RESOURCES | Blog | Cannabis Banking | Marijuana Banking

NCUA Issues Consent Order Explicitly Citing Marijuana-Related BSA/AML Violations


On February 22, 2021, the National Credit Union Administration (NCUA) issued a consent order to Live Life Federal Credit Union, located in Fraser, Michigan. The credit union markets itself as a cannabis depository institution and doubled in asset size in 2019 after offering services to marijuana-related businesses (MRBs). The consent order is the first enforcement action issued by any U.S. regulatory agency against a financial institution that explicitly cites Bank Secrecy Act/anti-money laundering (BSA/AML) violations related directly to marijuana. 

Other Marijuana-Related Consent Orders


While the Live Life FCU consent order is the first to specifically implicate a depository institution for poor marijuana-related risk management, the Federal Deposit Insurance Corporation (FDIC) has previously issued two consent orders that are indirectly related to inadequate marijuana policies and procedures.  

In 2016, the FDIC cited Millennium Bank, of Chicago, IL for “unsafe or unsound banking practices and violations of law or regulation alleged to have been committed by the Bank, including those related to the Bank Secrecy Act.” The order required the bank to improve the BSA/AML compliance program with additional staffing and training, expanded customer due diligence procedures, and enhanced monitoring and reporting of suspicious activity. Insiders claim, “While the consent order never mentioned marijuana, a source familiar with the matter said that the agreement stemmed from the bank's involvement in serving pot businesses.”  

Additionally, in 2020, Parke Bank of Sewell, NJ was also issued a consent order by the FDIC for similar BSA/AML violations. Parke Bank is a known MRB bank and its parent company, Parke Bancorp, is publicly traded. The company’s 2020 third quarter 10-Q states:

“September 30, 2020 and December 31, 2019 deposit balances from cannabis customers were approximately $269.1 million and $129.2 million, or 16.9% and 9.6% of total deposits, respectively, with two customers accounting for 15.0% and 13.6% of the total at September 30, 2020 and December 31, 2019. At September 30, 2020 and December 31, 2019, there were cannabis-related loans in the amounts of $8.5 million and $5.5 million, respectively. We recorded approximately $346,000 and $134,400 of interest income in the nine months ended September 30, 2020 and 2019, respectively, related to these loans.” 

Again, while the FDIC’s order does not explicitly mention “cannabis” or “marijuana,” many consider the BSA/AML weaknesses addressed within the order as specifically related to these higher risk customers and services, with some language appearing to be lifted near-verbatim from FinCEN’s 2014 Marijuana-Banking Guidance.

Stipulations of the Most Recent NCUA Order

The consent order issued to Live Life FCU includes seven terms and requirements with specific mandatory actions, as follows:

  1. Implement a compliance and suspicious activity monitoring system that “supports compliance with FinCEN requirements for [MRBs].” This includes:
    1. Reconciliation of MRB accounting data relative to member deposits
    2. Ongoing monitoring of adverse public information affecting MRBs
    3. Timely verification of MRB licensing status and any lapses in state licensure
    4. Systematic monitoring of MRB Automatic Clearing House (ACH) and wire activity
    5. Monitoring compliance with FinCEN guidance such as “red flags” noted in FIN-2014-G001: "BSA Expectations Regarding Marijuana-Related Businesses."
  2. Engage a third party to validate the bank’s SARs monitoring system.
  3. Immediately file all SARs as required. “Develop and implement a system to ensure all SARs are filed accurately, completely, and on time by March 31, 2021.”
  4. Immediately file Currency Transaction Reports (CTRs) as required and develop and implement a system to ensure CTRs are filed accurately and in accordance with regulatory requirements.
  5. Immediately cease opening new MRB accounts.
  6. Cease the bank’s Money Services Business (MSB) program by March 15, 2021, including suspending transactional activity on existing MSB accounts.
  7. Engage a third party to review all previous MSB activity to identify any additional suspicious activity warranting a SAR by March 15, 2021, ensuring that the criteria outlined in FIN- 2019-A003, "Advisory on Illicit Activity Involving Convertible Virtual Currency" is evaluated. File any SARs recommended by the third party.

The requirements outlined in the consent order will require the credit union to halt major services to its members and bear a significant amount of expenses to improve the BSA/AML program to meet the requirements of the order.

How Financial Institutions Can Avoid Similar Enforcement Actions

Evidently, regulators did not consider this credit union to have effective risk management systems in place to sufficiently address the increasing risks associated with its recent expansion of cannabis banking services. A robust BSA/AML compliance program is critical for any financial institution, particularly those that cater to high-risk customers, such as MRBs.  

Whether or not a bank willingly offers products and services to MRBs, regulators expect strong due diligence practices that appropriately measure and monitor risk exposures of each customer.  Among other features, CRB Monitor offers ongoing monitoring of adverse media, licensing status, and FinCEN “red flags” to specifically address several terms of this consent order. Moreover, our software implementation process helps ensure that users can access the full benefits of the platform beyond simply screening for known MRBs, like other software providers. CRB Monitor’s unique product offers due diligence and monitoring on unknown MRBs and identifies several of FinCEN’s “red flags,” such as: 

  • Excessive commingling of funds with the personal account of the business’s owner(s) or manager(s), or with accounts of seemingly unrelated businesses.
  • A customer seeks to conceal or disguise involvement in marijuana-related business activity. For example, the customer may be using a business with a non-descript name (e.g., a “consulting,” “holding,” or “management” company) that purports to engage in commercial activity unrelated to marijuana but is depositing cash that smells like marijuana.
  • Review of publicly available sources and databases about the business, its owner(s), manager(s), or other related parties, reveal negative information, such as a criminal record, involvement in the illegal purchase or sale of drugs, violence, or other potential connections to illicit activity.
  • The business, its owner(s), manager(s), or other related parties are, or have been, subject to an enforcement action by the state or local authorities responsible for administering or enforcing marijuana-related laws or regulations.

Financial institutions that implement comprehensive customer due diligence and monitoring systems can ensure that the overall risk exposure is commensurate with the risk profile of the organization and adjust risk management practices accordingly. Doing so can avoid any control weaknesses, and ultimately prevent added regulatory scrutiny and enforcement actions.

Is your compliance program backed by comprehensive data on the cannabis industry? Do you have access to reliable information about MRBs to determine your firm’s level of risk exposure? Read more on our blog: You Don’t Know Pot: 5 Fundamentals to Understanding, Identifying, and Monitoring for CRBs. Or visit our website to request more information and get in touch with our team.

The information provided herein presents general information and should not be relied on as legal advice. If you have specific questions regarding a fact, please consult with competent legal counsel about the facts and laws that apply.

Most Popular

Subscribe For Updates

Explore how CRBMonitor can simplify your cannabis-related compliance challenges.