Schedule a Demo

Discover how solutions from Shield Compliance can power, protect, and scale your cannabis banking program.

Expert advice for compliant cannabis banking programs, straight to your inbox.

Defining Cannabis Customers

CRB Monitor’s Steve Kemmerling discusses the tiering system he created to help financial institutions define, measure, and mitigate marijuana-related banking risk.


With the growth of legal medical and recreational cannabis programs across the U.S., a well-developed playbook has emerged which can help financial institutions bank the cannabis industry more efficiently and effectively. A key component of this playbook centers on the policies and procedures banks and credit unions should adopt to ensure they are banking cannabis-related businesses (CRB) safely and compliantly.


But what exactly is a CRB? According to Steve Kemmerling, the founder and CEO of CRB Monitor, “because most institutions have not clearly defined ‘cannabis-related business,’ they may have unclear or incomplete policies and procedures that can lead to inconsistent interpretation and implementation.” We recently talked to Steve about the tiering system he developed to help financial institutions define, measure, and mitigate marijuana-related banking risk.



What is the CRB tiering framework, and why did you create it?



Steve Kemmerling (SK): I started CRB Monitor back in 2014 to help financial institutions comply with FinCEN guidance which recommends using publicly available information on CRBs to understand their nature, their licensing, their ownership, and other aspects of the business. As I was building out our corporate intelligence database, it became clear that there was no “one-size-fits-all” definition of ‘marijuana-related business.’


Whether you are serving or planning to serve the cannabis industry or have decided not to, it is essential for financial institutions to understand the relationship their customers have with the industry. Not only are there compliance implications related to this, but it can also influence how the financial institution markets its products and services. The tiering system I introduced in 2015 and have subsequently updated categorizes CRBs into three risk-based tiers depending on the degree to which they touch marijuana and interact with other CRBs.



Can you give us an overview of the three tiers?



SK: While we’re talking about CRBs, financial institutions should understand the different forms of cannabis – namely marijuana, hemp, and cannabidiol (CBD) because each segment has its own legal and regulatory differences. I created the tiering framework with marijuana-related businesses in mind, but it also generally applies across all types of cannabis-related businesses.




With that context, Tier 1 CRBs are plant-touching, and they are licensed, encompassing seed-to-sale supply chain, cultivation, processing, and manufacturing. I include the whole ecosystem from testing, wholesaling, delivery, and retail as Tier 1.


Tier 2 companies are explicitly focused on providing products and services to Tier 1 CRBs and the marijuana industry in general. This could include companies that provide cannabis packaging and supplies, accounting, marketing, and other professional services, training, software, etc.


Unlike Tier 2 companies, Tier 3 companies derive only “incidental” revenue from selling to Tier 1 CRBs, with the significant difference being the relative portion of the company’s revenue coming from these activities. Think Home Depot, or a telco, or the water company, for example.



How should financial institutions apply this framework in their compliance programs?



SK: The most important thing I try to convey to financial institutions is that it is increasingly hard to know if you are inadvertently banking the cannabis industry. I had a BSA officer swear to me that there was no way her credit union was serving CRBs. However, when they screened their member portfolio against our data, they found about eight accounts where a member used their personal account to move marijuana-related proceeds. The members likely didn’t disclose this because they didn’t want to pay fees or do the due diligence. This happens every day at many, if not most, banks and credit unions in the U.S.


I see it as a definitional problem. Without clear, well-defined policies, you can’t have clear, well-defined procedures. Once a financial institution has agreed-upon definitions in place, it can then create a risk matrix that informs what products and services it may or may not extend to any given customer.



How do you see potential changes at the federal level impacting this guidance?



SK: It depends on what type of federal reform we’re talking about, whether it’s the SAFE Banking Act, the MORE Act, the STATES Act, or any of the half dozen other bills that have been proposed. But ultimately, I don’t think any version of federal legalization changes any of the logic. I’ll use marijuana-related businesses, to be specific. They will very likely still be perceived as high-risk, heavily regulated businesses. There may still be uncertain regulatory expectations, and you’ll still need KYC, enhanced due diligence, and you may still be required to file SARs. What could change is that the regulatory expectations will finally be codified and clarified, creating greater clarity for financial institutions regarding what they need to do to be compliant and have some legal safe harbor.



I always say there must be a clear business reason to get involved in this industry because it takes a lot of work to have an effective and compliant program. What final thoughts would you offer to financial institutions that may be on the fence about serving this industry?



SK: First, I can’t underscore enough the importance of understanding the types of businesses operating in this industry and having a firm grasp of the basic terminology. But it is also important for financial institutions to know that they don’t have to go it alone. There are many excellent databases, compliance platforms and tools, and professional services available now to help financial institutions understand, identify and monitor risk, manage the new customer onboarding and underwriting process, and maintain compliant cannabis banking programs. I wouldn’t say the industry isn’t less complex than it was five years ago, but there are far more resources available to help financial institutions succeed in this fast-growing industry.






Partnering with experts to inform board members, assess risk, and evaluate and implement compliance technology will help financial institutions create the foundation for an effective and competitive cannabis banking program.