deposited in financial institutions”. Since that point there have been a multitude of amendments, all with the intent to prevent and combat money laundering.

Why am I running through these definitions? Is it because I like reading and regurgitating regulations? Not quite. The point here is, that banking THC Cannabis is essentially aiding money laundering, as it is federally illegal activity and therefore funds are illicitly derived. This puts financial institutions , businesses, and consumers in a tough spot given state legalization. But FinCEN addressed just this by posting guidance in 2014 on how to provide financial services to marijuana-related businesses (MRBs) consistent with BSA expectations. FinCEN’s guidance provides the rails on which a program can be built, by allowing a financial institution to “identify the source, volume, and movement of currency and other monetary instruments… deposited in financial institutions” and report that information appropriately.

I’ve heard a lot of complaints about the FinCEN guidance. It’s not explicit enough, it’s outdated, we don’t like their acronym. Whatever the complaints, the truth is FinCEN’s expectations mean financial institutions have a guide to ensure they are in fact complying with the BSA by monitoring and reporting transactions relative to MRBs through currency transaction reports (CTRs) or marijuana limited, priority, or termination suspicious activity reports (SARs).

If your bank chooses to bank THC Cannabis, hemp, or any other high risk business THEY CAN. But only if, AND ONLY IF, the program has adequate risk identification, controls, and a well thought out governance structure. The Board then needs to understand, accept, and approve the program. For cannabis this means robust account opening procedures that ensure compliance with state laws and regulations as well as guidance from federal regulatory agencies. Past account opening, it means strong ongoing due diligence that ensures the legitimacy of banked funds, the good standing of licensure for any banked businesses, and periodic filings to communicate activity with FinCEN.

At RiskScout, we help banks to effectively run higher risk programs. RiskScout is a platform that, among many other attributes, automates document requests, minimizes employee touch points, and coordinates business units. As any good chef knows, kitchen equipment matters. RiskScout helps to lay out materials and ease employee burden by automating tasks, allowing your compliance staff to go from cutting onions by hand to using a food processor. Sure, there’s still work to do, no BSA program runs itself. But with the right tools you can focus more on customers and less on compliance. Want to learn more? Contact us through www.riskscout.com.