Eighteen years after the passage of the USA PATRIOT Act, banks now face a new wave of compliance challenges obscured by a cloud of smoke. It started in Colorado, the first state to decriminalize marijuana at the state level. Of course, marijuana remains, as it has since 1970, on the Federal Schedule I list of controlled substances making it illegal under federal law. Banks were caught in the middle. There were new businesses that needed banking services but even taking deposits from those businesses could open a bank to liability for money laundering, racketeering, and a host of regulatory violations.

The initial solution in the “Colorado Experiment” was that marijuana related businesses became hoarders of cash. Thousands upon thousands of dollars needed to be carried to handle simple tasks like paying suppliers, payroll, and giving change to customers. The excessive use of cash brought with it tremendous risks for the businesses with criminals seeking to take advantage of the vulnerability of large amounts of cash in relatively unsecure locations.

Even in Colorado the entirely cash based business proved unworkable. Someone needed to provide banking services to these businesses if for no other reason than providing safety to employees from the constant threat of violence and robbery. Deputy Attorney General James Cole issued a memo (“Cole Memo”) giving enforcement priorities to US Attorneys which was quickly followed by FinCEN guidance on how financial institutions could meet the suspicious activity regulatory burden when providing banking services to a marijuana related business. Unfortunately, the solution is anything but clear with a three-tiered reporting system requiring banks to gather more and more information from their customers.

Years later, the “Colorado Experiment” has expanded to a host of states across the country and as of January 1, 2020, Iowa’s neighbor to the East will join the experiment. This brings the issue front and center for Eastern Iowa banks operating along the border and eventually to the broader Iowa banking community. Unfortunately, the questions long outstrip the answers. The Cole Memo was rescinded, but the FinCEN guidance remains intact. Can banks work with these businesses and maintain their Anti-Money Laundering programs? What exactly is, and is not, a “marijuana related business”?

For those banks not near the border, the forthcoming ability of farmers to grow hemp and the ubiquitous presence of CBD both in medical dispensaries and local retail outlets also raises issues for banks. Do banks need to file suspicious activity reports on these entities? What about on their employees depositing paychecks? Their landlords depositing rent checks?

Assessing compliance risk for banks has never been more important, or more difficult. In addition to in-house compliance officers and extensive staff training, banks should consider discussing issues before they arrive with their attorney. Dickinson, Mackaman, Tyler & Hagen P.C.’s Compliance Services can help bank compliance departments see through the haze, clear the air, and help bank management breathe easy again knowing they have a trusted partner to maintain the compliance health of the institution.