May 22, 2020
10 Compliance and Safety Questions Every Cannabis Company Should Ask
Posted by Sean Batchelor
Compliance and safety have always been tremendously important for cannabis companies, and the disruption that COVID-19 has brought to the industry has just increased this importance. We have assembled 10 key compliance and safety questions that every cannabis company should be asking themselves.
1. Have I determined which state and local agencies oversee my operations?
You need to understand which state and local agencies you must work with to be compliant. Listed below, for example, are the ones for California. Each state will have its own agencies with specific regulations.
- Bureau of Cannabis Control – responsible for licensing retailers, distributors, testing laboratories, microbusinesses and temporary cannabis events.
- Department of Food and Agriculture – ensures public safety and environmental protection by licensing and regulating commercial cannabis cultivators. They also manage the state’s track-and-trace system, which tracks all commercial cannabis and cannabis products from cultivation to sale.
- Department of Public Health – in charge of licensing and regulating commercial cannabis activity.
In addition to state agencies, you will also need to understand your local agencies’ requirements and gain their approval.
2. Have I read and do I understand MAUCRSA? (California only)
The general framework for the regulation of commercial medicinal and adult-use cannabis in California was put in place under the Medicinal and Adult-Use Cannabis Regulation and Safety Act (MAUCRSA), which was mandated upon the passage of Prop. 64 by voters in 2016 .
3. Have I applied for and obtained all required licenses?
These vary by state and by other factors such as customer base (adult-use recreation vs. medicinal) and size/type of operations (cultivator, manufacturer, distributor, retailer ). For proper compliance and safety of your cannabis business, ensure you understand the required licenses.
4. Do I have an adequate track-and-trace system in place, and is it compliant with required reporting?
In California, for example, all state-issued annual and provisional licensees are required to use the CCTT–METRC system to record, track and maintain information about their cannabis and cannabis-product inventories and activities, according to the regulations of their respective licensing authority (the Bureau of Cannabis Control, the California Department of Food and Agriculture, or the California Department of Public Health).
5. Do I have documented policies/procedures, and are internal controls identified within?
Standard operating procedures (SOPs), operational flowcharts and formalized company policies should be drafted and periodically reviewed for necessary updates. These documents:
- Are required for many licenses
- Help train employees
- Aid in risk management and identifying areas of unmitigated risk
6. Do I need to electronically file my sales and use tax returns with the state tax authority?
In California, even if you do not make taxable sales of cannabis, you are still required to file a return indicating your total sales with your claimed non-taxable or exempt sales during that particular reporting period. Check with your state tax authority to find the specific rules you need to follow.
7. Do I have adequate means to satisfy record retention requirements?
Know what the rules are in your state. For example, California requires licensees to keep and maintain records for at least seven years from the date the document was created. Records should be kept in a manner that allows you to provide them at the licensed premises or deliver them to the state department(s), upon request.
8. Do I have an adequate cash management plan?
The cannabis industry is notoriously dependent on cash. Banking services are often unavailable or overly burdensome, which means a robust cash management plan is a must. Such a plan needs to include policies and internal controls surrounding physical security (during storage and transport), accurate accounting and reporting and liquidity management.
9. Are my hiring standards and job requirements enough to comply with regulations?
Employers should ensure their onboarding process and safety standards meet any mandatory federal, state or local guidelines. This includes collecting mandatory new hire information such as I-9 Authorization to Work forms and tax withholding information. Additional guidelines may require a process for LiveScan (fingerprinting), background checks, etc. As requirements in the industry may vary by state, you should research each work location to ensure you identify all compliance mandates.
10. Do I carry adequate insurance coverage as required by regulators?
Insurance requirements for cannabis-related businesses will vary from state to state. It is important to thoroughly review the regulations in each area in which you do business to ensure that you’ve obtained all required insurance. As an example, California requires cannabis businesses to have a minimum commercial general liability insurance policy of $2 million, with insurance of up to $1 million for each loss, when submitting a cannabis license application. The state also requires a $5,000 surety bond that should be addressed to the state of California.
Armanino’s services are tailored to the needs of growers, manufacturers, distributors, dispensaries and other cannabis and hemp-related businesses. Contact us at email@example.com to learn more about how we can provide core accounting services and help your cannabis organization maximize operational efficiencies, automate key systems and maintain regulatory compliance.
A senior manager in the Governance, Risk and Compliance (GRC) practice at Armanino, Sean has over 10 years of experience in corporate and public accounting. He serves clients in a broad range of industries, including high tech, manufacturing, financial services, private lending and insurance. His expertise includes reviewing operational, financial, and technology processes to provide management with an individual assessment of business risk, internal controls, and the overall effectiveness and efficiency of processes. He also assesses and educates companies on the risks associated with Sarbanes-Oxley (SOX), as they pertain to internal controls.
Sean received his B.S. in business administration from the University of the Pacific. He is a member of the California Society of Certified Public Accountants and the American Institute of Certified Public Accountants.