Redefining Cannabis “Compliance”

“Compliance” is a cannabis industry buzzword, and rightfully so given how heavily regulated the industry is across the United States. When business owners and ancillary service providers hear the term, however, their focus typically zeros in on the state and local cannabis regulations that govern a given license type. However, a singular focus on state and local cannabis regulations is recipe for disaster.

Focusing only on state and local cannabis regulations ignores potential local, state, and federal law that may apply to a cannabis business. Many state and local cannabis regulations either fail to mention relevant sources of outside law entirely or make cursory mention of them. For example, California cannabis regulations require licensees to complete a Cal-OSHA 30-hour general industry outreach course but do not otherwise require licensees to comply with Cal-OSHA regulations. Similarly, the California Department of Public Health merely mentions Proposition 65 Warning compliance on labeling checklists and a link to the California Office of Environmental Health Hazard Assessment rather than detailing comprehensive regulations for licensees to follow.

The above examples are not presented as a criticism of the cannabis regulatory agencies in California, or any other state agencies that regulate cannabis. Local, state, and federal law outside of cannabis-specific regulations are often independently regulated and enforced, thereby limiting the information that state and local cannabis regulatory bodies can provide. Rather, the examples are presented as a warning to businesses and service providers alike:

Do not “stop” at your state and local cannabis regulations when developing a compliance program.

While it’s impossible to provide a definitive list of cannabis compliance considerations that typically fall outside of state and local cannabis regulations, here are five areas to think about:

1. Federal Trade Commission (“FTC”) Act

Any cannabis business working with celebrities or influencers should look into FTC requirements. Businesses should similarly consider similar state consumer protection laws.

2. Telephone Consumer Protection Act (“TCPA”)

Planning to use texting as a marketing channel? Check out the TCPA before you do.

3. Health and Safety Regulations

Look into state and federal OSHA requirements, and make sure your business has all required plans (Injury and Illness Prevention Plan, Fire Prevention Plan, etc.) in place, and is complying with applicable training and recordkeeping requirements.

4. Privacy and Data Law

Make sure your business’ website has a robust privacy and data policy that puts users on notice of their rights and otherwise complies with relevant law.

5. Securities Law

If a cannabis business is a public company or a private company raising money/issuing securities, it needs to consider relevant securities law and likely consult with a securities attorney.

Companies and service providers must ensure that compliance programs do not fall into the trap of only thinking about state and local cannabis regulations when defining “compliance.” Potential civil and criminal liability related to noncompliance with other relevant sources of law can be equally (if not more) crippling as enforcement actions related to cannabis regulations.

© RYAN T. KOCOT, ESQ. 2020

DISCLAIMER: THIS INFORMATION IS STRICTLY EDUCATIONAL AND DOES NOT CONSTITUTE LEGAL ADVICE.