RESOURCES | Content | Blog Posts

You Don't Know Pot: 5 Fundamentals to Understanding, Identifying, and Monitoring for CRBs
Published on July 14, 2020
Cannabis-related businesses (CRBs) are showing up in more places than you may think as the industry continues to grow and expand into new markets. Hemp, CBD, marijuana — how can you know if your financial institution is or is not providing services to a CRB and determine your level of risk?


And as with other areas of financial compliance, there are a number of steps to take to achieve robust cannabis compliance for your organization. The identification process can be simplified through these five practices.

5 Fundamentals to Understanding, Identifying, and Monitoring CRBs

First and foremost, establish written cannabis-specific policies and procedures. This means going beyond a blanket “no marijuana policy” or “no cannabis policy.” Poorly constructed cannabis policies and procedures are an increasing risk to any effective compliance program, exposing structural weaknesses. One of the most common gaps we see is Financial Institutions without clear and consistent understanding or definitions for “cannabis” or a “cannabis-related business.” Institutions should clearly:

  1. Differentiate between types of CRBs and Tiers (see our blog Defining "Cannabis-Related Business": An Update to Defining "Marijuana-Related Business" for details); and,
  2. State which segments they will and will not do business with.

Not doing so results in unclear or incomplete policies and inconsistent procedures, increasing regulatory and examination risk. Given the size and extent of the cannabis industry, it is also increasingly unrealistic and unbelievable to claim to have a “no cannabis” policy.

Second, incorporate some “easy wins.” For example, you could add a cannabis-related question on your application documents and/or as part of your annual customer review as standard practice (be prepared for potentially vague answers). A CRB may obscure its true nature, but by asking them the question, you (1) show an intent to examiners; (2) have positive defense should a CRB be less than truthful; and (3) avoid opening undesired cannabis-related accounts.

Third, be aware of red flags, as outlined under FinCEN’s Marijuana-Related Guidance. FIs must be wary of businesses attempting to disguise funds derived from marijuana-related activity and, specifically, the commingling of funds with the personal accounts of business owners, managers (ie, generally, “beneficial owners”) and/or “seemingly-unrelated businesses” (ie, what CRB Monitor deems “1B” CRBs). Also, Financial Institutions that knowingly serve MRBs need to have a thorough understanding of clients’ UBOs and changes to ownership. With over 36,000 Tier 1A MRBs, 2,000 Tier 1B MRBs, and 67,000 UBOs in our database, CRB Monitor can quickly and effectively help you to identify relationships.

The fourth step relates to the nature of CRB licensing. Generally, the main License Attributes to consider are:

  • Medical vs Recreational Classification (sometimes, one license is for both Medical and Recreational purposes).
  • Status: Pre-licensed (an applicant or selected to move forward in a licensing process, but not yet “Active”); Active; and Inactive (revoked or suspended license).
  • License Type: CRB Monitor currently standardizes hundreds of reported state License Types into 16 categories (Cultivation, Processing, Dispensary, Delivery, etc.).

Simply put, trying to categorize a CRB as simply “a medical dispensary with an Active license in such-and-such state” is increasingly difficult and inaccurate. Tier 1A (licensed) CRBs can have multiple licenses, of different medical/recreation classes, different types, and different statuses in multiple states. California alone has 3 State Licensing Agencies and nearly 40 types of licenses — both medical and recreational! CRB Monitor tracks over 100,000 marijuana licenses from 70+ Licensing Authorities to help marijuana-friendly FIs do just this. Financial Institutions that choose to bank CRBs must understand med/rec class and types, while diligently monitoring status for negative actions (revoke, suspended).

The fifth, and final, step in the identification and monitoring process is the unravelling of potential beneficial ownership or holding entities (ie, Tier 1Bs). As with any other area of compliance, it is critical to identify both direct and indirect ownership structures to fully assess the risk to your FI. Ensure a two-pronged approach by identifying both economic owners and controlling persons, linking any shared commonalities. Be prepared, however, as extra research is often necessary to unravel potentially opaque and complex corporate structures. Very often, this level of beneficial ownership detail, while “public information,” is not readily available. Extra research, public records requests and/or manual review and scraping of documents like marijuana license applications is necessary to extract the information.


Whether your business is looking to bank or avoid CRBs, identifying them in a well-defined and consistent manner allows you to make fully-informed decisions on new revenue streams while reducing your overall risk. Having access to the right information to facilitate this process provides clarity and certainty to drive your business objectives forward, whatever they may be.

With over 36,000 Tier 1 MRBs, 67,000 UBOs and 106,000 marijuana licenses, all linked together in a cloud-based relational database, CRB Monitor offers financial institutions the most comprehensive and detailed platform covering cannabis industry participants to achieve and exceed regulatory expectations.

Contact us today to explore how we can simplify your cannabis compliance challenges.

The information provided herein presents general information and should not be relied on as legal advice. If you have specific questions regarding a particular fact situation, please consult with competent legal counsel about the facts and laws that apply. 

Most Popular

Subscribe For Updates

Explore how CRBMonitor can simplify your cannabis-related compliance challenges.