Banking and Cannabis Enforcement Round Up:  NCUA Imposes First Penalty Relating to Cannabis Banking Services; Cannabis Industry Execs Convicted of Defrauding Banks into Providing Financial Services; Congress Again Introduces the SAFE Banking Act

0
17

Much has occurred in the last two months regarding the relationship between financial institutions and Marijuana-Related Businesses, or MRBs.  In this post, we discuss three major developments, all of which share a complex connection.  First, the National Credit Union Administration (“NCUA”) recently pursued its first enforcement action against a credit union for Anti-Money Laundering (“AML”) compliance failures when servicing MRBs.  Second, two cannabis industry executives were convicted of bank fraud for allegedly tricking banks and other financial institutions into unwittingly extending financial services to their MRB.  Third, and despite this enforcement drumbeat regarding MRBs, Congress has introduced again, with bi-partisan support, the SAFE Banking Act, which seeks to normalize the banking of cannabis by prohibiting federal bank regulators from taking certain actions against financial institutions servicing MRBs.

NCUA Imposes First Penalty Relating to Cannabis Banking Services

In the first enforcement action of its kind, the NCUA recently penalized Live Life Federal Credit Union (“Live Life”), a small, Michigan-based credit union, for alleged compliance failures involving its cannabis banking services. Importantly, the enforcement action does not penalize Live Life for servicing cannabis clients per se, but rather for doing so without complying with guidance from the Financial Crimes Enforcement Network (“FinCEN”). This enforcement approach is consistent with the fact that the Chairperson of the NCUA previously stated that the NCUA will not sanction federally-chartered credit unions for working with state-legal MRBs.

The Stipulation and Consent to Cease and Desist Order (“Order”), issued on February 19, 2021, requires Live Life to:

  • Implement an automated system to effectively monitor and identify all transactions for suspicious activity;
  • Engage a third party to perform a look back of MRB activity to determine the existence of suspicious activity warranting the filing of a Suspicious Activity Report (“SAR”), and file any SARs recommended by the third party;.
  • Immediately develop and implement a system to ensure all Currency Transaction Reports (“CTRs”) are filed accurately; and
  • Cease opening new MRB accounts and suspend transactional activity on existing Money Services Business, or MSB, accounts.

As we’ve reported, banking MRBs, while potentially lucrative, requires a great deal of heavy lifting on the compliance side. However, prior to this enforcement action, Live Life allegedly was relying on manual compliance processes to surveil its 150 MRB customers. This Order underscores that manual compliance processes are unlikely to be adequate for the task and lays out the functions regulators expect automated compliance and suspicious activity monitoring systems to include to support banks’ and credit unions’ compliance with FinCEN’s requirements for MRBs. Those functions are, at a minimum:

  • Reconciliation of MRB Point of Sale, METRC, or accounting system data relative to member deposits;
  • Ongoing monitoring of adverse public information affecting MRBs;
  • Timely verification of changes in licensure status, including notification of a lapse in an MRB’’ state licensure;
  • Systematic monitoring of unusual Automated Clearing House or wire activity for MRB accounts; and
  • Monitoring of FinCEN “Red Flags” outlined in FIN-2014-G001, “BSA Expectations Regarding Marijuana-Related Businesses,” which can be found here.

As we previously blogged, FinCEN has stated that there were approximately 684 banks and credit unions banking MRBs in the United States as of December 31, 2020. These 684 banks and credit unions, and any other financial institutions considering banking MRBs, should take notice of this Order and use it as a regulatory road map.

Cannabis Industry Execs Convicted of Defrauding Banks into Providing Financial Services

High-functioning, automated compliance systems take on greater significance in light of recent efforts to trick banks into processing transactions for a MRB. On March 24, 2021, two businessmen were convicted of conspiracy to commit bank fraud in the Southern District of New York for helping Eaze, an app for selling marijuana, process over $150 million worth of credit and debit card transactions without banks and other financial institutions detecting that the transactions related to marijuana sales. The defendants, Hamid Akhavan and Ruben Weigand, allegedly carried out an elaborate plan to build a series of fake websites and third-party companies, all of which allowed Eaze to receive federally illegal payments between 2016 and 2019. Akhavan and Weigand were released on bail pending sentencing currently scheduled for June 25, 2021.

According to the press release issued by the U.S. Attorney’s Office, the alleged scheme in part:

. . . . involved the deception of virtually all of the participants in the payment processing network, including issuing banks in the United States (the “Issuing Banks”) and [credit card companies].  The primary method used by AKHAVAN, WEIGAND, and other coconspirators to deceive the Issuing Banks involved the purchase and use of shell companies that were used to disguise the marijuana transactions through the use of phony merchants (the “Phony Merchants”).  The shell companies were used to open offshore bank accounts with merchant acquiring banks and to initiate credit card charges for marijuana purchases made through the Company.  AKHAVAN and WEIGAND worked with other co-conspirators to create these phony merchant accounts – including phony online merchants purportedly selling dog products, diving gear, carbonated drinks, green tea, and face creams – and established [credit card] merchant processing accounts with one or more offshore acquiring banks.  They then arranged for more than a dozen Phony Merchants to be used by the Company to process debit and credit card purchases of marijuana products.  Many of the Phony Merchants purported to be based in the United Kingdom, but, despite being based outside the United States, claimed to maintain U.S.-based customer service numbers.

To facilitate the Scheme, webpages were created and deployed to lend legitimacy to the Phony Merchants.  The Phony Merchants typically had web pages suggesting that they were involved in selling legitimate goods, such as carbonated drinks, face cream, dog products, and diving gear.  Yet these companies were actually being used to facilitate the approval and processing of marijuana transactions.  The defendants’ scheme even involved fake visits to those websites to make it appear as though the websites had real customers and were operating legitimate online businesses.

During the trial, a former Eaze CEO who had pleaded guilty and cooperated with the government reportedly testified that he believed that the transactions would not be processed if the banks had known of the true nature of the transactions because, according to the witness, most major banks still refuse to work with MRBs because marijuana is still illegal under federal drug laws.

Congress Again Introduces the SAFE Banking Act

In March 2021, the Secure and Fair Enforcement (SAFE) Banking Act was re-introduced in the U.S. House and Senate with bipartisan support.  As we have blogged, the SAFE Banking Act seeks to normalize the banking of cannabis and would prohibit federal banking regulators from:

  • Terminating or limiting the deposit insurance or share insurance of a financial institution for providing financial services to a MRB;
  • Prohibiting or discouraging a financial institution from offering financial services to a MRB;
  • Penalizing a depository institution or a service provider for authorizing, processing, clearing, settling, billing, transferring, reconciling or collecting payments for a MRB for payments made by any means;
  • Recommending, incentivizing, or encouraging a financial institution not to offer financial services to an account holder solely because the account holder is affiliated with a MRB; and
  • Taking any adverse or corrective supervisory action on a loan made to a person because the person either owns a MRB or owns real estate or equipment leased or sold to a MRB.

Most importantly, the bill would remove the risk of liability and forfeiture exposure for depository institutions, service providers and insurers (and their officers, directors, and employees) that provide loans or other services to MRBs. Further, it would require the Federal Financial Institutions Examination Council to develop guidance and examination procedures for financial institutions that serve state-legal MRBs.  Such uniform guidance would help ensure that all financial institutions could offer services to MRBs under substantially similar regulatory expectations. The bill also would require a government studies regarding diversity in the marijuana industry and the effectiveness of suspicious activity reports for MRBs and service providers.

Although the political fortunes of the SAFE Banking Act remain unclear at best, its passage certainly would reduce significantly the risks facing financial institutions servicing MRBs and the likelihood of financial institutions engaging in the type of alleged conduct which gave rise to the enforcement actions described in this post.  Nonetheless, given the inherent risk presented by MRBs, heightened AML monitoring by financial institutions still would be necessary even if the SAFE Banking Act were to pass.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.  To learn more about Ballard Spahr’s Cannabis Group, please click here.