As stated in previous writing, the software tools and services need to implement the Cannabis related Business financial processes have a unique set of technical attributes due to the added complexity federal and state regulation. The software functionality needed must be a secure database system which can be viewed and interacted with through a User Interface (UI) of different authorization and access levels consisting of:
Know-Your-Customer (KYC) software → Information regarding the actors in the system will need to be collected and stored to ensure points 1-3 of the Cole Memo Priorities, 1-3 FinCEN Guidance Priorities, and 5-7 of FinCEN Guidance Priorities. The state licensing process and information regarding the application and applicants must be readily available in the system to verify with the appropriate state authorities that a business is licensed and registered to operate as a CRB. Distributors must be required to collect customer information to prevent the distribution of marijuana to minors, criminal entities, and beyond state lines. This information must be updated along with ongoing monitoring of these actors to ensure the maintenance of full compliance with the current regulations.
Financial transaction tracking → Financial tracking of all transactions in the system must be collected and stored to ensure points 4 of Cole Memo Priorities and 4-7 of FinCEN Guidance Priorities. The financial tracking software must include mechanisms to determine whether CRBs are acting as pretext for the trafficking of other illegal drugs or other illegal activity as well as trafficking their generated revenue to other entities themselves. Ongoing monitoring of these financial transactions must be implemented to ensure compliance.
Granular product Information monitoring → Geographical, quality, and ownership information of the product must be collected and stored to ensure points 5-8 of the Cole Memo Priorities and 5-7 of the FinCEN Guidance Priorities. The product information and tracking software must include mechanisms to determine ownership that would prevent the misuse of the product. It would also include the storage of geographical information to prevent the growth and use of cannabis on public or federal lands. This information must be updated on a periodic basis for risk reevaluation to ensure the maintenance of full compliance with the current regulations.
Furthermore, there must be ways to communicate with federal institutions that regulate the industry. The software must provide actionable functionality to ensure a breach of compliance through KYC, financial tracking, and granular product information is monitored by the system. Suspicious Activity Reports will be automatically filed by the software ensuring the utmost compliance and reducing overhead cost of traditional BSA services.
Suspicious Activity Report (SAR) Filing for CRBs
“Marijuana Limited” SAR Filings
A financial institution providing financial services to a marijuana-related business that it reasonably believes, based on its customer due diligence, does not implicate one of the Cole Memo priorities or violate state law should file a “Marijuana Limited” SAR. The content of this SAR should be limited to the following information: (i) identifying information of the subject and related parties; (ii) addresses of the subject and related parties; (iii) the fact that the filing institution is filing the SAR solely because the subject is engaged in a marijuana-related business; and (iv) the fact that no additional suspicious activity has been identified. Financial institutions should use the term “MARIJUANA LIMITED” in the narrative section.
A financial institution should follow FinCEN’s existing guidance on the timing of filing continuing activity reports for the same activity initially reported on a “Marijuana Limited” SAR.6 The continuing activity report may contain the same limited content as the initial SAR, plus details about the amount of deposits, withdrawals, and transfers in the account since the last SAR. However, if, in the course of conducting customer due diligence (including ongoing monitoring for red flags), the financial institution detects changes in activity that potentially implicate one of the Cole Memo priorities or violate state law, the financial institution should file a “Marijuana Priority” SAR.
“Marijuana Priority” SAR Filings
A financial institution filing a SAR on a marijuana-related business that it reasonably believes, based on its customer due diligence, implicates one of the Cole Memo priorities or violates state law should file a “Marijuana Priority” SAR. The content of this SAR should include comprehensive detail in accordance with existing regulations and guidance. Details particularly relevant to law enforcement in this context include: (i) identifying information of the subject and related parties; (ii) addresses of the subject and related parties; (iii) details regarding the enforcement priorities the financial institution believes have been implicated; and (iv) dates, amounts, and other relevant details of financial transactions involved in the suspicious activity. Financial institutions should use the term “MARIJUANA PRIORITY” in the narrative section to help law enforcement distinguish these SARs.
“Marijuana Termination” SAR Filings
If a financial institution deems it necessary to terminate a relationship with a marijuana-related business in order to maintain an effective anti-money laundering compliance program, it should file a SAR and note in the narrative the basis for the termination. Financial institutions should use the term “MARIJUANA TERMINATION” in the narrative section. To the extent the financial institution becomes aware that the marijuana-related business seeks to move to a second financial institution, FinCEN urges the first institution to use Section 314(b) voluntary information sharing (if it qualifies) to alert the second financial institution of potential illegal activity. See Section 314(b) Fact Sheet for more information.
Red Flags to Distinguish Priority SARs
The following red flags indicate that a marijuana-related business may be engaged in activity that implicates one of the Cole Memo priorities or violates state law. These red flags indicate only possible signs of such activity, and also do not constitute an exhaustive list. It is thus important to view any red flag(s) in the context of other indicators and facts, such as the financial institution’s knowledge about the underlying parties obtained through its customer due diligence. Further, the presence of any of these red flags in a given transaction or business arrangement may indicate a need for additional due diligence, which could include seeking information from other involved financial institutions under Section 314(b). These red flags are based primarily upon schemes and typologies described in SARs or identified by our law enforcement and regulatory partners, and may be updated in future guidance.
Proposed Software Tools to Implement
Hyperledger Fabric is a blockchain framework implementation and one of the Hyperledger projects hosted by The Linux Foundation. Intended as a foundation for developing applications or solutions with a modular architecture, Hyperledger Fabric allows components, such as consensus and membership services, to be plug-and-play. Hyperledger Fabric leverages container technology to host smart contracts called “chaincode” that comprise the application logic of the system. Hyperledger Fabric offers financial solutions for streamlined settlement, improved liquidity, increased transparency and new products/markets.
Hyperledger Fabric is the optimal solution for distributed data storage and interaction because of its channels functionality. A Hyperledger Fabric channel is a private “subnet” of communication between two or more specific network members, for the purpose of conducting private and confidential transactions. A channel is defined by members (organizations), anchor peers per member, the shared ledger, chaincode application(s) and the ordering service node(s). Each transaction on the network is executed on a channel, where each party must be authenticated and authorized to transact on that channel. Each peer that joins a channel, has its own identity given by a membership services provider (MSP), which authenticates each peer to its channel peers and services. Hyperledger Fabric also has solutions needed to incorporate the software architecture requirements to solve the problems of cannabis financial processing.
KYC Software → Hyperledger Fabric Member Service Provider: The membership service provider (MSP), is a component that defines the rules in which identities are validated, authenticated, and allowed access to a network. The MSP manages user IDs and authenticates clients who want to join the network. This includes providing credentials for these clients to propose transactions. The MSP makes use of a Certificate Authority, which is a pluggable interface that verifies and revokes user certificates upon confirmed identity. The default interface used for the MSP is the Fabric-CA API, however, organizations can implement an External Certificate Authority of their choice.
Financial Transaction Tracking → Hyperledger Fabric Blockchain Ledger: Records all transactions that occur in the system. The Hyperledger Blockchain Ledger provides a verifiable history of all successful state changes as well as unsuccessful attempts to change state occurring during the operation of the system. The ledger allows peers to replay the history of all transactions and to reconstruct the state, enhancing the auditability functionality of the system. Smart contracts within the system can execute the automatic generation of the proper BSA SAR files to be reported to FinCEN.
Granular Product Information → Hyperledger Fabric World State Database: Reflects the current data about all the assets in the network. This data is stored in an indexed distributed database for efficient access. The product information will contain geographical, quality, and ownership information of the product and all changes to the product information can be tracked via the Hyperledger Blockchain.
CRBs are experiencing significant growth and limited support from financial institutions necessary to securely scale business. The complexity of conflicting state and federal regulations are compounded by the vast amount of information that monitoring agencies do not have access to. This exposes the immense confusion surrounding the legality of CRB financial processes and activities and forces CRBs to interact in a cash-intensive ‘grey-area’ promoting money laundering and illegal activity.
By explicitly defining regulatory compliance for CRBs and surmising business pathways to fulfill this compliance without creating inequality within the market, the friction between CRBs and financial institutions can be significantly reduced. Further analyzing technical solutions to implement those business pathways in a cost effective manners led to the conclusion of a private blockchain framework to facilitate a trustless system where compliance is maintained throughout the system.