Adhering to the Bank Secrecy Act (BSA) can be an onerous and intensive task, and even more so for those financial institutions who are banking Marijuana Related Businesses (MRBs). Coupled with an ever-changing regulatory landscape and legislative guidelines which are open to interpretation, it’s no wonder financial institutions are choosing to tread cautiously, often choosing to do more rather than less when it comes to due diligence and creating a BSA program

The line between cannabis regulators and financial institutions can sometimes be blurred. Financial institutions are tasked with playing an active role in preventing money laundering, but are they required to play law enforcement?

When performing a site visit on an MRB how detailed should an inspection be?  When reviewing transactions how far into the detail should a bank go? Should banks be analyzing inventory and cross correlating this to transactions?

These are just some of the more common questions we have seen banks ask.

So, how should one go about deciding what their role is? Ask yourself one simple question, will the activity you are about to perform give insight to mitigate the risk of money laundering and contribute to your actions to ensure you are upholding the principles laid out in the Cole memo – If you answer yes, then that is your role as a financial institution.

Let’s consider two practical examples and whose role it is:

1. Inspecting locks, cameras and other operational / security equipment at the MRB facility

This would be the role of the regulator, and would form part of the roles and responsibilities set out in the cannabis license agreement.

2. Ensuring the presence of a security guard or dedicated person responsible for checking ID at the door.

This would be the responsibility of the Financial Institution, as having someone checking that persons entering the premises are over the legal age is a requirement prescribed by the Cole Memo.

When building your cannabis program and determining your responsibilities vs. those of the regulator keep in mind that it is not the responsibility of the financial institution to regulate the industry. Your responsibility is to build a BSA compliance strategy and enforce its policies to ensure you can effectively manage risk. This includes adhering to the regulations and record-keeping burdens required by legislation as well as being audited by the regulator. So that in the event of an audit you can provide your regulator with sufficient evidence to prove that you have done everything reasonably required to Know Your Customer and to mitigate the risk of money laundering.