1 / 23

Security Considerations for the Cannabis Industry March 7, 2019

Learn about the risks and security measures necessary in the cannabis industry. Topics include legal compliance, physical security, information security, and more.

marianelson
Télécharger la présentation

Security Considerations for the Cannabis Industry March 7, 2019

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Considerations for theCannabis IndustryMarch 7, 2019

  2. About Chris Marquet President of Investigative Services for SunBlock Systems and practice leader for the CRA, based in Mass. 35+ years experience in the Risk Mitigation Industry, including international investigations & security consulting, specializing in employee misconduct, fraud, integrity due diligence, & special fact finding missions. Nationally recognized speaker & author on risk issues

  3. About Cannabis Risk Advisory Cross-disciplinary teams of former law enforcement and retail/manufacturing security & financial experts devoted to customized, innovative, cost-effective, and sustainable solutions. Counsel and train organizations on how to strengthen their security, develop and implement privacy and data protection programs, and comply with applicable regulations. Understanding of enterprise risks, including those involving personal information and safety, financial, physical, and cyber risks.

  4. What are the Risks in the Cannabis Industry? Same as most industries but orders of magnitude greater: Legal & Regulatory Environment Physical Security & Inventory Control People Issues Information Security & Cyber Risks Financial Controls

  5. Cannabis Security Similarities with Other Businesses: Early Detection Real Time Alerts Protect Highest Value Assets Take Storage Seriously Strong Access & Perimeter Security (Locks, Fences, Walls, Cameras, etc.) Inside Jobs More Likely Strong Password/Security Codes & Protocols Create Culture of Compliance

  6. Legal & Regulatory Compliance States with legal cannabis require security plans & vetting. In Mass, for example, basic requirements: Access controls Video monitoring Inventory controls Transport & storage security Incident reporting Crisis plans Security audits Staff vetting (background checks)

  7. Physical Security & Inventory Control Basic requirements: Secure building/facility Access controls – locks, identification requirements, limited access areas Video monitoring Security officers Inventory controls – diversion controls, storage & destruction security & reporting Cash controls – safes/vaults Transport security & controls

  8. Inventory Control Seed to Sale Tracking: Software program & RFID tags Tagging plants & packages (tags are onetime use) Plant stages tagged - immature, vegetative & flowering Batch numbers assigned in harvesting & curing process Packaging tagged Data entered into system at each stage – CCC monitoring & audits

  9. Security Risks – Some Headlines Five arrested in Woodland with nearly 200 pounds of stolen marijuana, Sacramento Bee, 2/19 North Bethesda Cannabis Store Broken Into…, Bethesda Magazine, 2/19 Felonies filed in case allegedly involving assault and theft of marijuana, Aspen Daily News, 1/19 Cannabis Delivery, Theft, Battery, Oswego Patch, 1/19 Marijuana dispensary owned robbed, Detroit Free Press, 12/18 Bong thwarts attempted robbery at pot dispensary, New York Post, 9/18 Employees assaulted and tied up during marijuana grow robbery in Monterey County, KION Ch. 5, 7/18 Man sentenced to probation in $428k pot thefts, Mail Tribune, 1/18

  10. People Issues “In any organization, at any time, there is always someone who is up to no good…” - C. Marquet axiom

  11. People Issues – Some Headlines The collapse of this cannabis stock offers a valuable lesson to every investor, Marketwatch, 11/18 (India Global Capitalization) Police: Employee stole cannabis goods from Framingham lab, Metrowest Daily News 10/18 Former Berkeley cannabis official sentenced to 3 years in prison for money laundering, Daily Californian, 11/17 Scott Pack Indicted in Colorado Pot Biz's Largest Fraud Case Ever, Westword, 6/17 (Harmony & Green) Colorado pot shop employees accused of embezzling, The Cannabist, 2/17 Eureka insurance broker accused of embezzling cannabis business’ payments, Times Standard, 1/17

  12. People Issues – Background checks Legal states require background checks on everyone – all employees, plus board members, capital contributors, volunteers & consultants For Massachusetts, background checks must include: 1. A Criminal History Search, including county, state, federal, international records for the past 7 years, for instances of: a. Conviction; b. Guilty Plea; c. Nolo Contendere; d. Admission to sufficient facts; and e. Pending charges 2. Professional License Verification; 3. Marijuana Professional License Verification/ Industry Compliance Check; 4. Restricted Parties Search; 5. Civil History Search; 6. 7 Year Sex Offender Search; 7. NPDB (National Practitioner Data Bank); 8. FACIS (Fraud and Abuse Control Information Systems; and 9. Media/Social Media

  13. People Issues – Enhanced Integrity Due Diligence Check out not only employees, execs & investors, but vendors and other affiliated businesses Lookback to college years Onsite criminal searches Multijurisdictional searches Comprehensive civil searches Financial red flags Relationship vetting & corporate affiliations Interviews Beyond traditional & social media - Deep & Dark Web Searches

  14. Information Security & Cyber Risks Information governance policies & procedures Identifying and segmenting confidential information Employee information, HIPAA information, other customer info Network design and implementation Security testing and ongoing monitoring Cyber risk assessment Penetration tests Monitoring products Advanced firewalls and security measures Encryption Multi-Factor Authentication Employee training Enforcement

  15. Almost all compromises occur due to human factor: Clicking on malware Divulging access credentials IT team configuration error Theft of proprietary data (internal & external threat) Security is a chain that requires all links to be strong: People Process Systems

  16. Financial Controls & AML

  17. Financial Controls & AML From the Cole Memo, 8 key guidelines relating to Cannabis: Preventing distribution to minors Keeping proceeds out of the hands of gangs and cartels Stopping marijuana from crossing state lines Not letting marijuana be used as a cover for other illegal activities Preventing violence and the use of firearms in cultivation and distribution of marijuana Preventing drugged driving and other adverse health consequences Not allowing marijuana to be grown on public lands Preventing possession or use on public property

  18. Financial Controls (cont.) In 2014, for the first time, DOJ acknowledged that violation of the Controlled Substances Act (and the 8 guidelines) had implications for money laundering and the Bank Secrecy Act. This laid the foundation for guidance from Financial Crimes Enforcement Network (FinCEN).

  19. FinCEN Guidance: Know Your Customer (KYC) is critical Three types of Suspicious Activity Reports (SARs) to file: Marijuana limited SAR The bank reports that business doesn’t violate any of the guidelines. Marijuana priority SAR If DOJ priorities have been violated, or business not in full compliance with state law requirements, then it files a SAR that identifies the wrongful activity. Marijuana termination SAR Though the business may be operating in compliance with state law and satisfying all 8 priorities, a bank might not feel comfortable maintaining a relationship with the business, “in order to maintain an effective anti-money laundering program.”

  20. Also, FinCEN identifies these red flags: Activity or revenue inconsistent with the business or its competitors Excessive cash deposits or withdrawals Structuring Rapid movement of funds Deposits by third parties unrelated to the business, excessive commingling of funds with other accounts of the owners Sudden surge in activity.

  21. Federal Regulations Despite decriminalization or legalization in over 36 states: Still illegal at Federal level Hemp now legal; CBD FDA hearings taking place Banking not yet approved for all services/suppliers AML an issue because MJ still predominantly cash business 3 Tiers of FinCEN reporting for MJ

  22. State Regulations (MA) Marijuana is legal for people 21 and older. You can’t use marijuana in any form (smoking, vaping, edibles, etc.) in public or on federal land. You can have up to 1 oz. on you and up to 10 oz. in your home. Grow up to 6 plants in your home (12 plants for 2 or more adults). More than 1 oz. of marijuana in your home: must be locked up. No open container in your car while on the road or at a public place. It’s illegal to drive under the influence of marijuana.

  23. Thank you for joining us today.Chris Marquet can be reached at cmarquet@sunblocksystems.com or617-733-3304

More Related