The WayBack Machine … and the Marihuana Problem in New York (circa 1944) – updated with the OFAC Fentanyl Drug Trafficking Organization Designation of August 21, 2019

One of the greatest investigative tools available today is the Internet Archive, a “non-profit library of millions of free books, movies, software, music, websites, and more” – https://archive.org/. The best tool in this online library is the WayBack Machine. It is described as follows:

The Internet Archive has been archiving the web for 20 years and has preserved billions of webpages from millions of websites. These webpages are often made up of, and link to, many images, videos, style sheets, scripts and other web objects. Over the years, the Archive has saved over 510 billion such time-stamped web objects, which we term web captures.

We define a webpage as a valid web capture that is an HTML document, a plain text document, or a PDF.

domain on the web is an owned section of the internet namespace, such as google.com or archive.org or bbc.co.uk. A host on the web is identified by a fully qualified domain name or FQDN that specifies its exact location in the tree hierarchy of the Domain Name System. The FQDN consists of the following parts: hostname and domain name.  As an example, in case of the host blog.archive.org, its hostname is blog and the host is located within the domain archive.org.

We define a website to be a host that has served webpages and has at least one incoming link from a webpage belonging to a different domain.

As of today, the Internet Archive officially holds 273 billion webpages from over 361 million websites, taking up 15 petabytes of storage.

Here’s an example of how the WayBack Machine can be used. In a federal criminal complaint unsealed on August 15, 2019 in the case of United States v Manish Patel (Eastern District of California, case no 19-MJ-0128), the affidavit supporting the complaint provided that the defendant had business cards that showed he was the CEO of The Sentient Law Group PC in New York City, but the website for that entity – http://www.sentientlawgroup.com – as accessed on August 5, 2019 did not show him as CEO.  But by simply typing that URL into the WayBack Machine’s search bar you find every instance of that website that was captured by the WayBack Machine. Viewing the first and last captures (on April 13, 2017 and February 12, 2019) shows the defendant Patel as the CEO, his practice focus areas (including cannabis law, which is ironic given that Patel was charged with multiple counts involving possession with intent to distribute marijuana).  This tool is particularly helpful in online child pornography cases, where defendants move and change websites, and was instrumental in a number of post-9/11 cases, where the English language Al Qaeda website changed dramatically after 9/11 … but its historical web pages remained accessible, thanks to the Internet Archive and its WayBack Machine.

OFAC Designation of the Zheng Drug Trafficking Organization – August 21, 2019

Another great example of the power of the WayBack Machine can be found in a series of federal criminal cases that culminated in OFAC designating the criminal defendants as Foreign Narcotics Kingpins. See the Treasury press release at https://home.treasury.gov/news/press-releases/sm756

One of those designated, Fujing Zheng, was indicted in federal court in Ohio in August 2018 (US v Zhang et al, Northern District of Ohio, case 18CR00474). In that 86-page indictment, the Government alleges that the Zhang organization used a website to market its illegal drugs – www.globalrc.net

What has happened to www.globalrc.net?

If you search for that URL today, you get the following:

As it shows, that domain has been seized by the DEA and is no longer accessible. But the WayBack Machine has captured and saved that website 65 times between April 8, 2009 and February 15, 2019:

And simply by selecting any of the 65 dates, you can access the captured website. An example is from January 6, 2017:

You can see the actual website used by the Zheng DTO back in 2017. A powerful investigative tool!

But there is more to be found on the Internet Archive. The twenty or so archived collections are incredible sources. Here is an example of a document from the “Journals” collection:


In 1944, Legendary New York Mayor F.H. LaGuardia commissioned a report to look into “The Marihuana Problem in the City of New York.” The forward is interesting. It provides:

“As Mayor of New York City, it is my duty to foresee and take steps to prevent the development of hazards to the health, safety, and welfare of our citizens. When rumors were recently circulated concerning the smoking of marihuana by large segments of our population and even by school children, I sought advice from The New York Academy of Medicine, as is my custom when confronted with problems of medical import.”

“The report of the present investigation covers every phase of the problem and is of practical value not only to our own city but to communities throughout the country. It is a basic contribution to medicine and pharmacology.”

“I am glad that the sociological, psychological, and medical ills commonly attributed to marihuana have been found to be exaggerated insofar as the City of New York is concerned. I hasten to point out, though, that the findings are to be interpreted only as a reassuring report of progress and not as encouragement to indulgence, for I shall continue to enforce the laws prohibiting the use of marihuana until and if complete findings may justify an amendment to existing laws. The scientific part of the research will be continued in the hope that the drug may prove to possess therapeutic value for the control of drug addiction.”

Try out the Internet Archive!

A Better Way to Fight Money Laundering – American Banker quotes Jim Richards and Others

Jim Richards was quoted in an August 2019 American Banker article titled “Is There a Better Way to Fight Money Laundering?” by Victoria Finkel. AB Link

The article is well-researched, well-written, and accurately and fairly makes the point that there are better ways to fight money laundering, but there are impediments. Like all articles, though, the editors are required to edit, and quotes are often trimmed to fit the flow, cadence, and tone of the article.

Below are the two quotes that are in the article. I’ll add the context for each.

“Everybody in the regime wants to try to make it more efficient and effective, but everybody’s got a different definition of efficient and effective,” said Jim Richards, the former global head of financial crimes risk management for Wells Fargo and the founder of RegTech Consulting.

What was not included in the article was the next sentence, where I stated that:

“The prudential regulators are focused on safety and soundness, or how we do our jobs: conducting risk assessments, writing policies and procedures, risk rating and performing due diligence on our customers, documenting and validating the models developed for monitoring transactions, and documenting the reasons why we don’t file a suspicious activity report. Law enforcement, on the other hand, is focused on how well we do our jobs: providing timely, actionable intelligence to law enforcement in order to fight financial crime. And since it is the regulators, not law enforcement, that are examining us, our focus is rightly on compliance – how we do our jobs – and not on how well we provide intelligence to law enforcement.”

The article also quotes Greg Baer of the Bank Policy Institute, who has this take on the dilemma of being examined on how we do our jobs, not on how well we do our jobs:

“The examiners who determine compliance are not allowed to know, in all but rare cases, what becomes of the suspicious activity reports that are filed,” Baer of the Bank Policy Institute said. “So that compliance rating is driven far more by things like, are there written policies and procedures, has there been strict one hundred percent adherence to those policies and procedures, rather than the efficacy of the SARs that are filed. What that leads to is, AML is examined much the same way as any other function — through a check-box kind of approach,” Baer said. This in turns shifts the balance with regard to bank priorities, with compliance becoming the main focus. That includes an over reliance on defensive SARs and a fixation on minutiae, according to industry experts.”

John Byrne, a long-time industry expert, is also quoted:

“We have these laws for one reason and one reason alone — and that’s to get valuable data and information in the hands of law enforcement, so there can be a reaction,” said John Byrne, an expert on anti-money-laundering issues and vice chairman of AML RightSource. “When regulators are criticizing banks for being a couple of days late in a filing or putting a company on a cash reporting exemption list by error, that’s a problem.”

The next Richards quote deals with the lack of actionable feedback on the reports that are being filed:

“What the CFOs and the CEOs are saying is, what are we getting for all this money we’re pumping into the AML/BSA regime?” said Richards, the former Wells Fargo executive. “Can we produce fewer alerts and have it cost less and investigate fewer cases and file better SARs? The answer to that is maybe — but we don’t know what a better SAR is.”

We don’t know what a better SAR is because the feedback SAR filers get from regulators, law enforcement, and FinCEN is scattered and ad hoc, at best, and non-existent, at worst. I have written about the need for feedback through what I have called TSV SARs, or Tactical or Strategic Value SARs, on multiple occasions. See, for example, https://regtechconsulting.net/money-laundering-terrorist-financing-general/fincens-fy2020-report-to-congress-reveals-its-priorities-and-performance/

The American Banker article has some other excerpts that deserve mention. First is an estimate of the amount of illicit funds in the US financial system:

“The United Nations Office on Drugs and Crime estimates that as much as $2 trillion is illegally laundered around the world each year — while law enforcement reportedly catches less than 1% of that. As much as $300 billion in illicit funds make their way through the U.S. financial system in a given year, according to the Treasury Department.”

The estimate of the amount of illicit funds flowing through the US financial system is close to the amount of illicit funds reported by SAR filings!

In 2018, banks and credit unions filed ~975,000 SARs. Based on some empirical data and some conversations with BSA Officers, the average depository institution SAR reports ~$245,000. In 2018, MSBs filed ~875,000 SARs. Those average about $36,000. “Others” filed another $275,000 SARs, and I’ll guess that those averaged ~$50,000. The total? Almost $300 billion. And that doesn’t include a percentage of the 18 million Currency Transaction Reports: if the average CTR reported $20,000 and 20% of the CTRs involved illicit funds, that would add another $70 billion being reported by financial institutions. So it may not be a reporting issue at all.

So, financial institutions are reporting over $300 billion in potential illicit funds flowing through the US financial system every year. But what percentage of the total flow of funds is illicit? Based on excerpts from the 2015 and 2018 US National Money Laundering Risk Assessments, the total annual flow of funds through the two main wire transfers systems (Fedwire and CHIPS), ACH, debit cards, and cash is about $2 quadrillion dollars. So the illicit funds flowing through the US system represent about 0.0001% of the total funds. Interesting …

A second excerpt that caught my eye is the following:

“… broad AML legislation recently introduced by a bipartisan group of senators — Mark Warner, D-Va., Doug Jones, D-Ala., Tom Cotton, R-Ark., and Mike Rounds, R-S.D. — would require the Department of Justice to report annually on how frequently law enforcement agencies use Bank Secrecy Act reporting as part of their investigations.”

What is interesting is that while it would be great to have a new law to compel the Justice Department to report annually on how law enforcement is using BSA reports, there already is a law that compels the Treasury Department to report semi-annually on how law enforcement is using BSA reports, and it is not being enforced! Take a look at the USA PATRIOT Act’s section 314(d). Once again, I’ve written about this: https://regtechconsulting.net/aml-regulations-and-enforcement-actions/sar-feedback-what-ever-happened-to-section-314d/

Hopefully, this well-researched, well-written American Banker article will be well-received by everyone who has an interest in seeing the US BSA/AML regime become more effective, more efficient, and better serve the global, national, and local financial systems and financial institutions as we continue the fight against financial crime.

Is the Clinical Cannabis Catch-22 Coming to Closure?

The Scottsdale Research Institute case may be a significant step forward in the normalization of cannabis. And it may address one of the most vexing clinical cannabis catch-22 situations there is today.

Schedule I of the Controlled Substances Act lists drugs that are both harmful and have no currently accepted medical use. Marijuana or cannabis was included in Schedule I since the passage of the Controlled Substances Act in 1970, and has remained there, notwithstanding great public, political, and other pressure to reschedule or even deschedule it.

Congress has the ability to reschedule marijuana. Let’s assume that they’re not prepared to act anytime soon: that would take courage and compromise, two things that appear to be lacking in this Congress. But the DEA also has the ability to reschedule marijuana, but it has not done so, and various DEA publications have indicated that it won’t do so because of a dearth of clinical trials demonstrating currently accepted medical use, or medical efficacy. One of the reasons for the dearth of clinical trials is a lack of availability of approved research-grade cannabis. Under the Controlled Substance Act, the DEA controls who gets to product cannabis for clinical trials. Currently, there is one such approved facility, the University of Mississippi. And the cannabis produced by that facility is, by most accounts, not very good (the picture here is from the Scottsdale Research Institute court filing, mentioned below). So why aren’t there more facilities approved to grow cannabis for medical research?

The DEA controls that, too. From 1970 (when the CSA was passed and cannabis was included in Schedule I), dozens of applications to produce cannabis for medical research were filed, and none were approved. In late 2015 a federal law was passed that compelled the DEA to act on these applications – to approve or deny them – within 90 days. Again, dozens of applications have been filed. And none have been acted on.

An interesting case is now before the US Court of Appeals (District of Columbia) called In re: Scottsdale Research Institute, LLC, District of Columbia Court of Appeals, case No. 19-1120, where a medical research company is seeking to compel the DEA to act on its application to produce pharmaceutical-grade cannabis. The facts are important …

A doctor in Arizona, Dr. Suzanne Sisley, has the necessary federal approvals to run a clinical trial to determine whether cannabis is effective in treating veterans’ PTSD (as Dr. Sisley writes in her Declaration supporting the petition, she “struggled for seven years [from 2009 to 2016] to get approval from four different federal agencies to conduct clinical trials of cannabis as a treatment for PTSD symptoms in veterans.”). But she cannot begin those trials without pharmaceutical grade cannabis, which the only approved supplier cannot provide. In 2016 she (actually, her company and the appellant in this case, Scottsdale Research Institute, LLC, or “SRI”) submitted an application to grow her own cannabis for her clinical trials, but the DEA hasn’t acted on that application, notwithstanding the law that says it has to. Without pharmaceutical-grade cannabis to run her FDA-approved clinical trials, she was stuck. This petition, called a Writ of Mandamus, was brought to compel the DEA to act. Notably, the Writ of Mandamus does not seek to compel the DEA to grant the application to produce cannabis for research: as SRI writes in its petition, “mandamus here will not divest the agency of its discretion. It simply allows the process contemplated by the statute to begin, not end. The agency still maintains discretion to deny or delay the application.”

So let’s sum up:

  • The DEA won’t consider rescheduling cannabis without clinical trials.
  • Clinical trials require approved, pharmaceutical-grade cannabis.
  • The DEA decides who produces pharmaceutical-grade cannabis.
  • The only DEA-approved producer of pharmaceutical-grade cannabis cannot produce pharmaceutical-grade cannabis.
  • Since 2016, the DEA has been required by law to either approve or reject applications to produce cannabis for medical research within 90 days of receiving the application.
  • The DEA has received dozens of applications from entities seeking to produce pharmaceutical-grade cannabis.
  • The DEA has neither approved nor rejected any of those applications in the 3+ years it has been compelled by law to do so.
  • SRI is bringing a federal court action to compel the DEA to consider its application.

As Dr. Sisley and SRI’s petition to the District of Columbia Court of Appeals provides:

“Millions of Americans believe cannabis holds the key to ending their pain and suffering, making the need for clinical trials acute no matter the outcome of SRI’s clinical trials. If those studies show that thirty-eight states (and counting), doctors, legislators, and the American public are all wrong—i.e., that cannabis lacks medical utility—then we must know this now. Those using cannabis to treat conditions like PTSD may be jeopardizing their health and welfare. But in the more likely alternative— i.e., SRI’s studies prove that cannabis has medical value—DEA’s delay inexcusably deprives combat veterans and others of a treatment option necessary to ease their pain. Either way, more delay is unconscionable.”

The Court of Appeals issued a preliminary ruling on July 29th regarding SRI’s June 11th petition: the DEA has 30 days to file a response, and SRI then has 14 days to file a reply to that response. Notably, after receiving SRI’s 284-page petition, the Court of Appeals has limited the DEA’s response to 7,800 words, and SRI’s reply to 3,900 words. (This article is 800 words long, by the way).

I doubt that clinical trials will prove that cannabis lacks medical utility – but whether something has medical utility isn’t really the question. Many non-approved, and unapprovable, products have some medical utility, but can’t be safely used as federally-approved medicines. Let’s allow the clinical researchers to do their jobs. Let’s allow – perhaps we need to compel – federal regulatory agencies to do their jobs. And wherever and however this comes out at the end, at least we will know what safe and appropriate medical uses there are for cannabis, or components of cannabis.

SAR Feedback? What Ever Happened to Section 314(d)?

Wouldn’t it be great if Treasury published a report, perhaps semi-annually, that contained a detailed analysis identifying patterns of suspicious activity and other investigative insights derived from suspicious activity reports (SARs) and investigations conducted by federal, state, and local law enforcement agencies (to the extent appropriate) and distributed that report to financial institutions that filed those SARs?

To get Treasury to do that, though, would probably require Congress to pass a law compelling it to do so.

Hold it. Congress did pass that law.  Almost 18 years ago. And, by all accounts, it’s still on the books. What happened to those semi-annual reports? When did they begin? If they began, when did they end?

Section 314(d) – Its Origins

What became 314(d) was introduced in the House version of what became the USA PATRIOT Act. The House version, the Financial Anti-Terrorism Act, was introduced on October 3, 2001. It was marked up by the House Financial Services Committee on October 11. The Senate version, originally titled the Uniting and Strengthening America Act, or USA Act, was introduced on October 4th and had sections 314(a) (public to private sector information sharing), 314(b) (cooperation among financial institutions, or private-to-private sector information sharing), and 314(c) (“rule of construction”). There was no 314(d) in that early version.

On October 17th, HR 3004, the Financial Anti-Terrorism Act, was passed by the House 412-1. Title II was “public-private cooperation”. Section 203 was:

“Reports to the Financial Services Industry on Suspicious Financial Activities – at least once each calendar quarter, the Secretary shall (1) publish a report containing a detailed analysis identifying patterns of suspicious activity and other investigative insights derived from suspicious activity reports and investigations conducted by federal, state, and local law enforcement agencies to the extent appropriate; and (2) distribute such report to financial institutions as defined in section 5312 of title 31, US code.”

The Senate and House versions were reconciled, and on October 23rd the House Congressional Record shows a consideration of what was then the USA PATRIOT Act. That version of the bill then included what had been section 203 and was now 314(d). It was the same, except instead of a quarterly report it was a semi-annual report (“at least once each calendar quarter” was changed to “at least semiannually”).

SAR Activity Review – Was That The Answer to 314(d)?

The ABA has written, and at least one former FinCEN employee has stated that the “SAR Activity Review – Trends, Tips, and Issues” was the response to 314(d). The SAR Activity Reviews were excellent resources. They contained sections on SAR statistics, national trends and analysis, law enforcement cases, tips on SAR form preparation and filing, issues and guidance, and an industry forum. The first SAR Activity Review noted that it was published under the auspices of the BSAAG, was to be published semi-annually in October and April, and was “the product of a continuing collaboration among the nation’s financial institutions, federal law enforcement, and regulatory agencies to provide meaningful information about the preparation, use, and utility of SARs.”  Although that certainly sounds like it is responsive to section 314(d), there is no reference to 314(d).

And the first SAR Activity Review was published more than a year before 314(d) was passed. Even the first SAR Activity Review published after the enactment of the USA PATRIOT Act and section 314(d) – the 4th issue published on July 31, 2002 – didn’t make any reference to 314(d). Beginning with the 6th issue of the SAR Activity Review, published in October 2003, the authors broke out the statistics from the “Trends, Tips & Issues” document and published a separate, and more detailed, “SAR Activity Review – By The Numbers”. The last SAR Activity Review (the 23rd) and the last “By The Numbers” (the 18th) were published on April 30, 2013. None of those forty-one publications referenced 314(d). After the SAR Activity Reviews stopped, FinCEN continued to publish “SAR Statistics”, and did so three times from June 2014 through March 2017.  For the last few years, FinCEN has maintained SAR Stats on its website – https://www.fincen.gov/reports/sar-stats  – that is updated on a monthly basis. Those statistics are useful, but cannot be thought of as “containing a detailed analysis identifying patterns of suspicious activity and other investigative insights derived from suspicious activity reports and investigations conducted by federal, state, and local law enforcement agencies to the extent appropriate”, quoting the 314(d) language.

Does Anyone Know What Happened to 314(d)?

I don’t have the answer to that question. Perhaps 314(d) is seen as satisfied by the accumulation of advisories, guidance, bulletins, etc., published by FinCEN and other Treasury bureaus and agencies and departments from time to time. Perhaps there is a Treasury Memorandum out there that I’m not aware of that provides a simple explanation. Perhaps not: most BSA/AML experts I speak with are not even aware of 314(d), and if the SAR Activity Review did satisfy the spirit and intent of 314(d), the last one was published more than six years ago. But everyone in the private sector BSA/AML risk management space has been clamoring for more feedback from law enforcement and FinCEN on the effectiveness and usefulness of their SAR filings. Perhaps a renewed (or any) focus on 314(d) is the answer.  The revival of 314(d) could give FinCEN the mandate they’ve been looking for to provide more valuable information to the private sector producers of Suspicious Activity Reports. We would all benefit.

One in Two Cannabis Dispensaries is Robbed or Burglarized? Perhaps not …

Are there any good studies on robbery and burglary rates of cannabis related businesses as compared to other businesses? Are cannabis related businesses robbed or burglarized at higher rates than other cash intensive businesses?

These questions may not be answered – I know I haven’t found good answers, and I have looked. Two written statements by the Credit Union National Association (CUNA) and American Bankers Association (ABA) provide two very different answers.

The Senate Committee on Banking, Housing, and Urban Affairs held a hearing on “Challenges for Cannabis and Banking: Outside Perspectives” on July 23, 2019. Both CUNA and the ABA had representatives provide written testimony and answers questions from the Senators. The written statement from the representative of CUNA included the following statement (which was picked up by one of the Senators during the question and answer session):

“A 2015 analysis by the Wharton School of Business Public Policy Initiative found that, in the absence of being banked, one in every two cannabis dispensaries were robbed or burglarized—with the average thief walking away with anywhere from $20,000 to $50,000 in a single theft.”

One in every two cannabis dispensaries is robbed or burglarized! That is a stunning statistic. Actually, it is really two statistics because of the significant difference between a burglary and a robbery. Without getting into legal minutia, burglary is entering into a structure or dwelling with the intent to commit a crime; robbery is taking something from a person using force, or the threat of force, to do it. Put another way, a burglary becomes a robbery if there is someone in the structure or dwelling and the perpetrator uses force or the threat of force to take something. Both are serious crimes, but robbery is much more serious than burglary, as it (the robbery) involves direct victims.

The written statement from the American Bankers Association included the following:

“In Denver, [the roughly 500] cannabis businesses make up less than 1% of all local businesses but have accounted for 10% of all reported business burglaries from 2012-2016. On average, more than 100 burglaries occur at cannabis businesses each year according to the Denver Police Department, and burglaries and theft comprise almost 80% of Denver’s cannabis industry-related crime.”

CUNA’s statement that one in every two cannabis dispensaries is robbed or burglarized caught me by surprise.  The ABA’s statement – that roughly one in five cannabis business is burglarized – seems more reasonable. Logically, if one in every two dispensaries was robbed or burglarized, there would be headlines. I can’t find them. So I looked into CUNA’s source for its one in two conclusion, what they called “the Wharton analysis.”

It doesn’t exist.

Here’s a link to the Wharton “analysis” … https://publicpolicy.wharton.upenn.edu/live/news/2214-cash-crime-and-cannabis-banking-regulations-in-an/for-students/blog/news#_edn2.

First, it is a 2017 student blog written by three students which bears the following disclaimer: “The views expressed on the Student Blog are the author’s opinions and don’t necessarily represent the Wharton Public Policy Initiative’s strategies, recommendations, or opinions.”

This November 20, 2017 student blog – not a Wharton Public Policy Institute publication at all – is titled “Cash, Crime, and Cannabis: Banking Regulations in an Illegal Market”. Under the heading “Risky Business”, the three student authors write:

“Not only are cash businesses conducive to tax manipulation, they also hurt many individuals, because of the risk of crime. In 2015, one in two cannabis dispensaries were robbed or burglarized, with the average thief walking away with anywhere from $20,000 to $50,000 in a single act [citation]. Mitch Morrissey, district attorney of Denver, notes a direct increase in crime cases related to the marijuana industry, and sees the reasoning behind the robberies stating: ‘You hit a 7-Eleven, you’ll get 20 bucks. You hit a dispensary, you’ll get $300,000 on a good day’ [citation].”

The citation the students provide is http://www.sivallc.com/the-growing-need-for-a-cannabis-dispensary-security-plan-infographic/

That page is no longer available. But the citation is not to an article or study, but simply to the infographic, which they label “Dispensary Security Infographic” and the source is shown as “Bubulyan Consulting Group”.  Bubulyan Consulting Group is actually Bulbulyan Consulting Group, which was the original name of Siva Enterprises. Avis Bulbulyan is the CEO of Siva Enterprises (www.sivallc.com).

I haven’t reached out to Mr. Bulbulyan to ask him where he obtained the data for the inforgraphic, but it appears that the source was an NBC news story from February 4, 2014 (available at https://www.nbcnews.com/storyline/legal-pot/high-crimes-robber-gangs-terrorize-colorado-pot-shops-n20111). That story includes the following:

“In 2009, the Denver Police Department estimated that about 17 percent of marijuana retail shops had been robbed or burglarized in the last year. That was good news: a bit less than liquor stores (20 percent) and banks (34 percent), and on par with pharmacies. Today, however, a darker picture has emerged. There are about 325 marijuana companies in Denver, based on an analysis of licensing data done for NBC News by Marijuana Business Daily, a leading trade publication. (Most companies hold numerous licenses.) At the same time, there have been about 317 burglaries and seven robberies reported by these companies in the last two years, according to police data. That’s an annual robbery and burglary rate of about 50 percent, more than double what it was in 2009. While a Denver Police spokesperson disputed these figures, the department doesn’t have its own.”

As written above, there is a significant difference between a burglary and a robbery. Using NBC’s numbers from its 2014 story, “that’s an annual robbery rate of about 1% and a burglary rate of about 49%.”

So what is the experience of law enforcement and the cannabis industry?

Colorado statistics seem to paint a very different picture

The City of Denver has an “Open Data” effort that includes marijuana-related crime (“crimes reported to the Denver Police Department which, upon review, were determined to have clear connection or relation to marijuana.”). It is available at County of Denver Marijuana Crime . That data suggests that marijuana-related business burglaries peaked in 2013 at 101, and dropped to 74 for the first eleven months of 2018. That suggests a burglary rate of 12% – 15%. Marijuana-related business robberies peaked in 2014 at 5: they recorded 1 such event in 2018. That rate is between 0.2% and 1%. Notably, these statistics are not comparing the marijuana-related crime rates with overall crime rates. It may well be that marijuana dispensaries are burglarized and robbed at roughly the same rate as other cash intensive businesses.

In an October 2018 report by the Colorado Division of Criminal Justice on organized crime cases in Colorado, the DCJ wrote “there has been concern that, due to the cash-only nature of the industry, robbery would be prevalent, but this has not been the case.” This seems in keeping with the 2014 NBC story that anecdotally suggests a robbery rate of 1% for cannabis dispensaries (in the Denver area).

Some research also suggests that the crime/cannabis nexus isn’t as strong as the anecdotes suggest, and in fact state-legal cannabis dispensaries may help reduce crime.

In a paper published in May 2018 “High on Crime? Exploring the Effects of Marijuana Dispensary Laws on Crime in California Counties” (http://ftp.iza.org/dp11567.pdf) the authors looked at violent and property-related crimes in California on a county-by-county level, and concluded that:

“The results suggest no relationship between county laws that legally permit dispensaries and reported violent crime. We find a negative and significant relationship between dispensary allowances and property crime rates, although event studies indicate these effects may be a result of pre-existing trends. These results are consistent with some recent studies suggesting that dispensaries help reduce crime by reducing vacant buildings and putting more security in these areas.”

Although this study doesn’t refer to robberies or burglaries at cannabis dispensaries, it seems logical that if those dispensaries were being robbed or burglarized at a rate of 50%, the study would have pointed that out.

A study published in the Journal of Preventive Medicine in March 2018 https://www.sciencedirect.com/science/article/pii/S0091743517305078 by university researchers funded by the Centers of Disease Control and Prevention looked at “the geography of crime and violence surrounding tobacco shops, medical marijuana dispensaries [MMDs], and off-sale alcohol outlets in a large, urban low-income community of color” using data from 2014. The abstract provides:

“Results indicated that mean property and violent crime rates within 100-foot buffers of tobacco shops and alcohol outlets—but not MMDs—substantially exceeded community-wide mean crime rates and rates around grocery/convenience stores (i.e., comparison properties licensed to sell both alcohol and tobacco) …”


There is no doubt that cash intensive businesses – bars, restaurants, convenience stores, casinos, cannabis dispensaries – are more likely to suffer burglaries and/or robberies than those businesses that are not cash intensive. And it seems logical that cannabis dispensaries, which struggle to get and maintain banking relationships and are therefore more cash intensive than other businesses, and have a very valuable and largely untraceable product on their premises, are more likely to suffer burglaries and/or robberies at an even higher rate. But that combined rate is probably not 50%. It is probably closer to the ABA’s figure (from the Denver Police Department, apparently) of 20%, or even the County of Denver data that suggests a rate of 12% – 15%.  Regardless, public policy should be driven by accurately reported and cited information: citing a 2015 Wharton Business School study is very different than citing a 2014 NBC News report. Although the robbery rates and burglary rates may in fact be high, and the NBC News report accurate, we are all better served if the bases of our collective public policy decisions are known and accurate.

The Federal Government must step up and provide legislation, regulation, and regulatory guidance to the financial services industry so that cannabis businesses and cannabis related businesses can have access to the full suite of banking services – notably deposit accounts, cash management services, payroll services, merchant banking services, credit, and insurance. The SAFE Banking Act might be a good first step.

Business Email Compromise – New FinCEN Advisory and Trend Analysis

FinCEN has issued an updated advisory on Business Email Compromise (BEC) fraud schemes: FinCEN 2019 BEC Advisory . At the same time it issued a Financial Trend Analysis that provides some details on what FinCEN is seeing from the Suspicious Activity Reports on BEC schemes: BEC Trends

FIN-2019-A005 Updated Advisory on Email Compromise Fraud Schemes Targeting Vulnerable Business Processes (July 16, 2019)

This 2019 Advisory is 12 pages long, and supersedes the 2016 advisory: FinCEN 2016 BEC Advisory. Highlights of the 2019 Advisory can be summarized as follows:

Instances of BEC reported to FinCEN have climbed from averaging just under 500 reports per month (averaging $110 million monthly in total attempted BEC thefts) in 2016 to over 1,100 monthly reports (averaging over $300 million monthly in total attempted BEC thefts) in 2018. Since November 2016, financial institutions reported over 6,000 instances and over $2.6 billion in attempted and successful transactions affiliated with suspected money laundering activity through BEC schemes.

Three observed trends since the 2016 Advisory. First, a concentration of targeting of particular sectors: manufacturing and construction (25% of reported BEC cases), commercial services (18%), and real estate (16%). Second, the majority of BEC incidents (reported in the Trends Analysis at 73%) affecting U.S. financial institutions and their customers are increasingly involving initial domestic funds transfers, rather than international, likely taking advantage of money mule networks across the United States to move stolen funds. Third, the two most common impersonations – CEO and vendor – are trending in different directions: CEO impersonations are trending down (from 33% of reported incidents in 2017 to 12% in 2018), and vendor impersonations are trending up (from 30% of incidents in 2017 to 39% in 2018, becoming the most common BEC method). FinCEN also noted that the average transaction amount for BECs impersonating a vendor or client invoice was $125,439, compared with $50,373 for impersonating a CEO.

A BEC scheme’s probability of success and the potential payout from fraudulent payment instructions often depends on (1) the criminal’s knowledge of their victim’s normal business processes by leveraging publicly available information about the victim organization’s vendors, contracts, and business processes, and (2) weaknesses in the victim’s authorization and authentication protocols.

In this 2019 Advisory, FinCEN broadens its definitions of email compromise fraud activities to clarify that such fraud targets a variety of types of entities and may be used to misdirect any kind of payment (not just wire transfers) or transmittal of other things of value. While many email compromise fraud scheme payments are carried out via wire transfers (as originally stated in the 2016 BEC Advisory), FinCEN has observed BEC schemes fraudulently inducing funds or value transfers through convertible virtual currency payments, ACH transfers, and purchases of gift cards.

The 2019 Advisory also expands the types of victims beyond commercial businesses. FinCEN analysis has indicated criminal groups use a variety of techniques to conduct BEC fraud against individuals, particularly and increasingly those with high net worth, and entities that routinely use email to make or arrange payments between partners, customers, or suppliers. Targets of these schemes fall outside of the definition of traditional business customers, such as government entities and non-profit organizations or even the financial institutions themselves.

Footnote 7 provides that “The definitions of email compromise fraud, BEC, and EAC supersede the definitions in the 2016 BEC Advisory.” Those definitions are (and the red font indicates changes from 2016):

Email Compromise Fraud: Schemes in which 1) criminals compromise[1] the email accounts of victims to send fraudulent payment instructions to financial institutions or other business associates in order to misappropriate funds or value; or in which 2) criminals compromise the email accounts of victims to effect fraudulent transmission of data that can be used to conduct financial fraud. The main types of email compromise, the definitions of which have been modified to reflect the expansion of victims being targeted, include:

Business Email Compromise (BEC): Targets accounts of financial institutions or customers of financial institutions that are operational entities, including commercial, non-profit, nongovernmental, or government entities.

Email Account Compromise (EAC): Targets personal email accounts belonging to an individual.

BEC Fraud against Governments – BEC frauds have targeted accounts used for pension funds, payroll accounts, and contracted services. Schemes against government victims are consistent with other common typologies in BEC fraud. BEC schemes targeting government entities also often include vendor impersonation.

BEC Fraud against Educational Institutions – In 2016, financial institutions reported to FinCEN over 160 incidents of BEC targeting educational institutions where criminals attempted to steal over $50 million. The education sector has the largest concentration of high-value BEC attempts in financial sector reporting, even though only approximately 2% of BEC incidents affected educational institutions in 2017. Schemes against educational institutions frequently involve vendor impersonation. Attackers use authentic-looking payment requests to direct funds to domestic bank accounts they control. Large-scale construction and renovation projects have repeatedly been targets of high-dollar thefts.

BEC Fraud against Financial Institutions – In some cases, BEC actors directly target the financial institutions themselves. This scheme typically involves spoofing bank domains and sending what appear to be credible messages to imitate official communications between bank employees, such as sending emails that appear to be from a financial institution’s SWIFT (wire operations) department with payment instructions and SWIFT reference numbers in the email text to enhance its apparent legitimacy to the victim.

Information Sharing – The 2019 Advisory encourages financial institutions to use 314(b) to share information. FinCEN points out that many beneficiaries of BEC schemes play roles in larger networks of criminal activity and laundering of funds from illicit activity (“FinCEN encourages financial institutions to share valuable information about BEC beneficiaries and perpetrators, for purposes of identifying and, where appropriate, reporting activities that they suspect may involve possible terrorist activity or money laundering.”).

The 2019 Advisory includes a section on information for US financial institutions (which supersedes the 2016 advisory):

Risk Management Considerations – In determining the inherent risk of BEC, financial institutions should consider the level of information available publicly about key financial counterparties and processes, including information on public websites or on the darknet (e.g., email account login credentials that have been compromised and posted for sale). Financial institutions need to also consider its procedures and processes relating to how it (1) authenticates participants in communications,( 2) authorizes transactions, and (3) communicates information and changes about transactions. A multi-faceted transaction verification process, as well as training and awareness-building to identify and avoid spear phishing schemes, are critical.

Response and Recovery of Funds – To request immediate assistance in recovering BEC-stolen funds, financial institutions should file a complaint with the FBI’s Internet Crime Complaint Center (IC3), contact their local FBI field office, or contact the nearest USSS field office. These agencies are part of FinCEN’s Rapid Response Program (RRP). Financial institutions should also use the 314(b) information sharing process to request assistance from other financial institutions involved in (victims of or unwitting participants in) the scheme.

Suspicious Activity Reporting – Financial institutions should provide all pertinent available information on the event and associated suspicious activity, including cyber-related information, in the SAR form and narrative. Specifically, the following information is highly valuable to law enforcement and FinCEN in investigating BEC/EAC fraud:

Transaction details:

1) Dates and amounts of suspicious transactions;

2) Sender’s identifying information, account number, and financial institution;

3) Beneficiary’s identifying information, account number, and financial institution; and

4) Correspondent and intermediary financial institutions’ information, if applicable.

Scheme details:

1) Relevant email addresses and associated Internet Protocol (IP) addresses with their respective timestamps;

2) Description and timing of suspicious email communications and any involved compromised or impersonated parties; and

3) Description of related cyber-events and use (or compromise) of particular technology in the conduct of the fraud. For example, financial institutions should consider including any of the following information or evidence related to the email compromise fraud:

  1. a) Email auto-forwarding
  2. b) Inbox sweep rules or sorting rules set up in victim email accounts
  3. c) A malware attack, and
  4. d) The authentication protocol that was compromised (i.e., single-factor or multi-factor, one-step or multi-step, etc.)

[1] Criminals engaged in email compromise fraud may directly compromise email accounts through unauthorized electronic intrusions in order to leverage the compromised account for sending messages, or they may instead impersonate an email account through spoofing the email address or using an email account closely resembling a known counterparty or customer’s email address (i.e., that is slightly altered by adding, changing, or deleting one or more characters).

Facebook’s Libra – The Fed has “serious concerns” about Libra and warns that their process to address these concerns will not be a sprint

Speaking like “a normal human being”, Fed Chairman Powell says Libra raises “many serious concerns regarding privacy, money laundering, consumer protection, and financial stability.”

For comments on the Libra White Paper, see RTC Article on Libra White Paper

On July 10, 2019, Federal Reserve Chairman Jerome Powell appeared before the House Financial Services Committee for his semi-annual report to Congress. Although his prepared remarks and opening statement did not touch on Facebook’s Libra, Committee Chair Maxine Waters (D. CA) opening question was on Libra and Facebook’s Calibra wallet and her concerns about both (as expressed in the Committee’s July 2nd letter to Mark Zuckerberg, Facebook COO Sheryl Sandberg, and Calibra CEO David Marcus). The question and Chairman Powell’s answer are at the 20-minute mark of the CSPAN video ( Congressional Video ). The Chairman’s answer:

“We do support responsible innovation in the financial services industry as long as the associated risks are appropriately identified and managed. And as we’ll discuss, while the project sponsors hold out the possibility of public benefits, including improved financial access by consumers, Libra raises many serious concerns regarding privacy, money laundering, consumer protection, and financial stability. These are concerns that should be thoroughly and publicly addressed before proceeding. And that’s why at the Fed we’ve set up a working group to focus on this set of issues. We are coordinating with our colleagues in the government in the United States, the regulatory agencies and Treasury; we’re coordinating with central banks and governments around the world to look into this. I’ll just add that the process in addressing these concerns, we think, should be a patient and careful one, and not a sprint to implementation.”

Chairman Powell’s language is particularly interesting. He sees “a possibility of public benefits” but he appears to have no doubt that Libra raises “many serious concerns regarding privacy, money laundering, consumer protection, and financial stability.” He is also telling Facebook and the Libra/Caibra project sponsors that regulatory approval will be at the regulators’ pace (“patient and careful”), not the usual fintech pace (“a sprint to implementation”).

And I echo Ranking Member McHenry’s statement that Chairman Powell’s “candor is welcome and encouraged, and we thank you for attempting to speak like a normal human being …”. I have followed four Federal Reserve chairs (Greenspan, Bernanke, Yellen, and Powell), and have found that Chairman Powell is the only one of the four that I could consistently understand! In fact, Alan Greenspan’s infamous line – “Since becoming a central banker, I have learned to mumble with great incoherence. If I seem unduly clear to you, you must have misunderstood what I said” – seems to have been the modus operandi of his successors, also … except for Chairman Powell.

FATF Terrorist Financing Risk Assessment Guidance

Is the United States a jurisdiction with no or very few known (or suspected) terrorism or TF cases?

The Financial Action Task Force (FATF) released its Terrorist Financing Risk Assessment Guidance on July 5, 2019. It is available at FATF TF Guidance

As FATF notes in its introduction of the Report …

The FATF requires each country to identify, assess and understand the terrorist financing risks it faces in order to mitigate them and effectively dismantle and disrupt terrorist networks. Countries often face particular challenges in assessing terrorist financing risks due to the low value of funds or other assets used in many instances, and the wide variety of sectors misused for the purpose of financing terrorism.

This guidance aims to assist practitioners, and particularly those in lower capacity countries, in assessing terrorist financing risk at the jurisdiction level by providing good approaches, relevant information sources and practical examples based on country experience.

This report builds on the 2013 FATF guidance on national money laundering and terrorist financing risk assessments, and draws on inputs from over 35 jurisdictions from across the FATF Global Network on their extensive experience and lessons learnt in assessing terrorist financing risk. Recognising that there is no one-size-fits all approach when assessing terrorist financing risk, this guidance provides relevant information sources and considerations for different country contexts.

The report addresses:

    • Key considerations when determining the relevant scope and governance of a terrorist financing risk assessment, and practical examples to overcome information sharing challenges related to terrorism and its financing.
    • Examples of information sources when identifying terrorist financing threats and vulnerabilities, and considerations for specific country contexts (e.g. financial and trade centres, lower capacity jurisdictions, jurisdictions bordering a conflict zone etc.).
    • Relevant information sources for practitioners when identifying cross-border terrorist financing risks but also terrorist financing risks within the banking and money or value transfer sectors, and facing those non-profit organisations that fall within the FATF definition.
    • Good approaches for maintaining an up-to-date assessment of risk, and areas for further focus going forward.

The report includes an interesting discussion around “considerations for jurisdictions with no or very few known (or suspected) terrorism or TF cases”. It provides:

34. It is important that countries assess and continue to monitor their TF risks regardless of the absence of known threats. The absence of known or suspected terrorism and TF cases does not necessarily mean that a jurisdiction has a low TF risk. In particular, the absence of cases does not eliminate the potential for funds or other assets to be raised and used domestically (for a purpose other than terrorist attack) or to be transferred abroad. Jurisdictions without TF and terrorism cases will still need to consider the likelihood of terrorist funds being raised domestically (including through willing or defrauded donors), the likelihood of transfer of funds and other assets through, or out of, the country in support of terrorism, and the use of funds for reasons other than a domestic terrorist attack.”

The United States – What Does the SAR Data Show About Terrorist Financing Cases?

The FATF Report includes a list (in Annex A) of the fifty-six countries that have money laundering/terrorist financing, or stand-alone (in the case of nine of the fifty-six) terrorist financing risk assessments. The US is one of those nine, with a 2015 and 2018 national terrorist financing risk assessment. The 2018 assessment (available at US 2018 Terrorist Financing Risk Assessment) notes that depository institutions and money services businesses (MSBs) filed approximately 33% and 58%, respectively, of the 6,000 SARs filed for terrorist financing in 2015, 2016, and 2017 (see pages 16 and 18). The US report notes that these numbers come from the FinCEN SAR data, available at https://www.fincen.gov/reports/sar-stats. Looking at that data reveals the following:

6,131 – Total number of SARs filed with suspicious activity category of “Terrorist Financing” in filing years 2015 through 2017

2,188 – Depository Institutions

3,446 – Money Services Businesses (MSBs)

   288 – Other

    137 – Casinos

      51 – Securities/Futures

      21 – All Other Listed Filers (Insurance, Card Clubs, Loan/Finance Companies)

Using the FinCEN data, it appears that for the three year period indicated, depository institutions (approximately 11,000 banks and credit unions) filed 35.7% of the terrorist financing SARs, and MSBs filed 56.2% of the terrorist financing SARs. Looking at all (available) years’ filings – 2012 through Q1 2019 – depository institutions did, in fact, file 33% (33.4%) of the terrorist financing SARs and MSBs filed 58% (58.6%) of the terrorist financing SARs.

But the 6,131 terrorist financing SARs filed in 2015 through 2017 made up only 0.1% of the total number of SARs filed in that period – 5,822,709. Does this make the United States one of those “jurisdictions with no or very few known (or suspected) terrorism or TF cases”? Regardless, as the FATF notes, “the absence of known or suspected terrorism and TF cases does not necessarily mean that a jurisdiction has a low TF risk. In particular, the absence of cases not not eliminate the potential for funds or other assets to be raised and used domestically for a purpose other than a terrorist attack or to be transferred abroad.” 

FinCEN Updates its Marijuana SAR Data… but Actionable Information is Still Needed!

I previously wrote about the FinCEN quarterly Marijuana Banking Report in an article published August 26, 2018: August 26, 2018 Article

The FinCEN Report is available at FinCEN Marijuana Banking Report.

FinCEN appears to be doing its best with the limited resources that the Administration has allocated and Congress has provided. If properly resourced with the needed technology, capability, and staffing resources, I expect that FinCEN could do much more with the valuable information that the 633 depository institutions are providing through the 81,725 marijuana-related SARs they have filed over the last 5 years.  Here’s hoping that the Administration and Congress step up.

Until those resources are deployed, it appears that the public will continue to receive some good data through the quarterly Marijuana Banking Reports, but not much usable information.  The raw data that was provided indicates that since the FinCEN Guidance introduced the “marijuana-related SAR” concept in February 2014, 493 banks and 140 credit unions have filed one or more of the three types of marijuana-related SARs. Leaving aside what constitutes each of the three types of marijuana-related SARs (the quarterly Marijuana Report doesn’t accurately describe the three types, as I discuss below), FinCEN reports that 81,725 marijuana-related SARs have been filed since Q2 2014. That is good data, but it would be useful information if, for example, that number was compared to the total number of SARs filed by depository institutions in the same period of time (according to FinCEN’s SAR data, that is 4,653,076 SARs) so that we would know that marijuana-related SARs make up 1.76% of all depository institution SARs and are being filed by about 5% of all depository institutions. Other examples of useful and useable (actionable) information include:

Actionable Information

  1. The size and locations of the banks and credit unions filing the marijuana SARs
  2. The locations of the Marijuana Related Businesses (MRBs)
  3. Whether the activity involves medicinal/medical or recreational/adult-use MRBs
  4. The types of MRBs: growers/cultivators, producers, manufacturers, distributors, testing labs, retailers, dispensaries
  5. How many MRBs are being reported and why
  6. Whether the MRBs are part of larger, national (or even international) companies that are coming to dominate the US cannabis industry.
  7. The types of marijuana-related SARs the banks and credit unions are filing: for example, how many banks are only filing Marijuana-Termination SARs, how many of the Marijuana-Limited SARs are 90-day follow-ups rather than net new customers.
  8. Quarter-over-quarter and year-over-year trends: e.g., from Q4 2018 to Q1 2019, the total number of marijuana-related SARs is up 12% but Marijuana Termination SARs are up 14% … what is FinCEN seeing in those filings that could be useful for depository institutions considering whether to provide banking services to MRBs?
  9. There are ten times as many Marijuana Limited SARs (61,036) as there are Marijuana Priority SARs (6,067), and three times as many Marijuana Limited SARs as Marijuana Termination SARs (19,368): why is that? How many of the Marijuana Limited SARs are “continuing activity” SARs (where FinCEN has instructed financial institutions to file a marijuana-related SAR every 90 days regardless of the nature of the activity)?
  10. Whether, and to what extent, the voluntary information sharing provisions of 314(b) and 31 CFR 101.540 are being used by these institutions?

Banks and Credit Unions Aren’t the Only SAR Filers, and What About Marijuana-related CTRs?

There are two other limitations on the Marijuana Banking Report that stand out to me.

First, the Report is limited to banks and credit unions, which, for FinCEN’s reporting purposes, are collectively “Depository Institutions”. Overall, Depository Institutions filed about 45% of all SARs in 2018: MSBs filed 40%, casinos filed about 2.5%, Broker/Dealers filed about 1.2%, and “Other” filed about 11%. It would be instructive to know what other reporting entities are filing marijuana-related SARs.

Second, the original FinCEN Guidance also referred to the two primary large cash transaction reports: CTRs for financial institutions and Form 8300s for non-financial trades and businesses. It would be instructive to know how many of these reports are filed on known marijuana related businesses (linkages between SAR data and CTR/Form 8300 data can be made by TIN or other identifiers on conductors and beneficiaries of the cash transactions).

The Quarterly Marijuana Banking Reports Misstate the 2014 Guidance

In addition, FinCEN should consider “cleaning up” the report. I re-offer (having originally offered in August 2018) four suggestions.

First, when describing the three marijuana SAR categories (Limited, Priority, and Termination), FinCEN refers to Cole Memo “red flags” … but none of the three Cole Memos (or the Ogden Memo) have any “red flags”. The red flags are actually set out in the FinCEN guidance – and there are 23 red flags to consider – and that original guidance correctly refers to the Cole Memo “priorities” when describing the three marijuana SAR types.  Although some may quibble with my distinction, the term “red flags” is a red flag for banking auditors and regulators … the Cole Memo has priorities, the FinCEN guidance has red flags.

Second, footnote 1 of this Report describes when to use each of the three marijuana SAR types. For the marijuana “Termination” SAR, FinCEN indicates that it is to be used when the financial institution has decided to terminate its relationship with the MRB because (1) the financial institution “has decided not to have marijuana related customers for business reasons” or (2) the MRB is not fully compliant with the appropriate state’s marijuana regulations, or (3) the MRB raises one or more of the Cole Memo red flags. (Note the use of the alternative “or”). This language is different than the 2014 guidance, which has nothing about deciding not to have marijuana related customers for business reasons.  I would like to see FinCEN provide the industry with guidance for not only exiting MRBs, but also about simply not providing banking services to marijuana related customers for business/risk reasons.  It is clearly needed if less than 650 of more than 11,000 banks and credit unions are knowingly or unknowingly providing banking services to MRBs.

Third, there is nothing in the 2014 guidance, nor in the FinCEN Marijuana Banking report, that defines a “marijuana related business”.  It is certainly implied that to be an MRB requires being subject to state marijuana regulations, but clear guidance would be helpful. Also, there are many businesses that do not have to be licensed and are not governed by state marijuana regulations, but are indirectly dealing with MRBs. Footnote 7 of the 2014 guidance referred to indirect services (“a financial institution could be providing services to a non-financial customer that provides goods or services to a marijuana-related business (e.g., a commercial landlord that leases property to a marijuana-related business). In such circumstances where services are being provided indirectly, the financial institution may file SARs based on existing regulations and guidance without distinguishing between “Marijuana Limited” and “Marijuana Priority.”): but it did not differentiate between (what I’ll call) Direct MRBs (those that are required to be licensed under state marijuana regulations) and Indirect MRBs (those that capital, services, products, property to Direct MRBs).

Finally, the Marijuana Banking Report describes the marijuana Limited-Priority-Termination SAR categories as “three phases for describing a financial institution’s relationship to marijuana-related businesses.” That isn’t accurate: there is not a progression or phasing of these categories, and the original 2014 guidance didn’t describe them that way. A bank or credit union (or any filer) doesn’t have to start with a Limited SAR, then progress to a Priority SAR, then end with a Termination SAR: they are three distinct SARs, dependent on the circumstances of each case.

The Marijuana Data Is Good, But Actionable Information Would Be Better!



A Contempt Fine of $50,000 a Day for “Stashing Documents” But Not Producing Them

Three Chinese “multi-billion dollar banks disregarding an order to produce records or a witness essential to an investigation into a state-sponsor of terrorism’s proliferation of nuclear weapons” are hit with a fine of $50,000 for every day they refuse to comply, concluded Federal District Court Justice Beryl A. Howell in a May 15, 2019 Opinion that was only recently unsealed. Judge Howell noted that “Bank Three’s stashing documents somewhere in its facilities is not responsible to the subpoena.”

In story published June 24th – Link – the Washington Post identified the three Chinese banks as Bank of Communications, China Merchant’s Bank, and Shanghai Pudong Development Bank. This writer offers no comment on the accuracy of the Post’s claims.

This will be an interesting case, or series of cases, to follow. Titles 18 and 50 are impacted and US/Chinese relations could be impacted.


The original (March 18, 2019) Order is available on PACER at March 18 Order to Compel

The May 15th Order is available on PACER at May 15 Contempt Order