Marijuana banking

Banking MRBs – Policies and Procedures (part 3)

This is the third in a five part series of articles on Banking Marijuana Related Businesses (MRBs). This installment focuses on MRB banking policies and procedures.

MRB Banking Policies: Where to Start?

We often receive inquiries from financial institutions asking if there is an MRB banking policy template which has gone through both legal and regulatory review they can utilize.

The short answer is “no,” but even if one did exist for purchase I would question its use within your institution. I once purchased a policy template regarding “IT Business Continuity.” Unfortunately, this template didn’t fully satisfy my needs and I then spent sixty hours reviewing and customizing the document for my specific institution.

With such limited guidance regarding banking MRB’s, the policy creation process is much more challenging.

I have reviewed a number of MRB banking policy and procedures manuals, and have seen both ends of the spectrum: some were extremely well crafted with a great deal of detail, containing elements of CIP, enhanced due diligence, on-going monitoring, oversight and audit, and strict operational controls.

Other policies were more of a minor extension of the institution’s existing BSA/AML policy. I strongly recommend the former. Banking MRBs is so unique, a detailed policy – not just a few tweaks of your current BSA/AML policy – is a must.

Creating MRB Banking Policies

There are two approaches that can be utilized

  1. A stand-alone MRB policy
  2. An MRB addendum to your existing BSA/AML policy

Either way, you should start with a strong BSA/AML program with both experienced compliance staff and examinations without any significant findings. Any BSA deficiencies prior to boarding MRB accounts should be rectified. They will only be amplified by serving MRBs.

Given the importance of your MRB accounts staying in compliance with state cannabis laws, procedures to ensure this must be part of your MRB policies.

Yous should establish a deep understanding of the state’s licensing process as well as any tools and information available to you.

Many states make available inventory data (from seed-to-sale tracking systems), lists of currently licensed marijuana entities and even any infractions.

You will also want to obtain information and validate how your client is adhering to the enforcement priorities as outlined in the FinCEN guidance.

MRB Banking Policy Framework

Although the scope of this article is not to outline every possible detail to include in your MRB banking policy, we will address several general sections, which you can build on with details specific to your institution and appropriate to your clients.

Initial Due Diligence

This section should include all typical new account documentation, plus MRB specific documents and information such as:

  1. State cannabis licenses
  2. County or local municipality cannabis permits, if applicable
  3. Leases, or title information if the property is owned, for all business locations
  4. Beneficial ownership (pay additional attention to this area as it’s drawing increasing regulatory scrutiny)
  5. Anticipated deposit activity (used to help establish baseline activity for the merchant)
  6. Business balance sheet, P&L statement and tax returns
  7. Personal financial statements
  8. A firm understanding of how the business operates, including products, major vendors, and all sources of revenue

Governing Laws and Definitions

This section of your MRB banking policy should contain or summarize the specific state laws and federal guidance (Cole Memo, FinCEN guidance, etc.) that surround banking MRBs in your state. Any county or local rules should be included here as well.

This is also a good place to set forth definitions that will be utilized throughout your policy.

MRB Banking BSA requirements

The policy should address the three specific types of MRB SAR filings as well as the requirements, triggers, and red flags for those filings (reference the FinCEN guidance regarding red flags). Specific policy statements for recurrent SAR’s should be included in this section.

On-going Monitoring

This section should include policies and procedures including:

  1. Matching deposits to sales data
  2. Comparing actual sales data to baseline level
  3. Monitoring source and destination of account activity
  4. Case management processes to track CTR resolution for abnormal or suspect activity
  5. Comparing financial statement and sales data to income, sales and excise tax payment and tax returns
  6. Monitoring compliance with state and local laws
  7. Maintaining current copies of all necessary state and local cannabis licenses and permits
  8. Ensuring 314(a) and OFAC compliance

Ideally, you obtain sales data at the transaction level directly from the businesses point-of-sale system or equivalent. When developing monitoring policies remember that money going out of your institution is just as important as the money being deposited.

Ensuring customer compliance with tax payments is especially important in cash intensive industries and highly taxed industries like cannabis.

Risk Analysis and Ratings

This section should include processes for primary and secondary risk analysis and scoring for your MRBs and the individuals involved. This can be an addendum to the policy.

Bear in mind that technically, anyone that derives income from the cannabis industry becomes a Marijuana Related Business (MRB). BSA/AML requirements for MRBs go beyond accounts that are opened for businesses that deal directly with the product, so include provisions in your policy to cover accounts with vendors, owners, employees and service providers to the cannabis industry as well.

The other articles in this 5-part series on Banking Marijuana Related Businesses (MRBs) are:

Part 1 – Banking MRBs – Should Your Institution Do It?

Part 2 – Banking MRBs – Regulatory Guidance

Part 4 – Banking MRBs – Getting Started

Part 5 – Banking MRBs – Operational Standards

A version of this article was originally published on CUInsight.org.