Enhancing BSA Policies to Address Marijuana Related Businesses
Currently, 33 states and the District of Columbia have passed laws legalizing marijuana in some form (i.e. medical, recreational or both). Therefore, it stands to reason that the likelihood of your financial institution offering banking services to an entity or an individual closely related to the marijuana industry (including hemp) is highly probable.
Whether your financial institution knowingly or unknowingly offers banking services to marijuana/hemp related businesses and/or individuals, your BSA policy may not adequately reflect your financial institution’s intentions. Depending on your decision to offer banking services, how specific and detailed are those intentions outlined within the program?
Most policies contain a broad statement indicating that your financial institution will or will not offer banking services to Marijuana Related Businesses (MRBs); however, does that statement include just those entities that grow or dispense marijuana? What about the suppliers, vendors, employees and the local municipalities that all benefit or receive proceeds that are derived from the marijuana industry? As noted above, with the legalization of marijuana use in some form in more than half the United States, it is highly likely that your financial institution is already banking entities or individuals related to the marijuana industry.
Another area that is not always addressed or viewed as similar, is hemp. As of the date of this article, hemp remains part of the Controlled Substance Act and is listed as a Schedule 1 Substance. However, there are many states that permit licensed growers to produce industrial hemp for commercial purposes. If your financial institution is located in one those states, you may have additional challenges addressing hemp in the BSA policy. Is it specifically addressed or carved out if you do offer banking services to the hemp industry?
The fact is, there are many differences in banking marijuana dispensaries, growers, hemp producers, vendors, suppliers and employees and your policies should be specific and detailed.
Tier Risk Assessment
Examiner expectations have evolved from a basic policy statement to a more in-depth process that involves a tier risk rating system that summarizes the risks, tier types and categories that entities and individuals may fall under within your program, which ultimately determines the level of due diligence each will require.
As a basic example, let’s assume that your financial institution has decided it will not offer banking services to marijuana dispensaries or growers; however, it recognizes that with a number of dispensaries in your small town, that you are likely banking vendors, suppliers and/or employees.
A tier risk rating system would have tiers based on risk – Tier I, Tier 2 and Tier 3. Tier types would summarize the involvement of the entity or individual – Direct or Indirect. Lastly, the category would summarize the type of business and/or occupation – Dispensary, Packaging Supplier or Employee.
If Tier 2 is Moderate Risk and Tier 3 is Low Risk, you might list the known vendors in Tier 2 and the employees in Tier 3, with the appropriate due diligence and monitoring schedule for each.
Enhancing the BSA program to this extent will help eliminate potential examiner criticism if its determined that your financial institution does offer banking services to vendors, suppliers or employees and the policy statement was so broad and vague leaving the statement open to interpretation.
The enhancement will further serve to improve the BSA Risk Assessment when quantifying and qualifying the financial institution’s customer base and high-risk customers.
For a sample Tier Risk Rating Matrix, please contact the author directly at
- Employee Benefit Plans7
- Fortner Bayens, P.C. Banking Letters29
- General Interest11
- IT Risk Management20
- Loan Review and Asset Management34
- Regulatory Compliance22