This article was written in collaboration with Jake Fanella and Jessica Caballero at VeriLeaf. VeriLeaf is a modern RegTech platform that optimizes the onboarding, review and ongoing compliance required for high-risk banking markets. VeriLeaf leverages state-specific requirements and the financial institution’s compliance program to streamline qualification, risk assessment, and onboarding of high-risk businesses in markets like CBD/hemp, money services, cannabis, and alcohol. More information can be found here.
On June 29, the Financial Crimes Enforcement Network (FinCEN) issued guidance (the “June guidance”) to “address questions related to Bank Secrecy Act/Anti-Money Laundering (BSA/AML) regulatory requirements” for providing banking services to hemp businesses. By its terms, the June guidance is “intended to enhance the availability of financial services for” hemp businesses – something that has been sorely lacking since hemp (i.e., cannabis containing less than 0.3% THC) was legalized at the federal level under the Agriculture Improvement Act of 2018 (the “2018 Farm Bill,” which we analyzed here).
Broadly speaking, the BSA requires that a financial institution establish an effective “AML Compliance Program,” comply with customer due diligence (CDD) and customer identification program (CIP) obligations, report certain currency transactions, and file a “Suspicious Activity Report” (SAR) when it detects a “known or suspected violation of Federal law or a suspicious transaction related to a money laundering activity or a violation of the [BSA].” In guidance issued on December 3, 2019 (the “December guidance,” which we analyzed here), FinCEN and other federal regulators clarified that financial institutions are not required to file a SAR regarding a hemp customer “solely because” the customer grows or cultivates hemp. The June guidance builds on the December guidance by (1) clarifying a financial institution’s CDD and CIP obligations with respect to its hemp customers, and (2) providing examples of “suspicious activity” that may prompt a financial institution to file a SAR regarding one of its hemp customers.
Customer Due Diligence and Customer Identification Programs
The BSA generally requires that a financial institution incorporate interwoven CIP and CDD procedures into its AML Compliance Program to assist in determining a customer’s true identity, understanding the types of activities in which the customer is likely to engage, and identifying and reporting potential suspicious activities based on the use of the customer’s account. An AML Compliance Program must also include “[a]ppropriate risk-based procedures for conducting ongoing customer due diligence.” This ongoing CDD must include the development of a “customer risk profile” and “monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information,” including “information regarding the beneficial owners of legal entity customers.”
The June guidance makes clear that financial institutions should tailor the customer risk profiles of and CDD for their hemp clients to reflect the unique aspects of the hemp industry. For example, when performing CDD on a hemp customer, a financial institution should verify the customer is complying with the licensing requirements of the jurisdiction in which it is operating. The June guidance states that an institution can “confirm [a] hemp grower’s compliance … by either obtaining (1) a written attestation by the hemp grower that they are validly licensed, or (2) a copy of such license.” Whether additional information is required “will depend on the financial institution’s assessment of the level of risk posed by” the customer. The June guidance provides the following examples of additional information a financial institution could seek: (1) crop inspection or testing reports; (2) license renewals; (3) updated attestations from the hemp customer; or (4) the customer’s correspondence with the applicable state, tribal, or federal licensing authority.
Suspicious Activity Reporting
Suspicious activity monitoring and reporting are essential components of a financial institution’s BSA/AML compliance obligations and are intricately related to the institution’s CDD program. A financial institution must file a SAR if it knows, suspects, or has reason to suspect that a transaction conducted or attempted by, at, or through the financial institution: (i) involves funds derived from illegal activity or is an attempt to disguise funds derived from illegal activity; (ii) is designed to evade BSA regulations; or (iii) lacks a business or apparent lawful purpose “or is not the sort in which the particular customer would normally be expected to engage.”
Like the December guidance, FinCEN’s June guidance states that “financial institutions are not required to file a [SAR] on customers solely because they are engaged in the growth or cultivation of hemp in accordance with applicable laws and regulations.” Here, “solely” is the operative word – financial institutions still must utilize their customer risk profiles and ongoing CDD to determine whether their hemp customers are engaged in “suspicious activity” that warrants a SAR. The June guidance lists examples of such suspicious activity:
- “A customer appears to be engaged in hemp production in a state or jurisdiction in which hemp production remains illegal.”
- “A customer appears to be using a state-licensed hemp business as a front or pretext to launder money derived from other criminal activity or derived from marijuana-related activity that may not be permitted under applicable law.”
- “A customer engaged in hemp production seeks to conceal or disguise involvement in marijuana-related business activity.”
- “The customer is unable or unwilling to certify or provide sufficient information to demonstrate that it is duly licensed and operating consistent with applicable law, or the financial institution becomes aware that the customer continues to operate (i) after a license revocation, or (ii) inconsistently with applicable law.”
The June guidance also speaks to a financial institution’s SAR obligations with respect to a customer involved with both federally legal hemp and federally illegal marijuana. If the customer’s hemp and marijuana proceeds are commingled in the same account, the institution must file a marijuana-specific SAR based on “FinCEN’s 2014 Marijuana Guidance,” which we analyzed here. But if the hemp and marijuana proceeds are kept in separate accounts or are separately identifiable, “then the 2014 Marijuana Guidance, including specific SAR filing, applies only to the marijuana-related part of the business.”
Many financial institutions have remained hesitant to provide services to the hemp industry in the 18+ months since the 2018 Farm Bill, due in large part to the perceived burden of incorporating hemp-specific procedures into their AML Compliance Programs. The June guidance may alleviate that burden to an extent by providing additional clarity regarding an institution’s BSA/AML obligations when banking hemp. With many banks remaining on the sidelines, the rewards for those willing to serve the hemp industry could far exceed the costs.