No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Featured

Assessing the Risks Associated with Cannabis-Based Businesses in the U.S. and Canada

How to Mitigate Risks Without Penalizing Legitimate Businesses

by Rachel Woolley
July 23, 2019
in Featured, Financial Services
burlap sack of money on black background

The federal government still prohibits banks from doing business with cannabis-based businesses, leading banks to miss out on a green opportunity. Fenergo’s Rachel Woolley shares insight into how banks should view onboarding cannabis-based businesses.

Even though Colorado announced that over $1 billion of its state revenue was derived from marijuana sales, the U.S. federal government still prohibits banks from doing business with cannabis-related businesses. And while several U.S. states have moved to legalize cannabis, it remains illegal under federal law. In Canada, the Cannabis Act came into force on October 17, 2018; however, cannabis-related businesses continue to be considered high risk by financial institutions.

Regulatory Positions in U.S. and Canada

The U.S. and Canada have their own set of regulatory rules when it comes to cannabis. In the U.S., the Controlled Substances Act (CSA) makes it illegal under federal law to manufacture, distribute or dispense cannabis. The Cole Memo issued in 2013 reiterates Congress’ determination that cannabis is a dangerous drug, noting that the Department of Justice (DOJ) is committed to enforcement of the CSA. In 2014, the Financial Crimes Enforcement Network (FinCEN) outlined the Bank Secrecy Act (BSA) expectations, which mandated that financial institutions take a risk-based approach when deciding to open, close or refuse accounts/relationships relating to cannabis-related businesses. This included conducting due diligence, including verifying any applicable state licenses and ensuring a robust understanding of the nature and purpose of the account/relationship.

In relation to reporting obligations, financial institutions are obligated to file a suspicious activity report (SAR) if there is a suspicion that funds relate to illicit activity; this is not affected by state law. In addition, currency transaction reports are applicable to cannabis-related businesses, and the same thresholds apply.

Unlike the U.S. market, in Canada, cannabis is now legal. When it comes to banking with cannabis-related companies, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) says that a bank must determine what is considered acceptable for its business operation and risk appetite. Banks are required to evaluate the risk of money laundering/tax fraud (ML/TF) when conducting business with cannabis-related businesses pursuant to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated regulations.

As with many other products and services, there is always the potential for illicit activity to take place. Therefore, banks need to be familiar with industry laws in order to effectively detect suspicious transactions and activities.

Assessing Risk

As part of a robust risk assessment process, banks should take a number of factors into consideration – including, for example, whether the business is licensed or registered in the province or state in which it is located. Other considerations include:

  • the ownership and control structure of the business,
  • whether the transactional activity (e.g., use of debit, credit, cash, etc.) is consistent with what is expected from other retailers or similar types of businesses and
  • whether the types and amounts of the transactions conducted are consistent with what is known about the business (normal and expected activity for that business) and the industry itself.

With sales of legal cannabis in the U.S. amounting to nearly $10 billion in 2018 alone and the worldwide market growing by 37 percent, banks are missing out on a “green” opportunity. When it comes to assessing the risk of taking on cannabis-related business, there needs to be a balance between mitigating risk and penalizing a legitimate business. It’s also worth noting that if cannabis-related businesses cannot gain access to the formal financial system, they may be forced to conduct business through illegitimate means. Banks should view onboarding cannabis-related businesses as they would any business from an AML perspective, by taking a risk-based approach and evaluating a number of elements, asking questions such as:

  • Is the entity involved directly in production or distribution?
  • Are they fundamentally involved in the industry, or simply supplying a small part of the process?
  • Are they a manufacturer, distributor or supplier?
  • Is that supply incidental?
  • Who are the customers? (general public vs. individuals with prescriptions (i.e., a limited group))
  • What is the product purpose? (recreational vs. medicinal)
  • Is the entity licensed or regulated?

Looking Forward

Developments continue regarding the legalization of cannabis under U.S. federal law with a number of bills proposed in an effort to reform marijuana laws. In particular, the Secure and Fair Enforcement (SAFE) Banking Act, which seeks to restrict a regulator’s ability to discourage financial institutions from doing business with cannabis-related entities, is expected to be heard by the Senate committee in the coming weeks. Though cannabis would still not be legal under federal law, it is considered to be a step toward further changes in relation to federal drug policy.

Should current trends continue, there’s no denying the U.S. and Canada’s cannabis market will continue to grow and prosper. Therefore, it’s critical that financial institutions assess the risks and ensure compliance with AML/CTF obligations before giving the green light to cannabis-related businesses.


Tags: AMLBank Secrecy Act (BSA)BankingCannabisDOJDue DiligenceFinancial Crimes Enforcement Network (FinCEN)
Previous Post

No-Fail Events to Take the Pulse of Your Compliance Program

Next Post

The Convergence Between the FCPA and Suspension and Debarment

Rachel Woolley

Rachel Woolley

Rachel Woolley, Global AML Manager at Fenergo, has over 10 years of experience in the financial services industry, having worked primarily in the funds industry and retail banking. She has a strong background in regulatory compliance, particularly in the areas of anti-money laundering and counter terrorist financing (AML/CTF). Rachel holds a BSc (Hons) Degree in Applied Accounting from the Oxford Brookes University and is an ACCA Affiliate. She currently holds three professional designations: Licentiate of the Association of Compliance: Officers in Ireland (LCOI), Certified Financial Crime Prevention Practitioner (CFCPP) and Certified Data Protection Officer (CDPO).

Related Posts

board of directors meeting table

Before You Say Yes to That Board Seat: A Director’s Due Diligence Checklist

by Chase Cole and Sidney Edgar
June 24, 2025

Public company directors face scrutiny from Wall Street, Congress, the SEC and beyond — comprehensive preparation is essential for business...

doj distorted

FCPA Enforcement Back on at DOJ — With a New Look

by Jennifer L. Gaskin
June 18, 2025

After a shorter-than-expected pause, officials with the DOJ have formally renewed the department’s enforcement of the FCPA. CCI’s Jennifer L....

doj exterior sign

How to Use the DOJ’s ECCP to Build (or Fix) Your Compliance Program

by Susan Divers
June 5, 2025

Corporate compliance programs face increasing scrutiny as the DOJ applies its evaluation framework across industries and company sizes, from multinational...

sudden change

When Deregulation Means More Work: The Compliance Professional’s Paradox

by Elaine F. Duffus
June 3, 2025

Whipsaw changes can multiply workload for compliance teams

Next Post
white hard hat on american flag signifying government contractor

The Convergence Between the FCPA and Suspension and Debarment

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights