Originally published in the November 2019 edition of Great Lakes Banker Magazine.
Many bankers have never experienced a more vexing issue in their entire careers as whether or not to bank marijuana-related businesses (MRBs). In no other aspect in banking are the theoretical risks so high, and yet the confusion among regulators, law enforcement, and lawmakers so manifest. As more states in the Great Lakes region, and around the country, liberalize their approach to marijuana, this article attempts to clear the air, so to speak, and give bankers some practical guidance regarding how to approach this constantly evolving area.
Evaluation of New Products & Services
As a threshold matter, banks considering whether to onboard MRB customers should undertake a comprehensive process of ensuring that marijuana banking activities comport with their risk tolerance and risk management capabilities. In that regard, banks should consider reviewing applicable general regulatory guidance about engaging in new products and services, like the OCC’s “New, Modified, or Expanded Bank Products and Services: Risk Management Principles.” Such guidance typically provides that an effective risk management process will include the following:
- Performing adequate due diligence;
- Developing and implementing controls and processes to ensure that risks are properly measured, monitored, and controlled; and
- Developing and implementing appropriate performance monitoring and review systems.
This approach provides a useful methodology to help banks and their boards of directors carefully and thoughtfully consider new significant initiatives, such as banking MRBs, and determine their appropriateness for their institutions. Moreover, by documenting their evaluation of marijuana banking activities using that guidance, banks can help demonstrate to their regulators that they are approaching marijuana banking in a disciplined and comprehensive manner.
If a bank decides to engage in some form of marijuana banking, it must understand the expectations of the Financial Crimes Enforcement Network (FinCEN), which have been echoed by the banking agencies, with respect to compliance with the Bank Secrecy Act and related anti-money laundering (BSA/AML) requirements for banks that maintain relationships with MRBs. In that regard, the February 2014 FinCEN guidance entitled, “BSA Expectations Regarding Marijuana-Related Businesses” (FinCEN Guidance) clarifies how banks can provide services to MRBs in a manner consistent with their BSA/AML obligations. Elements of the FinCEN Guidance are summarized below.
Marijuana Laws & Law Enforcement Priorities
Although many states have legalized certain marijuana-related activity, it remains illegal under federal law to manufacture, distribute, or dispense marijuana. Despite this federal prohibition, the Department of Justice (DOJ) previously issued guidance directing its prosecutors to focus their enforcement resources on certain priorities enumerated in its so-called “Cole Memo,” which was issued in February 2014 (after similar guidance in August 2013). In the Cole Memo, the DOJ stated that, while it is committed to enforcing the illegality of marijuana, it is also committed to using its limited investigative and prosecutorial resources to address the most significant threats, as enumerated in the priorities outlined below, in the most effective, consistent, and rational way.
The Cole Memo priorities, which are a core element of the FinCEN Guidance, include preventing: (i) the distribution of marijuana to minors; (ii) marijuana revenue from migrating to criminal elements; (iii) the diversion of marijuana into states where it remains illegal; (iv) marijuana activity being used as a pretext to engage in illegal activity; (v) violence and the use of firearms in connection with marijuana-related activity; (vi) drugged driving and the exacerbation of other adverse public health consequences; (vii) the growing of marijuana on public lands; and (viii) marijuana possession or use on federal property. It should be highlighted that the absence of these factors does not guarantee immunity from criminal prosecution, and these priorities have evolved over time, as described below.
In January 2018, then-Attorney General Jeff Sessions issued a memo entitled “Marijuana Enforcement” that rescinded the Cole Memo and stated, “In deciding which marijuana activities to prosecute under these laws with the Department’s finite resources, prosecutors should follow the well-established principles that govern all federal prosecutions.” That posture appears to have shifted under current Attorney General William Barr, who has stated in congressional testimony that he generally accepts the principles in the Cole Memo, especially because banks and others have relied on its guidance since it was issued. FinCEN and the banking agencies have informally said that notwithstanding these evolving DOJ policy shifts, the FinCEN Guidance (including any references to the Cole Memo) remains applicable.
Providing Financial Services to Marijuana-Related Businesses
Generally. FinCEN defers to each bank as to whether to provide services to MRBs, depending on the bank’s business objectives, risk evaluation, and risk management. Nonetheless, FinCEN expects banks to conduct significant initial and ongoing due diligence on its MRB customers, and to determine whether the activities of those customers could implicate any of the Cole Memo priorities described above.
Direct vs. Indirect Involvement. The FinCEN Guidance does not describe in detail the implications for a bank regarding how “directly” any customers are involved with MRBs, except to say that those customers with indirect marijuana relationships (such as commercial landlords that lease space to MRBs) may not require the same specific marijuana-related Suspicious Activity Report (SAR) filings described below. FinCEN further states that the extent to which a bank decides to provide services to an indirect MRB is a risk-based decision that depends on several factors specific to that bank, and on the relevant circumstances. Similarly, banking agencies generally also defer to the FinCEN Guidance and each bank’s risk tolerance in this regard.
Filing Suspicious Activity Reports on Marijuana-Related Businesses
Generally. Banks are required to file the following types of SARs on their MRB customers:
- Marijuana Limited. SARs on MRBs that do not implicate one of the Cole Memo priorities or violate applicable state law.
- Marijuana Priority. SARs on MRBs that may implicate one of the Cole Memo priorities or violate state law.
- Marijuana Termination. SARs if the bank terminates a relationship with an MRB.
Red Flags. The FinCEN Guidance provides “red flags” to help banks determine whether a marijuana-related business may be engaged in activity that implicates the Cole Memo priorities, including: (i) evidence of money laundering; (ii) insufficient licensure documentation; (iii) concealment of involvement in MRBs; (iv) enforcement actions and other negative information; (v) interstate or international activity; and (vi) proximity to schools or public lands.
In addition to the considerations described above, banks engaged with MRBs should work with experienced counsel regarding the following additional considerations, among others:
- Federal Law. With the passage of the 2018 Farm Bill (which generally legalized hemp under federal law), and the SAFE Banking Act (which would create a criminal law safe harbor for financial institutions working with MRBs) by the U.S. House of Representatives, and considering other proposals in Congress regarding marijuana issues, banks should monitor closely these federal legislative developments to understand how federal law is evolving and how it could affect their decisions in this area.
- State Requirements. Banks should become familiar with MRB guidance in those states where they operate branches and otherwise conduct business, including understanding all applicable regulatory documentation that they may need to properly evaluate MRBs.
- Internal Guidance. Banks should develop comprehensive policies, procedures, controls, and audit parameters to address the issues described in this article, as well as any future regulatory guidance and industry best practices.
- Customer Agreements. Account agreements should provide maximum flexibility under applicable law for banks to address MRB issues or terminate relationships with any MRBs, as necessary.
- Discussions with External Stakeholders. As banks address the issues described above, they also should discuss marijuana banking with their regulator(s), at least on an informal basis, and document those discussions. They should then maintain an ongoing dialogue with those agencies to monitor ongoing developments. Similarly, banks should consider discussing marijuana banking with other relevant external stakeholders, such as their correspondent banks and insurance carriers.
Regardless of any particular state law, marijuana remains illegal under federal law. Accordingly, banks cannot eliminate the risk of criminal prosecution or other administrative punishment, including seizure and forfeiture remedies, if they maintain relationships with MRBs. If banks nevertheless decide to have such relationships after evaluating all relevant risks, they should comport with applicable regulatory guidance and industry standards, which are complicated and continue to evolve. Although banking MRBs can be a profitable endeavor for banks who do it correctly, it’s certainly not easy being green.
About the Author
John Geiringer is a nationally recognized banking attorney who advises financial institutions on regulatory, governance, and investigative matters. John regularly provides focused training sessions to boards and management on a wide range of legal and risk management topics.