Banking MRBs – Regulatory Guidance (part 2)

This is the second in a five-part series of articles on Banking Marijuana Related Businesses (MRBs). This installment focuses on MRB banking regulatory guidance.

MRB Banking Regulatory Guidance – a Work in Process

The ideal situation would be if the FFIEC published a comprehensive MRB Examination Handbook providing both guidance and best practices. Unfortunately that has not happened.

An InfoBase search of the FFIEC for “marijuana” or “cannabis” produces few hits with the notable finding being that MRBs are ineligible as a Phase II CTR Exemption.

Additionally, there are numerous regulations either directly or indirectly influencing opening and operating any account related to an MRB.

In the absence of an FFIEC handbook, financial institutions are forced piece together best practices and operating standards using the limited guidance available to them: primarily the Cole Memo and a FinCEN document.

Cole Memorandum

UPDATE: The Cole Memo was rescinded on January 8, 2018. While the Cole Memo may no longer be in effect, it provides a terrific outline of items financial institutions should consider when developing an MRB banking program.

The Cole Memorandum consisted of two documents issued by the Department of Justice (DOJ):

  1. Guidance Regarding Marijuana Enforcement
  2. Guidance Regarding Marijuana Related Financial Crimes

The Guidance Regarding Marijuana Enforcement document was issued on August 29, 2013 and states the DOJ expects individual state and local governments to establish strong regulatory and enforcement policies and procedures regarding MRBs to protect public safety, health, and other law enforcement interests.

Additionally, the document lists eight enforcement priorities important to the federal government including preventing distribution to minors and preventing revenue from going to organized crime.

The Guidance Regarding Marijuana Related Financial Crimes document was issued on February 14, 2014 and includes an emphasis on BSA concerns.

FinCEN MRB Banking Regulatory Guidance

The other important guidance is FinCEN’s FIN-2014-G001 dated February 14, 2014, which outlines BSA Expectations Regarding MRBs. This document is helpful in that it includes a risk assessment outline and specific due diligence requirements.

The FinCEN document echoes the Cole Memorandum in that a financial institution should consider whether an MRB implicates any of the same eight priorities or violates state law.

FinCEN MRB SAR Requirements

The FinCEN guidance also includes three MRB Suspicious Activity Report (SAR) filing requirements

  1. Limited
  2. Priority
  3. Termination

As long as an MRB account remains open, recurrent SAR filing requirements exist.

The FinCEN SAR requirements apply to any account an institution knows, suspects, or has reason to suspect includes funds derived from illegal activity; and yes, the federal government considers all MRB activity illegal despite state legality.

A checking account opened for the dispensary owner – including those ancillary supporting businesses and individuals will trigger FinCEN SAR reporting requirements.

MRB SAR filing requirements can be burdensome. Which is why Hypur’s marijuana banking software includes automated SAR generation and submission.

Risk Analysis

At the end of the day, banking really boils down to risk management and regulators have been placing increasing importance in taking a risk-based approach to products offered and individual customer relationships.

Financial institutions should adopt risk management practices commensurate with the level of risk and complexity of an activity.

To satisfy this requirement, especially for MRBs, financial institutions should strongly consider performing a risk analysis on the business and individuals involved in the business. Separate risk ratings and scores should be assessed based on their marijuana related involvement.

Financial institutions should anticipate close regulatory scrutiny of their risk analysis regarding their MRB banking program, their MRB business accounts, and the individuals associated with the businesses.

Assessing and continually monitoring risk at multiple levels can be burdensome, especially if your current systems weren’t designed to accommodate this.

Hypur’s MRB bank compliance software allows financial institutions to assign and maintain multiple primary and secondary risk ratings and scoring for both businesses and the individuals involved.

MRB Banking Regulations – Challenging but Possible

Upon reviewing the somewhat limited MRB banking regulatory guidance, your initial reaction may be less than comforting because although the DOJ has outlined their priorities, they still leave the door open for enforcement actions at their discretion.

Although banking MRBs may seem daunting, the rewards may well be worth the effort. Especially considering many banks and credit unions have very successful MRB banking programs that benefit their institution and provide a great service to the communities they serve.


The other articles in this 5-part series on banking MRBs are:

Part 1 – Banking MRBs – Should Your Institution Do It?

Part 3 – Banking MRBs – Creating an MRB Banking Policy

Part 4 – Banking MRBs – Transaction Monitoring

Part 5 – Banking MRBs – Technology Solutions