Andrew Mullins posted an articleEnsuring the right insurance, what exposures are insurable & the difference in coverages - carriers. see more
By MoCann’s Transportation | Security | Technology Committee
As some operators are going through commencement, others are going through their first insurance renewal. The state recommended their insurance “expectations” in the licensing process with operators focused on securing coverage in order to get operators successfully commenced and compliant. Time was and is limited; however, it is always smart to ensure what exposures are insurable and the difference in coverages between carriers.
With medical and adult use cannabis remaining federally illegal, the number of carriers interested in writing the insurance is limited and often the forms are more restrictive in their coverage and language. It is important to review the exclusions on the policy to understand what is and more importantly, what is not covered in your policy. In addition, cheaper is rarely better. There are some carriers attempting to undercut the market, but be aware, chances are if you have a claim with these certain carriers you may not be covered. Additionally, you will likely see double-digit increases on your subsequent renewals despite your claims history, or lack thereof. Make sure you partner with an Insurance Provider who knows the industry and has been a mainstay in it to avoid these pitfalls.
Finding a Provider who can offer the necessary Property capacity needed is also a challenging aspect of securing coverage for your businesses. Most Providers will cap their total Property limits which includes coverage for your Building, Business Personal Property, Business Income, and Inventory/Crop, at $10M (or less) and only a select few have limits of $25M or greater. Make sure you have the proper fire safety measures in place to protect your investment and avoid catastrophic losses which could ultimately put you out of business.
Product Withdrawal is very timely in Missouri. Although there have not been any product recalls, there have been administrative holds impacting a larger swath of the marketplace. With a recall scenario, have you considered who would be responsible for disposing of the recalled products? Liability, likely, would fall on the cultivators and/or manufacturers and possibly the dispensary retailer depending on the circumstances. Good news is, you can insure exposure to dispose of the product but at this time, coverage for the product itself and lost cost are not available; however, several carriers are looking to add this coverage as interest is growing across the industry. As newer products are being developed (e.g. Delta-8, Delta-10 etc.) and flooding the marketplace make sure to pay attention to Product exclusions in your policy as most Providers are hesitant to offer coverage on these relatively unproven products.
- Product Withdrawal: Carriers will offer limits of $100,000 up to $250,000 for an additional premium; this will help cover the expense of disposing of the product properly up to the sub limit secured. Deductibles tend to range from $2,500 - $10,000.
- Cargo and Cash transport: Who owns the responsibility to insure? What is the best policy to secure? This will come down to who has care, custody and control of the product. It is imperative to address this in your service agreements with your transportation/security company. It is important to understand the perils that are covered in the following policies.
Property in Transit: This is just as it sounds, coverage for goods while in transit. On many property policies, this coverage is included under a property enhancement with limits ranging from $5,000 to $100,000 and deductibles starting at $1,000 and up. Please note that this does not cover cash. You need to look at your money and securities coverage and through the property enhancements, limits tend to be capped at $25,000.
Motor Truck Cargo: This will cover product and/or cash in transit either first party or third party. It is important to read transportation agreements to confirm who has the care, custody and control and who is responsible for the product and cash. Underwriting will look at how many vehicles are in the fleet, radius of deliveries, and the value of the products and cash per trip.
- Crime: Crime limits can often be limited and deductibles can be higher for both Products, Money and Securities coverage. However, it is well known that a majority of stolen cash incidents reflect “inside jobs''. Therefore, it is vitally important to have Employee Dishonesty coverage as part of your policy, or secure a fidelity bond. Coverage for Money & Securities and Employee Dishonesty is often included as part of a Property Enhancement form and has sub limits associated with the coverage. Whereas theft of Product is often included in the Property subject to certain warranties being in place.
Owning and running a multi-million dollar business with a dynamic group of investors leaves the ownership and executive group vulnerable. Decision-making and communication are key. This is also an insurable risk by securing Directors and Officers coverage. In addition to a dynamic investor group, each operator will hire and train employees. As the employer of teams from 2-200, there may be exposure to certain employment claims and disputes including wrongful termination, sexual harassment or discrimination and this is where EPLI comes into play.
- Employment Practices Liability: Employee turnover is high in any industry and cannabis is no exception. EPLI protects the insured entity if an employee sues for discrimination, sexual misconduct, wrongful termination etc. Even if you are wrongfully accused, there are still legal costs. Coverage is also available for third party claims, it is important to confirm if a third party is included. Limited carriers will write this coverage as a monoline policy and can be written on the D&O policy.
- Directors and Officers (D&O): How diverse is your investor group? As a young business with many significant decisions being made, are you confident your decisions will not be questioned. There are several carriers that will write D&O with each one offering different forms. The higher the premium the better the coverage. It is important to compare the different carriers forms to make sure you risk is with the best carrier for your exposures i.e. Private vs Public companies and their differing needs.There is currently only one complete D&O product offering out there tailored specifically for this industry's privately held companies. The majority of the marketplace is offering off-the-shelf coverage that more often than not, doesn't meet the needs of your business and is something to be mindful of when purchasing this coverage.
- Cyber Liability: Cyber coverage is tough for any risk and the cannabis risk market is limited, volatile and premiums are increasing. Cannabis risks can transfer risks to their third-party vendors; however, there is still considerable exposure. Cyber polices are robust and no two are the same. Policies are broken down into first-party and third-party insuring agreements. One of the most common is ransomware, there is an instance where an out of state grower was using a computer to control and monitor fertigation and the system was hacked. The hackers demanded ransom and would not allow the insured to access their facility systems until it was paid. The security system was set up on the same Wifi/technology system and their crop was destroyed in two days. Likely you would be adequately insured on your crop value, however the trigger would be cyber and could not be covered under the package/crop policy.
- Professional Liability: This coverage is tricky and covers medical advice given by a credentialed professional. This coverage does not cover dispensary agents / budtenders, which is where the biggest exposure lies. Technically, there is no exposure for cultivation and manufacturers because no advice is given to patients. A sub limit of $100,000 in budtender liability can be added to some carriers’ policies.
- Errors and Omissions: Cultivators and manufacturers would have an exposure if they are in a contract with another cultivator or manufacturer hired for their expertise and service in producing manufactured products. This coverage is also very important for testing labs.Cannabis is rated differently based on where it is in the process. Cultivators and Manufactures need to make sure they are not missing a step in the process.
- Crop Insurance: Crop insurance is the toughest risk to value. Carriers tend to place maximum value for the stage of the plant. Oftentimes the values and timing does not match your internal systems and several carriers may value it differently. It is important to complete the table using the carrier values and estimating based on your most robust harvest to ensure you are insured properly. Coverage is expensive in comparison to the other property coverages, in addition you need to understand which perils are covered.
- Stock in Process: This coverage is applicable to manufacturers. Your cannabis materials are purchased and you are transforming into your product, make sure you insure the cannabis materials prior to being transformed into its final product.
- Marijuana Inventory In order to be properly insured, you need to look at any given day, what your inventory will be, if there is a loss you cannot predict if it will be on a day when your deliveries arrive or when inventory is low. Most carriers value this as actual cash value vs replacement cost. You need to review your policy and confirm. In addition, most carriers will only cover a % of products that are in the display cases. This coverage also comes with warranties that products are secured and monitored properly.
Here are some hints for property/liability/auto and workers comp coverages
- Property – Building
Building Value – Cannabis carriers do not write on an agreed value, so it is imperative to value your building within the co-insurance limit, most carriers will write on an 80% and 90% of value. If you are under-insured you can incur a co-insurance and penalty.
Anything attached to the building should be included in the building value i.e. HVAC
- Business Personal Property These are the contents that are not attached to the building, i.e. cultivation lights, display cases, computers, servers, etc.
- Business Income vs Business Interruption This coverage is designed to keep your business stable, in the event you have a property loss and are not able to operate. Business Income is more robust coverage, whereas Business Interruption is more refined. Make sure you know how your policy covers this exposure. Most carriers will write business income, whereas some are switching forms to business interruption, without notifying the agents of the change. Business Interruption covers normal fixed operating expenses incurred, including payroll for key employees; however it will not cover lost income
- General Liability: Slips, trips and falls on premise. This can be written occurrence or claims made and is rated with off sq ft or revenue and is subject to audit.
- Assault and Battery: Carriers are reluctant to include coverage; they expect that you transfer liability to your hired security company. If you provide a certificate of insurance proving that they do have coverage, most will offer a sublimit of $100,000. The contract and certificate should include your business as a named additional insured with Waiver of Subrogation, Primary non-contributory language on your security company’s insurance policies. If you are working with a reputable security company, this request is standard.
- Excess Liability: Additional limits per occurrence/claim. Important to note if this overlies the General liability only or over the products liability as well. Auto liability will also need to be confirmed. Most Excess policies offered go over GL only, make sure you clearly understand what the excess will include. Most policies should follow the form of the underlying, this policy is no exception, review the forms and exclusions.
- Product Liability: Product Liability protects the business if there is a bodily injury or property damage incurred from use or consumption of the product. This is written on claims made coverage and is subject to a step factor for several years to pick up the previous year(s) exposure. This is rated off revenue and is subject to audit. It is recommended to review revenue at least every 6 months to determine if you are on target or if you should expect to pay an additional premium at the conclusion of the audit. It is best to provide conservative sales estimates as opposed to over-estimating. Oftentimes if an audit shows less sales than what was rated, there is no premium refund. If the audit shows higher sales than estimated, additional premium is due. This coverage specifically is very important to review all of the exclusions and to understand how vape cartridges and products are covered and rated.
- Auto Liability: There are minimal auto carriers in Missouri, more are expected and the few that are approved are having difficulty rating to be competitive. Auto policies are restrictive, it is important to keep your auto fleet current and your drivers list up to date. If not, there is a chance your claim could be denied. Regarding physical damage coverage don’t forget to include the value of the attached equipment. Risk management practices are imperative to mitigate the chance of auto liability lawsuits, it is important to have a driver’s training program.
- Hired-non owned auto: Non-owned auto extends liability coverage to the business owner when an employee is using his or her own auto for business. It is important to understand that if an employee is driving their own auto their insurance is primary, where the businesses would be secondary and not cover physical damage. Hired auto includes liability coverage for a rental vehicle and physical damage can be added upon request. This coverage can be written on your GL or Auto policy. Carriers have tight restrictions on whether they are comfortable writing the risks. Most carriers will not cover B2C exposures, if this is your plan; make sure you tell your insurance broker and complete the application properly.
- Workers Comp: All companies with five or more employees are legally required to carry workers comp insurance. Manufacturing risks carry the highest rate and information on the extraction process will need to be underwritten. Carriers are also very diligent in confirming which owners and executives are included and excluded from coverage. This policy is auditable and unlike the liability audits, if you over estimate you will receive a return premium. Understanding the MO work comp law, claims process, and duties in the event of a claim are important in controlling work comp insurance cost.
Insurance is complex in the cannabis industry, so it is important to collaborate with an insurance broker well versed in the coverages and complexities of this industry. There is also a fine line on being over insured and underinsured, it's always a good idea to not get caught underinsured.
Please note that the carrier's forms and limits can change at any time. Information shared in this blog is accurate as of 02-28-2021.
MoCann’s Transportation | Security | Technology committee recommends checking out these MoCann members who specialize in cannabis risk analysis and coverages:
Depending on the nature of your facility and operation, securing a proper insurance program is a det see more
Missouri Cannabis Facilities: Secure Your Insurance NOW! | DO NOT WAIT!
Guest Post by Christopher Sullivan, PWCA | MoCannTrade Platinum Member | POWERS Insurance and Risk Management
Commencing cannabis facilities face a daunting to-do list with an impending operational deadline by DHSS. Naturally, the to-do list is prioritized, and insurance sometimes falls low on the list with the expectation, or perhaps hope, the process will be quick and easy. I am here to save you time and frustration by sharing the reality of the insurance process: Depending on the nature of your facility and operation, securing a proper insurance program is a detailed, involved process that takes time.
How long does it take to secure insurance?
Many variables come into play when securing insurance. Due to the unique characteristics of each facility, the underwriters who are highly specialized in this industry, will take a magnifying glass to the application criteria. The discovery process and processing time often take up to 3 to 4 weeks before a firm, bindable quote is extended.
Single site dispensaries or small transportation companies may be simpler in comparison to larger operations such as cultivation and manufacturing facilities. However, all operations are experiencing a detailed underwriting process that requires a great deal of data and lengthy processing times.
What are the underwriters looking for?
Some criteria that underwriters look for will include but are not limited to:
- Facility location
- Distance to the nearest fire hydrant
- Distance to the nearest fire department
- Construction materials
- Presence of a fire sprinkler system
- Security Details
- Safe/vault room fire rating and construction details
All the above have a large impact on premium rates and various carrier eligibility.
What is my priority?
Cannabis facility operators and cannabis insurance professionals should be searching for distinctive policy terms, but your priority would be to ensure that the property capacity need is met.
Many cultivation and manufacturing facilities have multimillion-dollar buildouts, equipment values, work in process and inventory values, and millions of dollars in revenue potential. (Revenue would be insured as business interruption or business income.) All these combined, the total property limit need for many facilities is often several millions of dollars, yet most insurers in this space have a property capacity limit at a fraction of the need. Although the lengthy underwriting process is inevitable, there are many solutions available to properly insure your investment.
What is the best approach?
If you have not already, start now! Facility operators should align themselves with an insurance expert who is familiar with navigating the process. Be wary of anyone who promises a “quick quote”. Those who make those promises tend to provide limited policy terms and low property capacity. I call them proactive insurance brokers. They will pursue more than one solution to allow for options, comparisons, and the “lowest bid”.
As great as a proactive insurance broker sounds, an experienced insurance broker (see MoCann list of member providers here) will have undergone the front-end underwriting allowing for the strategic approach of the solutions best suited for the individual risk. This makes for the most time-efficient process possible in securing distinctive policy terms and capacity limits.
About Chris Sullivan and POWERS Insurance & Risk Management
Chris and the team at POWERS Insurance & Risk Management have successfully helped several cannabis facilities with the commencement process as well as ensuring those facilities are properly insured and operating due to our expert knowledge and efficiency. Contact Chris Sullivan at email@example.com, 314-333-4915, or www.powersinsurance.com/chris-sullivan.
Information security is not just about complying to laws and regulations or the right server. see more
IT Security for Growth: De-mystifying Policy, Security & Business Viability
Guest Post by Dave Chronister - CISSP, CISM, CISA | MoCannTrade Platinum Member | Parameter Security
Changing the Focus
Information security is not just about complying to laws and regulations or choosing the right server, data center or encryption method. Let’s not think about it as “cyber security” or an “add-on.” Instead of seeing it as a series of hoops to jump through, think about the security of your business as essential to your success as the quality of your product. Since you would not leave the quality of your project up to chance, don’t then leave the security of your whole business up to chance either.
You could, instead, focus on designing a Security Program. A Security Program is unique to your business, designed to comply with laws and regulations, set long term goals and give clear direction toward maintaining the day-to-day running of your business.
A Security Program is proactive, not reactive.
Essentially, it helps your business survive and thrive.
Your Security Program doesn’t just help you adhere to regulations, it should also make your business run more smoothly and efficiently.
What is a Security Program?
In essence, a Security Program is a plan on how to run your business in order to make it more viable.
Your Security Program is a holistic approach that determines how your business runs and includes goals to protect life and ensure the viability of your business. It is a series of policies, standards and procedures which help your business run smoothly and reduce risk. A security program is not an app., where you store your data or who has access. It does not begin and end with Tech.
Now it is important to note that you will never be 100% secure and you cannot ever eliminate risk. There will always be risk. Instead, you need to determine what is an acceptable risk for your organization. Factors such as regulations, laws and internal business goals and requirements will help you determine your organization’s acceptable risk.
How is a Security Program created?
A Security Program consists of Policies, Standards and Procedures. Simply put, it is a set of policies that document and dictate how your business runs. It covers business rules, technology, tools, and processes. A Security Program has three basic tiers.
Top Level Policies
This is management’s requirements on how to run your business. These are short, don’t change over time, they are measurable and responsibility and recriminations for violations are clearly defined (up to/include termination). Example of an encryption policy: “In order to provide adequate security our organization will employ strong encryption methods.”
Standards define the technology and tools which implement the top level policies. They are designed to meet the requirements and evolve as technology changes. Example of a standard: “Our company uses AES cipher to protect our sensitive client data.”
These are step-by-step instructions on how to implement a standard. For example, you may have a procedure to encrypt data using the AES encryption cipher. Good procedures are simple, and intuitive so that your employees can be consistent in their application.
Tips to write more useful Policies:
- Use concise, clear language. Avoid legalese, biblical “thou shalt..”
- Have your subject expert write them (IT policies should be written by your IT expert, etc.)
- They should be reviewed and updated as needed. (Minimum: annual review.)
- Centrally stored. (Ideally in a GRC portal.)
What is an incident? Anything that compromises the integrity, confidentiality and availability of your business Security Program. You may have heard of a data breach. That is a particular type of incident which compromises the confidentiality of your data.
Incidents will happen, whether malicious or accidental. All anyone can do is proactively plan for incidents so that, in the event that they occur, you know what to do and there is less impact on your business.
Here are a few areas of consideration when creating your incident response policy.
- investigating the Incident- Who is going to investigate and collect court-grade evidence? Do you have audit logs to provide visibility during the investigation? Do you know where your data is so that you can determine what has been compromised?
- Legal - Do you have an attorney who understands the current data laws and regulations and who can also provide guidance on disclosure of an incident? (Data Privacy Attorney)
- Communication - How are you going to convey appropriate and approved communications during and after an incident? Who is your spokesperson? How are you going to control and convey messaging during a crisis? If a breach has been found, how will you provide customer notification in the legally-required timeframe? (Notification laws are not uniform across the U.S.)
- Financial - Do you have contracted rates for third-party vendors who will support you during and after an incident? Do you have cyber-liability insurance?
Security Programs can seem daunting. My experience in the industry has proven that a business should not wait until a Security Program is perfect, rather start and continue to revise and re-evaluate. A healthy Security Program will define and support your business requirements and strategy, ultimately helping you run a more successful business.
Dave Chronister - CISSP, CISM, CISA is founder and CEO of Parameter Security. Parameter helps those in the medical marijuana industry create, maintain, and provide compliance validation with their Security Programs and digital forensic/incident response services.
You’ve thought long and hard about education, for staff, patients, and your local community. see more
Creating a Superior Medical Cannabis Patient Experience
by April Hatch RN, MSN - Cannabis Care Team
There’s no doubt that if you’ve been awarded a dispensary license you’ve thought long and hard about education, for staff, patients, and your local community. DHSS regulations require that dispensary staff meet minimum education on 7 topics - including “The differences in the purported effects and effectiveness of the strains of medical marijuana for purchase at that dispensary and the methods of their use.” The constant messaging for the program in terms of medical advice is clear - non-clinical employees must NOT offer anything resembling medical guidance - including efficacy, effects, or treatment. Your regulation-compliant educational information will appear in blogs on your website to printed materials to events at the local Chamber of Commerce.
Your staff training will no doubt include hours of learning how to use your POS, compliance, and the security measures you have in place, but have you thought about how you will teach your front-line staff how to interact with chronically ill patients? Or how you will teach them to provide a superior patient experience?
We are very proud of the services we provide to patients, but we also know it is important to teach the industry as well. For many patients, their first experience with medical cannabis begins as soon as they step across the threshold of your dispensary. Patients will be looking to dispensary staff to help them find an effective symptom-management plan. We hear repeatedly that patients don’t want to smoke, and they don’t want to feel the psychoactive effects, they simply want to heal without getting high. They are not looking for temporary relief, they are hoping for a better quality-of-life and want your staff to teach them how to do that.
94% of dispensary staff reported that they give specific cannabis advice to patients, less than a quarter receive any medical or scientific training specific to their role, and 71% of dispensary employees reported they make specific cannabis recommendations based on their own experience (Huag, 2016). You know that cannabis is individualized, and the fastest growing consumer demographic of cannabis patients are seniors. We are doing a disservice to these vulnerable patients if a recommendation is based on someone else’s experience.
We have been so fortunate to work with dispensaries who have values that align with ours and focus on the patient experience and education. We have spoken with patients from all over the United States and understand what patients are looking for in a medical dispensary. So, we wanted to share these best practices with you. Consider these a freebie and let us know if you would like to hear more.
First and foremost, make it about the patient. When you visit your own physician, do they tell you what medication really helps them sleep or about their health issues? No, as soon as someone in a dispensary mentions what they use a particular chemovar for it becomes about them and the focus is taken off the patient. Have your staff try to be mindful of talking about themselves or what works for them and avoid making any claims that could be interpreted as medical guidance. It’s about the patient, not the staff. There will be patients who want to know what your staff likes and what is popular, so make sure your staff is trained to know what to listen for before making recommendations. Good ways to help your agents avoid what qualifies as medical advice is for them to say things like, “We’ve had several patients report good luck with relaxing using our XYZ strain, that might be something you want to think about.” rather than “Strain XYZ is great for relaxing! It’s for people who have anxiety.”
Give clear instructions on how to use the product. Not all patients will know they need a battery for a vape cartridge or that they can cut a piece of chocolate in quarters or halves. We get calls all the time from patients who purchased something they were told was a great product and have no idea how to use it or used too much and had a bad experience. We recently completed Dispensary Staff Training at a retail location in another state and one of the budtenders shared a story of accidentally ingesting 37 mg of THC instead of the 3 mg she wanted to. Needless to say, it was too much for her and she had a terrible day. If this can happen to someone who is familiar with the products, think about the likelihood of it happening to your patients. Next time you see us, ask us about the call we received about the burning rubber plug. Before that patient walks out the door the question needs to be “What questions do you have?” not “Do you have any questions?” and remember saying, “What else can I help you with?” is most-commonly answered with “nothing.”
Every patient that walks through that door should be recognized as a loyal customer, not a transaction. Customers are often overwhelmed when they come into a dispensary so teach your staff to meet the patient where they are at. We would love it if all patients received a review of the endocannabinoid system before they made their first purchase, but some patients aren’t ready and it may be several months after their first purchase before that education will take place. If they are only looking for a salve that day, great, but have your Wellness Specialist tell them to come back and let them know how it worked for them. That next visit may be the best time to discuss oils & tinctures.
Each time a patient comes in, send them home with a new piece of information. If a patient really liked the effects of the last chemovar they purchased it may be a good opportunity to teach them about beta-caryophyllene or if they have come in to purchase flower to make their own edibles, guide them to an online edibles dosage calculator. DHSS requires that you offer information about potential risks and side effects, so have your staff practice how to communicate this verbally for the time when it may be appropriate. “Wow! I learned something new today!” will keep them coming back for more.
Be selective with your sales and bundles. The customer wanting the salve above may really want to address their symptoms of arthritis and what better way than to offer a discount when a salve and oil are purchased at the same time. We know that for patients to really find an effective symptom-management plan it is going to take a variety of a few different products, with both long and short-acting methods of delivery. Please remember not everyone wants a pre-roll. Pre-rolls with a purchase are a great way to get those off the shelves, but for the patients who do not want to smoke, give them another option. “Sue,” a patient from another state called us because she had quickly grown frustrated with her cannabis experience which she had imagined would be much easier. New to cannabis and had never smoked anything in her life she first purchased a vape pen and was sold a discounted pre-roll. She was told what a great chemovar the pre-roll contained and she was anxious to try it. She took one inhalation and said never again. She didn’t like the taste, smell, or smoke. Next, she tried the vape pen, and this didn’t go much better. On her next trip to the dispensary she was sold a concentrate she referred to as RSO, because it was on sale. She said she followed the directions, but was still unable to get out of bed for two days. When she talked to us she was ready to give up because she had already invested too much money on products she would not use. After talking with us about her conditions and what might be worth her trying, she has found a product she is very pleased with.
Go beyond handicapped accessible entry. Teach your staff to recognize patients who are having a difficult time standing or have a mobility device. If there is a line outside, offer seating for these individuals and for patients with impaired hearing make sure your staff knows how to turn down the overhead music or offer a quiet room where the patient can sit and learn about the products.
Train your security too! With patients often waiting in lines and their first interaction possibly being with a security professional - ensure they have access to a menu and can explain the process of obtaining their medical card. Unfortunately, patients will show up without a medical card and your security team should be able to get them to the right place.
Lastly, remember that medical cannabis treatment is often very expensive and can cost patients several hundred dollars a month. To attract a variety of cannabis patients avoid overly luxurious décor and focus on providing an environment that is clean, welcoming, and comfortable.
If you are interested in learning more about the services Cannabis Care Team provides to dispensaries please check out this video.
Source: Huag, N., Kieschnick, D., Sottile, J., Babson, K., Vandrey, R., & Bonn-Miller, M. (2016). Training and practices of dispensary staff. Cannabis Cannabinoid Res, 1 (1), 244-251. Doi: 10.1089/can.2016.0024.
Wondering about the details of how Metrc compliance RFID tags work, or best practices for using it? see more
Metrc tips and best practices from the BryteMap team:
Wondering about the details of how Metrc compliance RFID tags work, or best practices for using it in your cannabis cultivation facility, outlined below are common RFID tag susceptibilities and overall best practices for cannabis plant and package tagging.
Once you’re comfortable with RFID best practices you will want to consider compliance tools like Scout a Metrc RFID mobile reader and software.
Growers are looking for ways to close the compliance loop and have real-time information about plants and inventory. Scout is proving itself invaluable as an RFID compliance tool in today’s increasingly competitive cannabis industry.
Mark Slaugh posted an articleThese essentials serve as a guide map to success beyond passing your initial inspection see more
By Mark Slaugh, IComply
When starting a cannabis business in a new market, operators often have more questions than clear answers.
Rules are subject to change, staff is inexperienced, and theoretical applications (literally) have to be put to the test in the real world, amid real economic forces, and against real competition.Normally, this means focusing on the build out of the operations, scrambling to interview and hire the right team, and executing in time to avoid being left behind. In our experience, ensuring that the ship is running smoothly after building it and crewing it is just as important to avoid catastrophe.
Missouri is an emerging market with a lot of potential, power, and speed to recreational marijuana sooner than later. This means turbulent seas and a fast-pace to exponential growth. This also means that the fundamentals of each cannabis business have to be solid to ride the waves to come. As such, iComply recommends focusing on these fundamentals in conjunction with the buildout of your licensed facility. These essentials serve as a guide map to success beyond passing your initial inspection, as the command and control infrastructure you’ll need to navigate your new multi million dollar business:
Measures and Management of ongoing Compliance
Firstly, compliance starts on paper. Literally. From facility designs, HR handbooks, employee training manuals, application representations and warranties, logs, forms, reports, and Standard Operating Procedures, no one can effectively and comprehensively manage operational compliance without ensuring the ongoing accuracy, continual management, and documented implementation of these vital control documents. We recommend focusing extensively on Standard Operating Procedures (SOPs) which act as living documents by which all other documentation, logs, forms, and training manuals are derived. Unfortunately, most cannabis operators pay little attention to their SOPs once written and let them sit on a shelf and gather dust until it's too late.
Inadequate SOPs that don’t cover nuances important to effective business management – let alone comprehensive compliance. Most commonly missing are procedures for Equipment Maintenance, Quality Assurance and Control, Sampling/Testing, Bookkeeping, and Onboarding/Off-boarding Procedures – just to name a few.
Unfortunately, most workers never read the rules and regulations and most now working in Missouri have NEVER WORKED IN REGULATED CANNABIS. Rules are written by and for attorneys, not as casual reading material for owners or managers, let alone average industry workers. However, every person with a badge licensed to work in your business is expected to know the rules and follow them.
It is essential that employees have rules broken down and taught to them in normal English. Corporate compliance training exists as a standard in most heavily regulated industries for a reason. Literally getting everyone on the same page teaches them the intuition and importance of adhering to SOPs, logs, forms, reports, and internal employee training. An infrastructure you have invested heavily on and is important to holding a level of accountability and risk mitigation for to protect workers, brand value to consumers, and the license.
No one has an excuse to not follow the rules once they learn them.
The lowest worker on the totem pole can shut down the business over a misunderstanding or mistake. The importance of effective and timely training becomes paramount to protecting your license and investment.
Compliance Measures and Management
Lastly, you must make sure your investment in processes and people endures over the course of time. If SOPs sit on the shelf and people forget their training expectations, you will not see an ROI on your compliance. Even worse, you’ll set yourself up for failure.
Simply put, third-party validation, transparency and insight become critical to keeping the train on the right track. You must ensure compliance continues and helps keep cannabis employees on their toes. More importantly, compliance is a living beast that must be fed, nurtured, and disciplined over time. You cannot effectively adjust your operational compliance controls and infrastructure if you don’t know where or how to do so.
In Missouri, the DHHS requires ongoing compliance management and daily reporting of inventory in electronic systems remotely monitored by regulators. State Seed-to-Sale tracking requirements in METRC mandate close monitoring and quarterly reconciliations at the very minimum. The State’s logic is sound on this to ensure accurate inventory reporting which allows cannabis companies to meet Federal and State compliance and ensure the prevention of cannabis diversion.
Managing compliance is much more complicated than counting inventory every once in a while - especially across a complex and complicated business with multiple people and moving parts. However, if done correctly, these measures ensure that when auditors perform more detrimental inspections, investigations, and audits, having your own paper trail helps to create defensible transparency and keep you out of trouble, proactively.
To find out more about protecting your business, visit www.icomplycannabis.com.
MoCannTrade members can enjoy a 10% discount on any purchase using the code MOCANN2020
CEO, iComply, LLC
Mr. Slaugh established iComply, LLC in 2011 to help cannabis businesses navigate the complexities of regulated marijuana. He provides the leadership and forward thinking that continues to set standards across the global industry.
ArticleWinning A License Takes A Monumental Effort, Is Your Security Compliance Planning Enough to Keep It?The urgency of the medical marijuana license application process has passed, but now license applica see more
By Det. Joe Patterson (Ret.) and Patrick Poston Esq.
The urgency of the medical marijuana license application process has passed, but now license applicants need to be focused on next steps to fully capitalize on this unique opportunity. There were nearly 2,300 applications for 348 medical marijuana licenses in Missouri with roughly 1 in 7 applicants securing a coveted license. The investment of time and money in business planning and application only to fail the commencement inspection and be denied the ability to operate could be catastrophic. Given the emphasis on security in the application process (20% of the overall application), security training and compliance are paramount to passing the commencement inspection and additional annual inspections.
Security requirements for cultivation, manufacturing, and dispensary facilities are detailed in 19 CSR 30-95.040(H). With respect to required security training, 19 CSR 30-95.040(H)(7) dictates each facility employs a Security Manager responsible for, inter alia (among other things), conducting a semiannual audit of security measures to ensure compliance and training employees on: security measures, emergency response, theft prevention and response within one (1) week of hiring and on an annual basis. Thus, it is critical licensees have a plan in place to ensure compliant security training of all new hires within 7 days as well as a policy to maintain training records for the commencement inspection (and subsequent inspections).
Additionally, 19 CSR 30-95.040(H)(8) mandates the Security Manager, any facility agents who provide security for the facility, and any third-party employees who provide security complete additional training in:
- Theft prevention or a related subject;
- Emergency response or a related subject;
- Appropriate use of force or a related subject that covers when the use of force is and is not necessary;
- Process of crime scene protection or a related subject;
- Control of access to protected areas of a facility or a related subject;
- Minimum of eight (8) hours of training at the facility in providing security services; and
- Minimum of eight (8) hours of classroom training in providing security services.
Of all states that have passed legislation allowing medical marijuana, Missouri is one of the most stringently regulated with a heightened emphasis on security. The state will have fourteen (14) or more DHSS inspectors to perform the commencement inspections and enact random annual inspections (announced or unannounced). With the financial implications at stake for license holders and investors, it is imperative licensees ensure effective security compliance.
Establishment of a comprehensive security training plan is the first step to capitalizing on this opportunity.
Every applicant group had to explicitly identify their Security Director on the application(s). In Missouri’s highly competitive application process, we expect to see many impressive resumes for the Security Director position. In many cases, it is highly likely the hand-selected Security Director had a long career in areas like corporate security, military service, or law enforcement. These individuals were presumably indispensable in building out your security plan. However, if these Security Directors are expecting to be more of an advisory position and not wanting to handle the minutia of the above outlined requirements, then hiring a Security Manager or contracting with a Security Management Firm is an option worth exploring.
Once licenses are awarded, there will be so much more for operating groups to do; finalizing real estate deals, applying for construction permits, solidifying strategic supply chain partnerships and so on.
Not a single one of these is more important than the other and many applicants come from backgrounds with experience in these activities. Nevertheless, security management and training are essential to maintain regulatory compliance, protection of your staff, your investment, and solidifying the Missouri cannabis industry as a legitimate and lucrative business.
What do you do if your group decides they would rather contract these responsibilities to a professional firm?
If you find yourself in need of a service provider for security management and training there are several Missouri based companies to assist you with not only these requirements, but also security equipment (cameras, lights, entry access, etc.), guard services, and many other security related matters.
No matter what your needs may be, you should properly vet all security personnel or firms based on past proven performance, knowledge of compliance regulations, and ability to deliver services properly. This may seem daunting but asking the right questions can you help vet security employees or contractors in order to find the true professionals.
Below is a brief list of questions any experienced security professional or firm should be excited to answer:
- What training and education background do you or your firm have as it relates to physical security experience?
- Do you or your firm have the required professional and businesses license to operate in the State of Missouri
- Are you and your firm insured?
- What type of facilities have you been responsible for in the past and can you provide references?
- Have you or your firm ever been defendants in civil litigation as it pertains to business or negligent security activities?
- What types of ongoing training do you or your firm conduct in order to stay up to date on regulatory updates and case law updates?
- What is the pricing structure of your services? (By the hour, monthly retainer, or something else).
- Is your group a member of the Missouri Medical Cannabis Trade Association?
Finally, the individual or group who wrote the security portion of your application should be consulted prior to signing any contracts with firms or hiring an individual Security Manager. The purpose of this is to ensure the contractor or individual has a working and proficient knowledge of DHSS regulations and that the security plan set forth in your application can be fulfilled as it was stated on the application. Remember, you have to make a good faith effort to accomplish what you said you would do on the application, falling short on what was placed on the application could put your license(s) in jeopardy.
Best of luck to everyone as we await licensure. We look forward to working with all involved to make the Missouri cannabis industry safe, professional, and profitable.
About the Authors:
Joe Patterson (Co-Founder/Chief Executive Officer) and Patrick Poston, Esq. (Chief Legal Officer) are from Ceres Management Group (Ceres MG) LLC. Ceres MG is a Missouri based firm that provides competitive application writing services, security program development, and security management for the Missouri Medical Cannabis Industry.
Ceres MG is a military and police veteran owned business with strong connections to statewide law enforcement and international security experience,
For more information, you can contact Joe Patterson via email at JPatterson@CeresMG.com