Compliance Blog

The National Credit Union Administration (NCUA) recently published an administrative order against Live Life Federal Credit Union, a small federal credit union based in Michigan. The order states NCUA believed there were grounds to initiate a cease and desist action, and that Live Life – which wished to avoid the “time, cost, and expense” of administrative litigation – consented to the cease and desist order without admitting to any compliance violations or other grounds the NCUA believed to exist. While the order does not provide any specific factual allegations, the actions it requires Live Life to take could hint at possible deficiencies found by regulatory examiners.

Some context could be helpful here: In 2018, Michigan voters legalized marijuana for recreational use. NCUA’s cease and desist order instructs Live Life to take a number of actions regarding their marijuana relates business (MRB) programs and policies, hinting that NCUA may have found deficiencies with Live Life’s compliance regarding that topic. This is notable, as it is the first NCUA enforcement action regarding marijuana related businesses (MRBs) and shows NCUA will be taking a serious look at MRB policies, procedures and practices during Bank Secrecy Act (BSA) examinations.

Serving MRBs can be complicated. Even though marijuana has been legalized at the state level for medicinal or even recreational use in a growing number of states, marijuana remains a schedule I drug under the federal Controlled Substance Act, meaning possession, cultivation, sale or other activities relating to marijuana remain illegal at the federal level.

In 2014, the Financial Crimes Enforcement Network (FinCEN), published guidance FIN-2014-G001,  describing expectations for Bank Secrecy Act (BSA) compliance for financial institutions that choose to provide services to MRBs. With regards to federally-insured credit unions (FICUs), NCUA has supervisory authority and will examine FICUs for BSA compliance, including for compliance with FinCEN’s MRB guidance. In the cease-and-desist order, Live Life agreed to take certain actions – some of which track closely to the expectations set by FinCEN in the 2014 guidance. In addition to agreeing to “immediately cease opening new MRB accounts,” Live Life also agreed to the following:

Reporting Requirements

Live Life agreed to “[i]mmediately file all Suspicious Activity Reports (“SARs”)”, including initial MRB SARs and continuing activity SARs. Live Life also agreed to “[d]evelop and implement a system to ensure all SARs are filed accurately, completely, and on time.”

The 2014 FinCEN guidance includes a discussion of SAR filing requirements for credit unions that serve MRBs. Because marijuana is illegal at the federal level, transactions using funds from an MRB would necessarily involve the proceeds of criminal activity, which means filing a SAR could be appropriate. The guidance identifies three types of SARs for MRBs. The “Marijuana Limited’ SAR is for MRBs that the credit union believes are in compliance with state law and which do not implicate any of the priorities listed in the Department of Justice’s Cole Memo (those priorities are also listed in the FinCEN guidance). The “Marijuana Priority” SAR is for MRBs that the credit union feels is either not in compliance with state law, or which implicates a Cole Memo priority. The third type of SAR is a “Marijuana Termination” SAR, which is required when a financial institution ends its relationship with an MRB. It should be noted, however, that federal credit unions must follow the formal process for expulsion described in the Federal Credit Union Act before expelling a member, so the “Marijuana Termination” SAR may be used less frequently by credit unions than it would be by banks or other institutions.

The 2014 FinCEN guidance also notes a credit union should review the MRB’s activity every 90 days and file a continuing activity SAR if the conduct continues. Given that marijuana-related activity is central to the business-model of MRBs, credit unions would likely have to file continuing activity SARs throughout the length of the member relationship with the MRB.

Live Life also agreed to “[i]mmediately develop and implement a system to ensure all Currency Transaction Reports are filed accurately…” FinCEN regulations require a credit union to file a currency transaction report (CTR) for any transactions in currency (i.e. cash) exceeding $10,000 in a single day.  The 2014 guidance explains credit unions must file CTRs for MRBs as they would for any other member, and also notes MRBs are ineligible for an exemption from CTR filing requirements.

Automated Monitoring

Live Life agreed to “Implement an automated system to effectively monitor and identify all transaction for suspicious activity” as required by section 1020.210(a)(2)(v)(B) of the FinCEN regulations. At a minimum, the order states the suspicious activity monitoring program must include:

1. Reconciliation of MRB Point of Sale, METRC, or accounting system data relative to member deposits.
2. Ongoing monitoring of adverse public information affecting MRBs.
3. Timely verification of changes in licensure status, including notification of a lapse in an MRB's state licensure.
4. Systematic monitoring of unusual Automated Clearing House or wire activity for MRB accounts.
5. Monitoring of FinCEN "Red Flags" outlined in FIN-2014-G001, "BSA Expectations Regarding Marijuana-Related Businesses."

Live Life also agreed to work with a third party to validate their automated compliance and suspicious activity monitoring system, which will be done simultaneously with the implementation of the system.

Money Services Business Program

Live Life agreed to cease their Money Services Business (MSB) program, including suspending any transactional activity on existing MSB accounts. They also agreed to engage a “qualified third party” to review their MSB activity and to file any SARs recommended by the third party. In particular, the order states the third party should evaluate the criteria laid out in FinCEN’s 2019 Advisory on Illicit Activity Involving Convertible Virtual Currency. That advisory describes money laundering and terrorist financing risks posed by convertible virtual currency (CVC) and 30 red flags which could indicate abuse of CVCs.

Unfortunately, the cease-and-desist order does not provide any specific factual allegations that could provide a guide for other credit unions regarding which specific practices the NCUA found objectionable. However, credit unions that serve MRBs and which deal with CVC may want to review their compliance programs, policies and procedures to determine if they are compliant with FinCEN’s and NCUA’s guidance on those topics.

Credit unions that would like to learn more about the topic of marijuana banking may want to read NAFCU’s December 2020 Issue Brief on the subject, or this Frequently Asked Questions document.