Regulatory Requirements for Cannabis-Related Businesses and Financial Institutions

As a result of a more rigorous interpretation of the 2014 FinCEN guidance, financial institutions are now being required to report more data about their marijuana-related business members on an ongoing basis. Failure to adhere to these standards could force financial institutions to discontinue their marijuana-related business account program and face onerous and costly regulatory sanctions.

The change also is impacting cannabis-related businesses, who are now required to have a sales/deposit validation process in place to validate revenue and ensure that monthly business revenue correlates to monthly deposit activity.

Additionally, CRBs must provide specific information about investors and vendors in order to perform due diligence. If they are unable to meet these new standards, their financial institutions may be forced to close their account.

FinCEN Expectations of CRBs and Financial Institutions

  • CRBs are required to provide their financial institution with their OMP Adult Use license and/or Medical Cannabis caregiver card when they open an account. In the case of an Adult Use
    CRB member, “conditional” or “conditional/pending” license statuses are acceptable to open an account provided that their status changes to “active” after 30 days.
  • When CRBs establish an account, they are required to show their financial institution that their Adult Use licenses and caregiver cards are current on an ongoing basis.
  • Financial institutions are required to obtain information about their CRBs’ normal and expected activity, including products sold and types of customers served, at account opening. CRBs are required to provide updated information to their financial institution when there are significant changes to their business and account activity.
  • Financial institutions are required to perform ongoing monitoring of publicly available sources for adverse information about the business and related parties (owners, vendors, and investors).
  • Financial institutions are required to perform ongoing monitoring of suspicious activity including any red flags listed in the FinCEN guidance.
  • Financial institutions are required to compare the account activity with the CRB’s sales/revenue data through METRC or some other automated accounting software to ensure there is a correlation between the two. This is known as a “reconciliation” process. If there is a significant discrepancy between the account activity and the accounting information provided, the CRB will be required to explain why and, if they are unable to do so, may have their account terminated.