Assessing the Risks Associated with Cannabis-Based Businesses in the U.S. and Canada

Even though Colorado announced that over $1 billion of its state revenue was derived from marijuana sales, the U.S. federal government still prohibits banks from doing business with cannabis-related businesses. And while several U.S. states have moved to legalize cannabis, it remains illegal under federal law. In Canada, the Cannabis Act came into force on October 17, 2018; however, cannabis-related businesses continue to be considered high risk by financial institutions.

Regulatory Positions in U.S. and Canada

The U.S. and Canada have their own set of regulatory rules when it comes to cannabis. In the U.S., the Controlled Substances Act (CSA) makes it illegal under federal law to manufacture, distribute or dispense cannabis. The Cole Memo issued in 2013 reiterates Congress’ determination that cannabis is a dangerous drug, noting that the Department of Justice (DOJ) is committed to enforcement of the CSA. In 2014, the Financial Crimes Enforcement Network (FinCEN) outlined the Bank Secrecy Act (BSA) expectations, which mandated that financial institutions take a risk-based approach when deciding to open, close or refuse accounts/relationships relating to cannabis-related businesses. This included conducting due diligence, including verifying any applicable state licenses and ensuring a robust understanding of the nature and purpose of the account/relationship.

In relation to reporting obligations, financial institutions are obligated to file a suspicious activity report (SAR) if there is a suspicion that funds relate to illicit activity; this is not affected by state law. In addition, currency transaction reports are applicable to cannabis-related businesses, and the same thresholds apply.

Unlike the U.S. market, in Canada, cannabis is now legal. When it comes to banking with cannabis-related companies, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) says that a bank must determine what is considered acceptable for its business operation and risk appetite. Banks are required to evaluate the risk of money laundering/tax fraud (ML/TF) when conducting business with cannabis-related businesses pursuant to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its associated regulations.

As with many other products and services, there is always the potential for illicit activity to take place. Therefore, banks need to be familiar with industry laws in order to effectively detect suspicious transactions and activities.

Assessing Risk

As part of a robust risk assessment process, banks should take a number of factors into consideration – including, for example, whether the business is licensed or registered in the province or state in which it is located. Other considerations include:

• the ownership and control structure of the business,
• whether the transactional activity (e.g., use of debit, credit, cash, etc.) is consistent with what is expected from other retailers or similar types of businesses and
• whether the types and amounts of the transactions conducted are consistent with what is known about the business (normal and expected activity for that business) and the industry itself.

With sales of legal cannabis in the U.S. amounting to nearly $10 billion in 2018 alone and the worldwide market growing by 37 percent, banks are missing out on a “green” opportunity. When it comes to assessing the risk of taking on cannabis-related business, there needs to be a balance between mitigating risk and penalizing a legitimate business. It’s also worth noting that if cannabis-related businesses cannot gain access to the formal financial system, they may be forced to conduct business through illegitimate means. Banks should view onboarding cannabis-related businesses as they would any business from an AML perspective, by taking a risk-based approach and evaluating a number of elements, asking questions such as:

• Is the entity involved directly in production or distribution?
• Are they fundamentally involved in the industry, or simply supplying a small part of the process?
• Are they a manufacturer, distributor or supplier?
• Is that supply incidental?
• Who are the customers? (general public vs. individuals with prescriptions (i.e., a limited group))
• What is the product purpose? (recreational vs. medicinal)
• Is the entity licensed or regulated?

Looking Forward

Developments continue regarding the legalization of cannabis under U.S. federal law with a number of bills proposed in an effort to reform marijuana laws. In particular, the Secure and Fair Enforcement (SAFE) Banking Act, which seeks to restrict a regulator’s ability to discourage financial institutions from doing business with cannabis-related entities, is expected to be heard by the Senate committee in the coming weeks. Though cannabis would still not be legal under federal law, it is considered to be a step toward further changes in relation to federal drug policy.

Should current trends continue, there’s no denying the U.S. and Canada’s cannabis market will continue to grow and prosper. Therefore, it’s critical that financial institutions assess the risks and ensure compliance with AML/CTF obligations before giving the green light to cannabis-related businesses.