In the regulated cannabis sector, retail shrinkage is a concern as business owners must navigate tight regulations in an often cash-only environment combined with the usual causes of retail shrinkage, including theft and inefficient operations.
Retail shrinkage occurs when a company loses inventory from causes other than sales—and it’s a problem that costs companies $100 billion annually, according to the National Retail Federation’s (NRF) 2022 National Retail Security Survey (NRSS). The cannabis industry is not immune.
Utilizing Technology to Combat Retail Shrinkage
The 2022 survey estimates that 65% of inventory loss is due to theft, a trend that is expected to continue with the rising cost of goods. Other factors may include administrative and human error. Nearly half of the retail respondents reported an increase in technology spending to combat these threats.
In Q1 of 2023, Proteus 420, an online enterprise resource planning (ERP) system for highly regulated industries, including alcohol and cannabis, saw a substantial uptick in POS software requests, in part attributed to the need for additional automation and auditing tools in order to more easily and accurately monitor and control inventory.
In the cannabis industry, along with a challenging regulatory environment, retail businesses are facing declining sales. Loss prevention is where dispensaries can protect their bottom line with a targeted approach and the right system in place.
How can cannabis businesses do this? By avoiding antiquated spreadsheets and by having the ability to quickly analyze vast amounts of data. Business owners should be proactive and utilize technology, such as a quality ERP system, to mitigate risk and safeguard inventory.
When choosing a software provider, cannabis retailers should focus on systems that offer day-to-day support and emergency assistance, and systems that can seamlessly monitor employees, cash and inventory. Software, and employees who work with it, should also be able to track and trace compliance, identify suspicious transactions and look at data from multiple locations. Detailed reporting is crucial from a compliance perspective.
Loss Prevention Practices
Because cannabis is a heavy cash-only industry, having the right tools to monitor the physical cash as it moves through your business is necessary to prevent loss. This is done with cash drawer-specific transaction tracking, employee module access, and the ability to open and close drawers at the employee level.
Here are some of our top loss-prevention tips:
There should always be multiple eyes on cash and products. Managers and assistant managers should always verify counts of cash and products as a check and balance measure.
Make sure employee access to your POS or operational system is granulated. This means that different positions have varying levels of access and capabilities.
Have a solid inventory auditing process. To stay on top of this, make sure that your staff and system can do spot inventory audits and can track the audits long-term.
Have physical security measures in place. This can include security cameras and alarm systems and a dispensary designed to keep inventory strategically placed.
Build a workplace culture that empowers employees to feel ownership in their work and feel accountable for loss prevention in their This includes emphasizing the policies and procedures needed for loss prevention, including consequences for theft. This culture is not an overnight process but develops over time.
The Right Employees Make a Difference
In addition to the right technology and prevention practices, the first line of defense against product or cash loss is your employees. From your budtender to your general manager, you need to make sure the right people are in place in the correct positions for fair compensation.
Some questions you can ask yourself during the hiring process include:
Do they have the right experience for the position?
Are they motivated, flexible, detail-oriented, team players?
Are they passionate about cannabis and want a future in the industry?
Have you checked their references?
Things move fast in the cannabis sector – are they willing to learn new skills?
Once you have the right people, do they have the standard operating procedures (SOPs) needed to do their jobs? If not, it’s time to create them.
When it comes to loss-prevention, you must trust that your cannabis point-of-sale and operations ERP system will monitor and provide the needed reports. You can also make sure there are additional measures in place to prevent retail shrinkages, such as empowered employees and solid loss prevention practices so that your inventory and cash stay right where they belong until sold.
Despite the US making cannabis regulations challenging to navigate, the industry is snowballing toward profitability. New Jersey legalized adult use cannabis on April 21 this year. One month earlier, The Garden State began accepting applications for Class 5: Retailers, Dispensing and Delivery.
Regardless of what kind of retailer you operate —medical or adult use — it’s critical to know what you’re up against. The following are the most common risks we’ve watched cannabis retailers face daily in New Jersey, making a customized risk management strategy necessary.
Like other retailers, New Jersey cannabis retailers are vulnerable to theft. Unfortunately, theft can come from various angles, such as in-store, in-transit and insider crime. Besides cannabis retailers typically having a well-stocked inventory, it’s not uncommon for them to have more cash on hand than most other businesses.
Although the SAFE Banking Act could positively impact the cannabis industry, it’s in a notorious stall yet again. Briefly, the SAFE Banking Act would no longer allow financial institutions, such as banks and credit card companies, to refuse to do business with cannabis companies. However, cannabis retailers must operate in a cash-only environment, for now, forcing them to make bank runs multiple times a day. We probably don’t have to explain how enticing a significant inventory and fat bank bags look to criminals.
Since the onset of the global health crisis, the cyber liability landscape has nearly spun into a death spiral. In other words, cybercriminals sat on the edge of their seats during the pandemic, waiting to pounce on anything that looked slightly vulnerable. Remote workers, small businesses, and emerging industries were hard-hit.
It’s no surprise that New Jersey cannabis retailers face many cybersecurity risks through their point of sale (POS) systems. Additionally, retailers often gather and store personal information, such as email addresses, credit card numbers, shipping addresses, etc. Hackers and cybercriminals gravitate to this vital data rapidly.
In addition to the risk of theft, as mentioned above, cannabis retailers must protect their property from losses. Without adequate protection, damage to equipment or buildings could add up to high out-of-pocket costs. Consider the damage a weekend office fire or late-night vandalism would cause. If property damage occurs, retailers must figure out how to sustain business operations while recovering from the loss simultaneously. As a result, New Jersey retailers must protect their property and maintain business continuity.
How to Customize a Risk Management Strategy
Watch or listen to any news reports and there’s a decent chance that you’ll feel some slight sense of doom and gloom. And sure, a lot is going wrong in our world; however, that doesn’t need to impact how you perceive your businesses. Instead of casting a massive net over every possible risk that you can imagine, we recommend trying the following 5-step approach. Here’s the gist:
Identify: Pinpoint high-level risks that are specific to the cannabis industry. Then, let the process trickle down to focus on company-specific exposures.
Analyze: Determine how badly a particular risk could harm your retail company. How much will this hurt should the “what-ifs” play out?
Evaluate: Categorize risks according to how risk tolerant your company is. Will you avoid, transfer, mitigate or accept the risk?
Track: Use your history or the stats from a similar retailer to map out how you’ve handled the risk over time. Older retailers have an advantage over younger retailers, of course, but you can still get a feel for your risk management style.
Treat: Make good on your evaluation promises by avoiding, transferring, mitigating, or accepting the various risks you identified.
Recommended Insurance for New Jersey Retailers
The New Jersey Cannabis Regulatory Commission issued detailed requirements for new cannabis businesses. That said, part of the application requirements considered is the plan for companies to obtain liability insurance. Many new retailers opted for a “letter of commitment” as opposed to a certificate of insurance (COI), stating their plans for obtaining the following coverages:
Commercial general liability: Protects cannabis companies against basic business risks.
Product liability: Protects against claims alleging your product or service caused injury or damage.
Property: Reimburses cannabis companies for direct property losses.
Workers’ compensation: Covers employees if they are injured on the job and can no longer work.
In addition to the required insurance coverages, we recommend New Jersey retailers customize their risk management package with these policies:
Crime: Protects your cannabis company against specific money theft crimes.
Cyber: Protects your cannabis company against damages from specific electronic activities.
Directors & officers: Protects corporate directors’ and officers’ personal assets if they are sued.
Employment practices liability: Protects cannabis companies against employment-related lawsuits.
Professional liability: Protects cannabis companies against lawsuits of inferior work or service.
With more states in the US entering the marketplace soon, New Jersey is doing its fair share of the heavy lifting by spearheading the onboarding process. Remember, doing your due diligence at the start pays off in the long run — New Jersey retailers are proving that. Consider teaming with a commercial insurance broker calibrated to the cannabis industry, so you get the most out of your broker, marketplace and the cannabis industry as a whole.
Anyone in the cannabis industry is well aware that theft of crops can economically devastate a grower. Security is critical, and thankfully, growers and dispensaries have many tools available to protect their investment. There is simply no excuse for not having a solid security posture to keep your business in compliance, from public-private partnerships to advanced security tools – in fact, it’s required in most jurisdictions.
In 2020, nationwide cannabis sales increased 67%, and support for legal marijuana reached an all-time high of 68%. New Frontier Data found that U.S. legal cannabis market is projected to double to $41.5 billion by 2025.
The industry’s advancement impacts numerous areas such as job and tax revenue creation and providing a wide variety of valuable opportunities. For cannabis facilities to keep up with the market expansion and experience success, they must face two significant challenges: achieving adequate security and efficient business operations. Though both can be seen as separate concerns, growers and producers must merge processes and solutions to tackle the issue as a whole.
Along with rapid growth, dispensaries face traditional security risks, such as workplace violence and retail theft, while cybersecurity risks have also become more prevalent. These potential issues make it clear that the stakes are high, and as the potential impact on a business rises, the need for real-time, predictive response increases. Insider threats are another issue plaguing the industry when you look at the rate of theft, diversion and burglary that is attributable to employees.
The cannabis market is complex: it’s expanding rapidly, has to meet essential regulatory requirements and faces high-security risks. Therefore, security needs to be looked at holistically since it can be challenging to determine where a potential threat may originate.
With security top of mind, it is critical to move away from responsive behaviors and seek ways to manage security in a manner that gets ahead of threats, prevent them before they happen and respond to them in real-time. But does a grower or retailer have the time and expertise to manage all this while keeping an eye on how security affects the business?
Remote Security Operations
The ability to comply with government regulations and protect a valuable cannabis crop at all stages of its journey from seed to sale makes security systems a mission-critical asset for cannabis growers. Security operations centers create a safer and more productive environment and provide state-of-the-art tools to protect employees, retail locations and grow facilities. But some businesses in the cannabis market may not have the resources or space to have their centralized security operations, leading them to piece-meal security together or do the best with what they can afford at the time. Running these facilities can also be prohibitively expensive.
But new options take the process of security off the table. The business can focus on the growth of its core functions. Remote security operations services allow companies to take advantage of advanced security services typically only possible in larger enterprise environments. These services are offered on a subscription basis, delivered through the cloud, and are entirely customizable to detect risks unique to your business operations while saving each company significant expense.
Centralized security operations centers leverage intelligent tools, standard operating procedures and proven analytic methods to provide cannabis facilities with the information and guidance necessary to mitigate issues like retail or grow theft before they can have a significant impact.
The integrated, holistic response center staffed by experienced operators and security experts delivers a comprehensive security and regulatory compliance method. This approach is designed to provide complete data about what is happening across a cannabis business, from seed to sale, and how individual events can impact the company as a whole. As a result, stakeholders get the security intelligence they need, without the high overhead, personnel investments and complex daily management.
For those businesses in the cannabis market looking to supplement their security operations with other workforce but may not have the budget or infrastructure to do so, remote security operations services are something you should consider. With the experts handling all the heavy lifting, leaders can focus on growth. And, right now, in the cannabis industry, the sky is the limit in terms of opportunity.
Based on the recent string of cannabis thefts in Portland, Oregon, the spotlight is shining even brighter on the need for enhanced security measures at cannabis dispensaries throughout the country. According to the Oregon Liquor Control Commission, the Portland metro area alone has experienced more than 120 cannabis shop burglaries since March 2020, resulting in a reported total loss of more than $500,000 in cash and products.
Robbing a cannabis dispensary is as lucrative as robbing a bank. Cash is king in the shops until the Secure and Fair Enforcement (SAFE) Banking Act is passed to prohibit federal banking regulators from penalizing depository institutions that provide banking services to legitimate cannabis businesses. Until the Act is passed, it is widely known that all transactions must be done in cash—which makes cannabis dispensaries a prime target for thieves.
While many security protocols—such as product traceability systems and security cameras—are mandated by each individual state, dispensary owners should take measures to actively secure their product, protect their employees and preserve their businesses as theft increases.
One of the quickest and most cost-effective ways to fortify shop security is by implementing rolling security doors. After determining what level of security is needed, consider these four tips to help deter criminal activity and ensure the safety of both employees and products.
Tip 1 – Defend The Storefront
Designed to prevent against looting events and burglaries, heavy-duty rolling steel doors offer cannabis business owners robust security. They can be retrofitted into existing buildings, are exterior mounted and are ideal for storefront defense—including protecting glass windows, which can be expensive to replace. Unlike more common rolling grilles, thieves can’t see merchandise when the rolling door is lowered. In addition to the door giving the building a secure look, blocking sight access is key to deterring criminals.
Heavy-duty steel doors must also be lift- and pry-resistant. Manufacturers put the doors through rigorous testing, and some security doors even meet Department of Defense forced entry standards, which can provide up to an hour of protection against violent attacks against the door to gain entry. Look for rolling security doors that can withstand heavy impact and resist pry attempts with common tools, as well as doors that are lift resistant. Some manufacturers offer doors with robust slide locks and rigid heavy-duty bottom bars, enabling the doors to withstand up to 4,500 lbs of lifting effort.
Tip 2 – Protect While Allowing Visibility and Airflow
If product visibility is desired, but more robust security is needed at the storefront—beyond a security measure such as impact glass—a heavy-duty security grille is an excellent choice. Security grilles are easy to custom order and don’t require structural modifications to fit individual spaces. They are easily installed behind storefront glass, are compact enough to remain out of sight when not in use and require little maintenance.
It’s important to work with a manufacturer to select a rolling grille that provides dependable, increased security. Choose grille curtains with rods that are spaced closer together and have heavier links. Security grilles with these features are harder to lift and pry than standard rolling grilles.
Rolling security grilles are also an ideal solution to protect counters inside the dispensary. They can be easily concealed in small headspaces where there is limited ceiling room.
Tip 3 – Fortify A Store Within A Store
For cannabis dispensaries located within high-end retail shops, it is important to consider additional security measures to separate the dispensary from the rest of the store.
A store within a store may be subject to different hours of operation as states often dictate specific operating hours for cannabis dispensaries. Altered operating hours necessitate an easy way to secure only a small section of a larger store.
If aesthetics are of concern inside retail shops, a woven metal mesh grille will provide both beauty and security without imposing looks while securing cannabis products as customers browse throughout the store. Manufacturers offer a variety of patterns and even logo designs as a way to bring more creativity to a grille’s aesthetics—making them rolling pieces of art.
Tip 4 – Secure Deliverables
Dispensary owners sometimes overlook the fact that thieves target deliveries. Deliveries that are made at the back of the store or in receiving areas may be the most at risk. It is of utmost importance to be aware of how deliveries are timed, who is present during them, and how the product is handed off.
Robust rolling service doors provide the best security for delivery entrances and are more secure than traditional rolling sectional doors. Made from slats of formed galvanized steel, aluminum or stainless steel, these rolling doors are completely customizable to meet existing building designs and are ideal for areas with limited overhead room.
By closely evaluating the levels of security needed, the layout of the building and where deliveries take place, security updates and enhancements are easily implemented with the right rolling doors. Every door is made for a specific opening, so each one is custom-made for its application. Choose a knowledgeable manufacturer that will help determine which rolling closure suits the dispensary’s needs.
The cannabis industry is growing so quickly that even COVID-19 can’t slow it down. Before the pandemic, the industry amassed $13.6 billion in U.S. legal cannabis sales in 2019 – a figure that is expected to more than double to $30 billion in the next five years, according to New Frontier Data. In states where cannabis is legal for medical or recreational use, dispensaries have been deemed necessary, essential businesses – especially when it comes to calming stress and anxiety in our ever-changing times.
Cannabis legalization and newly budding dispensaries have expanded across the U.S., which may come with an unfortunate counterpart – a higher incidence of crime. Despite lower prices in states that have legalized cannabis, as compared to states where it is still illegal, theft has run rampant across grow operations, warehouses and, most often, dispensaries.
Dispensaries can be targeted more frequently. Robbers may perceive them as an easy target, because they are businesses that have larger amounts of cash on hand. Many dispensaries only accept cash because payment processors and financial institutions aren’t willing to work with them. This is primarily because cannabis is still deemed an illegal substance under federal law, and the actions of financial institutions are governed by federal, not state, laws. Once the Secure And Fair Enforcement (SAFE) Banking Act is approved, cannabis businesses will be able to work more easily with banks, in turn reducing the amount of cash on site and erasing the dollar signs in opportunistic thieves’ eyes.
However, cash isn’t the only high thieves seek when they break into dispensaries. There’s also the product itself. Protecting it – and providing peace of mind to the facilities’ owners and occupants – is a concern for dispensaries, grow operations and warehouses. Robbers are motivated by the opportunity to make even more fast cash through reselling the product found onsite.
To eliminate such easy targets, security requirements for the cannabis industry are a necessity. They are also involved, complicated, and vary from state to state. A number of security specifications apply between state laws and local ordinances. Inventory must be properly surveilled and managed at all stages of transportation and storage. Any discrepancies in inventory can result in large fines and other penalties. To aid in understanding security compliances, the National Cannabis Industry Association (NCIA), a national trade association, recommends that start-ups obtain attorneys to guide businesses through their state’s laws and regulations.
This is why, especially for new business owners, it is critical to consider the best, most advanced security solutions – especially when it comes to doors and points of egress – that are easily integrated into buildings during the design phase. These solutions protect the products, properties, and people throughout the cannabis supply chain.
Understanding State Security Regulations While there are no federally recognized security requirements for the cannabis industry, there are similar requirements across all states that have legalized cannabis, including:
Maintaining strict access control throughout the facility – this is especially important for grow operations and warehouses
Functional alarm systems
Documented standard operating procedures
Video surveillance systems – many states mandate very precise requirements, such as length of storage time and even video resolution specifications
Notifying appropriate regulatory agencies immediately or within a strict timeframe after a security incident or theft
Securing all records and record storage
While these are common, state-mandated security requirements, it is critically important to know and understand all rules, regulations, and laws concerning the industry within the business’s specific state. Making sure the business is compliant with all aspects of state laws for security and preventing violations, including the hefty financial penalties that can accompany them, is key.
States require cannabis facilities to implement sophisticated security features for several reasons. One of the most obvious is the fact that the industry supplies a high-value product and is a cash-intensive business. Integrating security features into the building can be a challenging task for architects and designers. To help tackle these challenges, manufacturers have introduced products to the cannabis industry, creating easier, more effective and aesthetically pleasing security solutions.
Integrated Designs For High Level Security Security shouldn’t be a constraint when considering design aesthetics. Certain elements can be discretely tucked away, including cameras and security doors by way of specifying a concealed rolling door, conveniently disguised in the ceiling during operating hours. These doors can even close under alarm eliminating the need for manual intervention. Other security measures, such as bullet resistant glass, are hidden in plain sight.
Untrustworthy employees, smash-and-grab thefts or meticulously planned heists mean secure building design is of the utmost importance. In order to have the most effective security, there needs to be design vision – a clear intent for incorporating advanced security into the facility, whether visible or not.
Suggested security measures include video surveillance around the outdoor perimeter of the property as well as inside the facility. Physical barriers, such as specialized entrance locking systems – including fingerprint-scanning biometric technology – and security doors that may also include intrusion detection and automatic closure systems are recommended. All systems may be paired with 24/7 visual monitoring by security personnel.
Many state regulations also require restricted access to specific areas within dispensaries, grow operations and warehouses, with employee names and activities logged for reference. These necessary measures aid in inventory monitoring and control, further reducing the likelihood of internal theft.
When specifying building security, it’s important for architects to consider what type of building they are designing. There are differences in providing security for dispensaries versus warehouses and grow operations. Dispensaries and storefronts are frequently out in the open and in locations that are well-known to consumers. Warehouses and grow operations are usually tucked out of the way, rarely publicized, and less noticeable.
Rolling Grilles And Doors Deter Dispensary Theft With a high-value product and cash on hand, dispensaries in particular have unique security challenges. And because they are retail businesses, egress and fire codes must be strictly adhered to, in addition to special security regulations.
In light of this, security doors require special consideration. They are necessary to provide secure protection against theft but shouldn’t distract from the architectural vision of the building or interior design.
Rolling security grilles are the ideal solution to protect the counter inside the dispensary and may also be ideal for the front of the store. They fit in small headspaces where there is limited ceiling room and can be easily concealed when not in use.
Even heavy-duty rolling doors used to protect the glass storefront of the dispensary and prevent intruders from entering the building’s dock area can be hidden when not in use. If building code allows, architects may specify a rolling door that coils up into the door’s header, residing behind an exterior soffit. These robust security doors’ lift-resistant bottom bars also can be obscured from sight.
Heavy-duty security doors at the front of the dispensary block sight access and provide a visual deterrent. They give the building a secured look when in use, but heavy-duty rolling doors don’t need to be imposing to customers during the dispensary’s operating hours.
Robust Visible Protection For Grow Operations And Warehouses
Grow operations and warehouses usually opt for more visible security doors to deter criminal activity. They also have different design considerations because of building layout and production needs. For instance, larger grow operations house plants and supplies which require heavy equipment to move throughout the facilities.
Heavy duty rolling security doors can be made with up to 12-gauge steel with interlocking slats and tamper resistant fasteners – making them stronger than standard garage doors. They provide high-end security at loading docks and limit access to restricted areas inside.
Rolling doors can also be used to block employee access to off-limits areas common in grow operations and warehouses. Because they are heavily reliant on utilities and infrastructure, such as water mains and humidity and temperature controls, warehouses and grow operations are ideal applications for rolling doors. If unauthorized personnel with ill intentions access these utility areas, it could spell disaster with ruined crops and damaged or unsafe products – turning into substantial financial losses. From a design standpoint, these doors do not need to be concealed. In fact, their visibility signals restricted access areas and hints at the security measures taken to protect these facilities.
Enhanced Security Features
Whether designing a dispensary, a grow operation facility, or a warehouse, rolling doors may be paired with automatic protection features to enhance the building’s security and help workers feel safe. These automatic closing systems allow the security doors to be immediately activated by a building alarm or the push of a panic button in emergency situations. The doors also feature advanced locking systems – some of which are hidden in non-traditional locations – providing further tamper resistance.
Some rolling door manufacturers offer in-house architectural design groups to guide architects and designers in choosing the ideal security doors. These groups can address and solve any design dilemmas that arise during the project. Every rolling door is built to a specific opening, making each product unique to that area of the project. Because of this customization, manufacturers can meet virtually any specification.
Meeting Insurance Requirements
Selecting the correct rolling door along with other advanced security features aids in meeting insurance requirements. Each insurance company has individual minimum-security conditions in its policy. Many insurance companies will not provide theft insurance if cannabis businesses do not have adequate security or cannot demonstrate they have it.
Planning Leads To Integrated Protection The technical and legal aspects of securing dispensaries, grow operations, and warehouses can be overwhelming and, at times, confusing. Legal counsel, state agencies, industry associations, and manufacturers encourage new cannabis businesses to use them as resources as they unravel the nuances of the industry’s security regulations.
By combining robust security features such as video surveillance, proper access controls, rolling doors or grilles and automatic closure systems, cannabis facilities can meet state and insurance requirements and deter theft. With thoughtful design consideration and planning, these security features also have the capabilities to seamlessly blend with interior and exterior design aesthetics.
As legalization of cannabis products from hemp to medical cannabis takes root across the U.S., there’s a growing need to understand and build good security practices. While many think of security as safeguarding assets like facilities and product, effective security does much more. It protects a business’ workers, providing them secure workplaces and incomes. Ideally, it reaches from supply chain to customers by ensuring consistently safe products.
To truly understand the value of this for a brand or for the industry as a whole, consider the opposite: the destructive effect – on a brand and on the industry at large – of unsafe or tampered product reaching customers, or of crimes occurring, just as the industry seeks to demonstrate its validity and benefits. Security is vital not only to individual farmers, processors or customers but to all who value what the industry brings to those who rely on CBD or medical cannabis products for their wellbeing.
Know the Threats.
Part of the learning process involves understanding the value of the product.Security is all about anticipating and reducing risks. These can include physical threats from natural sources – think flood, fire, tornado or crop fail – or from human threats. Human threats can arise from organized criminals, hackers, amateur thieves, vandals – or insiders.
As regulated industries, hemp and cannabis businesses also face risk of losses, which can be significant, from penalties ranging from fines to being shut down for non-compliance. While rules vary from state to state and continue to change, a disciplined approach to security is foundational to reducing risk at many levels. Rigorous operational processes must incorporate security that addresses risks at multiple points of access, transport and sale of products.
Learn the Rules.
In a rapidly evolving industry, one of the most important things producers can do is to learn. Security requirements vary by region and providers need to be aware of what is available. Get to know your state, local and federal resources for your operating area. California law, for example, specifies use of high-resolution video surveillance in dispensaries, while others do not.
Part of the learning process involves understanding the value of the product. With medicinal cannabis, it’s helpful to grasp both its commodity value and the street value that could make it attractive to thieves. In “Why Marijuana Plant Value is So Important for Adjusters,” Canadian Underwriter Magazine gave examples that indicate the size of losses that may occur in growing and processing operations:
“In the medical marijuana space, ClaimsPro has already seen losses primarily between $150,000 and $750,000. These losses, mostly on Vancouver Island, were for fire and water damage, as well as boiler machinery issues, physical damage to buildings and specialized greenhouse equipment, as well as extra expense and business interruption.”
The same article notes a claim over $20 million at another single flower greenhouse. Security needs to reflect what’s present on our premises.
Educating the community can reduce risk as well. Producers of industrial hemp may need to inform would-be thieves that what they are looking at is not street-valued product. To protect the crops, which are generally grown outdoors and do not require a full security detail, a best practice is simply posting signs on the property that say explicitly “No THC.”
Begin with a Risk Assessment.
Security begins with a professional evaluation of site vulnerabilities, examining key weaknesses that could be exploited by attackers. These include:
Monitoring access to the site is a foundational principle of security.
Design limited access points into the facility as well as prepare for possible facility breaches with perimeter access control, technological redundancies and ballistic glass for defensive architecture measures.
Look at route vulnerabilities as well.
Hedge site risk by not limiting your operation to a single site where one incident could wipe out an entire year’s crop.
The nature of threats is always changing. A 2018 Newsweek article described the struggles of legal cannabis farmers against illegal and potentially cartel-backed and violent operations in California. While a 2020 Business Insider report described indications that legalization was prompting some cartels to leave cannabis alone and move on to fentanyl and meth. “While Mexican drug cartels made their money predominantly from marijuana in past decades, the market has somewhat dissipated with the state-level legalization of cannabis in dozens of states across the US.”
Define Levels of Risk and Access.
The best security matches spending to risk in a commonsense way. Are you more at risk from the occasional smash and grab incident or is there reason to anticipate an organized assault? As in many industries, the greatest risk often comes from employee fraud or theft. Hiring carefully, paying fairly and training staff well are important to long term security.
How will the product be moved around within the facility and beyond it – and what staff are responsible for each part of the journey? Who can enter the cultivation areas and what protocols must they follow? On site staff should be trained on what to look for if they observe a security breach. Consider biometrics such as retinal scans, fingerprint scans or similar.
In cases where valuable product or cash is present, guards can play an important role. Harvest Connect uses only high-level former military or police officers in these roles, an approach recognized by many. Hunter Garth of Iron Protection Group notes they have “the ability to de-escalate a potentially harmful situation and the fortitude to see a mission through to completion, no matter what external circumstances may arise.”
Inventory and Transaction Controls
Inside threats from sloppy processes can be just as insidious as attacks. Poor tracking of inventory by Oregon’s legal cannabis producers made headlines in 2018 as The Oregonian reported, “U.S. Attorney Billy Williams told a large gathering that included Gov. Kate Brown, law enforcement officials and representatives of the cannabis industry that Oregon has an ‘identifiable and formidable overproduction and diversion problem.’’ Discipline, applied by state pressure but carried out by producers themselves, has begun to reduce the diversion of untracked product into the black market a year later.
Cannabis businesses need a professional approach to monitoring all product and money that moves through its systems. These operational processes can include time, date and attendance stamps on all inventory. Similarly, accounting systems and software must follow the highest professional standards. Lastly, when breaches occur, it is essential that fraud and theft are caught, eliminated and prosecuted as appropriate.
Nurturing an Emerging Industry
Security resources are an integral part of maintaining the integrity of a business’ supply chain. As the product moves from the fields to processing centers to consumers, purity assurance becomes an operational objective. Ultimately, protecting the product through secure and professional practices is the optimal way to serve customers, build a brand, and sustain the industry.
Did you know that the use of personal vehicles for transporting cannabis products is one of the most frequent claims in the cannabis industry? It surpasses property, product liability and even theft. Businesses are either unaware of the risks involved in using personal vehicles for transporting cannabis, or they aren’t taking them seriously enough.
Considering the strict statutes many states have placed on transporting cannabis should be reason alone to be more diligent. For example, the California Bureau of Cannabis Control’s proposed regulations require cannabis business owners to ensure their drivers have designated permits to transport the product. The state’s current legislation mandates inspections at any licensed premises, and requires employers to provide detailed tracking and schedules on the transport of product. Further, the state prohibits using minors to transport cannabis, and considers it a felony to do so.
Regulatory concerns, combined with the potential liabilities that could come from driver behavior, are keeping insurers from offering auto coverage to the cannabis industry. In fact, just four insurers currently offer the industry auto coverage, with premiums running as high as $17,000 per auto on average. It is important to note that personal auto insurance falls short because it doesn’t cover cargo loss.
Alternatively, because the stakes are so high, many companies are using courier services to transport cannabis product. But cargo insurance is still an issue. Without it, the care, custody and control of someone else’s products, and insurance limits are lacking. Even when the courier has cargo coverage, because they are delivering for multiple companies, the claims payout would have to be split amongst all the customers – likely below the value of your loss.
Consider the following best practices when transporting cannabis:
Conduct background checks/review DMV records. Uncovering any potential driver issues prior to hiring is critical. Look for previous DUIs or drug related history. Employees who might use product before getting behind the wheel are a significant danger to other drivers and a major liability to the employer. Even after hiring, be on alert for signs that indicate poor driving performance. Use check-in/check-out processes for all drivers, and conduct regular vehicle walk-arounds to look for scratches, dents or other damage that otherwise might be unreported to the employer.First, and most importantly, assess your risk mitigation options. Then, put processes in place as soon as possible to eliminate risk.
Implement quarterly driver training. Educate employees on proper procedures. While minor fender benders and sideswipe accidents are most common, even these can be costly if not handled properly. Once law enforcement get involved in an accident the car’s transportation of cannabis could become a secondary issue. Teach drivers how to handle accidents while on the scene, including informing law enforcement about the cargo and the employer.
Use unmarked vehicles. Drivers carrying a significant amount of product and/or cash are tempting targets for thieves. Company cars used for transporting product should be newer, and have no fleet serial numbers or anything identifying the company.
Require increased personal liability limits. If an employee is using their own personal vehicle for business purposes, the business owner should require that person carry more than minimum limits of personal liability. Ideally, they should have $300,000 or more, at an absolute minimum $100,000.
Get started now
First, and most importantly, assess your risk mitigation options. Then, put processes in place as soon as possible to eliminate risk. Secure the right insurance coverage, and ask your broker/underwriter to provide any additional recommendations to best mitigate your transportation, delivery, and cargo exposures.
As the cannabis industry continues to grow, demand for insurance products is also increasing. While insurers have been cautious about entering a market that carries the stigma of a Schedule I drug, the cannabis industry is clamoring for insurance coverage options tailored to meet the needs of key players— distributors, growers, processors and retail dispensaries.
The escalating need for insurance products tailored to these cannabis business sectors has not expedited an increase in coverage offerings. The slow entry of insurance carriers into the cannabis sector can be tied to a reluctance to insure an industry with emerging and often unknown risks. This will begin to change as more information becomes available on what loss ratio trends look like in the cannabis industry.
For now, there is a wait-and-see stance held by insurance carriers. This presents a major concern for cannabis-related businesses that are subject to risk at every stage of the supply chain, with particular exposure for theft, general liability, crop loss, and product liability.some degree of crime and theft coverage is needed for these enterprises to help manage the risks associated with a cash-based business
For cannabis companies, the use of paper currency is a huge part of their risk exposure. Federal banking regulations have limited these businesses to dealing mostly in cash, which makes them a prime target for crime and fraud. Currently, only one carrier will insure coverage for cash and theft risk, and the policy is limited to $1 million for most risks. This is inadequate coverage since many operators have more than that amount on-site.
In states with legislation legalizing cannabis, the cannabis sector will be able to move away from operating in cash if Congress passes the Secure and Fair Enforcement (SAFE) Banking Act, which would protect financial institutions from liability for federal prosecution that could arise from servicing cannabis-related businesses authorized under state law. Until banking regulations give the cannabis industry the ability to operate as legitimate businesses with the stability and safety that would deter criminal activity, some degree of crime and theft coverage is needed for these enterprises to help manage the risks associated with a cash-based business.
Cannabis-related businesses need the same general liability coverage as other businesses to protect their premises and operations from lawsuits involving public contact. However, standard general liability policies—which exclude Schedule I substances from coverage—were not created with cannabis businesses in mind. It is still difficult for these businesses to obtain adequate general liability as a result of the legal uncertainty associated with the industry.
Product liability exposures for cannabis businesses encompass a wide range of areas, including edibles, vaporizers, pesticides, mold/fungus, misrepresentation, label claims, breach of warranty, deceptive practices, and failure to warn.
A major area of exposure concerns accidents resulting from impairment. A cannabis cultivator, processor, distributor, or retailer potentially may be considered liable in the event a product defect results in injury after reasonable use or when label defects fail to warn users that a product may have psychoactive effects.
Another area of risk exposure involves products that contain THC, the psychoactive compound that gives cannabis users a high. As the number of THC-containing products such as edibles and tinctures increases, so does the potential exposure to product liability claims for manufacturers and retailers.
The California Cannabis Track-and-Trace (CCTT) system also has implications for product liability. The CCTT is a statewide system used to record the inventory and movement of cannabis and related products through the commercial supply chain. All state cannabis licensees, including those with licenses for cultivation, manufacturing, retail, distribution, testing labs and microbusinesses, are required to use this system. The product liability impact lies in its capacity to determine responsibility along the supply chain from seed to sale.
For example, if a plastic vape pen explodes, a product liability lawsuit could have repercussions for many touch points across the supply chain beyond the manufacturer of the pen–all of which can be identified through CCTT. Entities that touch cannabis products such as soil suppliers or delivery persons also have product liability risk exposure. Personal injury attorneys can find incident-related parties easily and determine liability. This makes it particularly important to add these parties to the policy as additional insureds to help reduce claims exposure.
Another area of concern for risk exposure is crop loss. Crop insurance is generally hard to obtain due to the significantly different nature of cannabis crops compared to traditional crops like corn or soybeans.
An indoor crop insurance policy covers cultivators when there is loss resulting from threats such as fire, theft, and sprinkler leakage. However, crop insurance policies generally do not cover losses resulting from mold, rot, disease, changes in climate, or fertilization issues. Many growers forgo this coverage and instead elect to absorb losses and regrow their crops.
Outdoor crop coverage is generally unavailable, or the cost is prohibitive. Any potential for writing outdoor crop insurance for the cannabis industry essentially disappeared as a result of the recent wildfires in California. These devastating fires highlighted the pressing need for property damage and business interruption coverage for growers and dispensaries and other downstream businesses whose supply was disrupted. This lack of available outdoor crop insurance is one of the more notable gaps in available cannabis business insurance coverage.
While cannabis businesses operating in states that have legalized medical and/or recreational cannabis use have challenges getting adequate insurance coverage, there is some good news on the insurance front for those in California. Last year, California’s insurance commissioner announced approval for carriers to offer insurance coverage specifically to cannabis businesses. The state also approved a cannabis business-owners policy (CannaBOP) program that provides a package policy containing both property and liability coverage for qualifying dispensaries, distributors, manufacturers, processors and storage facilities. Colorado is on the verge of being the second state to approve its version of a CannaBOP program.
While more insurance carriers are beginning to write cannabis coverage, the limited insurance options and policies with restrictive plans currently offered todaydo not meet the needs of the cannabis industry. Insurers must catch up to the coverage requirements of this sector by offering more options tailored to growers, retail dispensaries, processors and distributors with better terms and better pricing.
Portions of MJ Freeway’s source code were reportedly stolen and posted in Reddit threads as well as on Gitlab.com, a source code hosting website. On June 15th, the account “MJFreeway Open Source” was made on Gitlab.com, and portions of the source code were posted, but have since been taken down. Source code is essentially a list of commands of a program, the basis for making improvements and modifications to a software system. Source code can sometimes contain sensitive information. To be clear, MJ Freeway does not use an open source model; their source code is the basis of their traceability software. Open source is a tool that fosters public collaboration on software development, helping identify weaknesses or areas for improvement.
When asked to comment on the matter, MJ Freeway issued the following statement:
“Last week we discovered that someone had obtained an outdated portion of MJ Freeway’s source code. This incident has absolutely no impact on our systems or MJ Freeway services, and client and patient data is not at risk. While this theft poses no risk to our clients, patients, or business operations, we take any incident involving unauthorized access very seriously and have reported it to the Colorado Bureau of Investigation.
Unfortunately, it has come to our attention that our competitors are spreading inaccurate information about the incident, including baseless claims about SSL info and the potential for client data being compromised – neither of which is true. We encourage our customers to contact us directly with any questions they may have.
We follow or exceed all relevant industry security standards and are confident that we have the most robust security measures in our industry. None of our peers come close. However, we live in a world of determined cyber-criminals and we operate in a competitive environment. Success and size makes a company a bigger target for malicious actors, as other large companies also know. We will continue to investigate and take follow-up action as we learn more about this incident.”
On Sunday, June 18th, a user by the name of ‘techdudes420’ posted in the subreddit, r/weedbiz, a thread titled “MJFreeway goes open source.” The link for that post was the Gitlab.com page where MJ Freeway’s source code was published briefly. The same user then published a second reddit post the following day with the same link to the stolen code, but this time in the r/COents, a subreddit for the Colorado cannabis community. MJ Freeway is based in Denver. That post claimed the user found the stolen source code with a quick search and that the user was banned because of that. The moderator of the thread chimed in, saying they banned the user for posting the stolen code. “We received a takedown request from the software owner stating the code had been stolen and released without permission,” says the moderator. “After investigating the matter I reached the same conclusion and removed the thread.” The moderator then updated the comment shortly after: “Edit: As for OP [original poster] ‘finding’ the code, if that were true I don’t know why he or she would have created a new Reddit account just to post the link.”
In addition to their own cybersecurity analysis, a spokeswoman for MJ Freeway says they will be performing a third party audit and analysis this week as well. When that information becomes available, we will update this article.
Update: Multiple sources have reported that portions of MJ Freeway’s source code are still available online on torrent sites like PirateBay.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
We use tracking pixels that set your arrival time at our website, this is used as part of our anti-spam and security measures. Disabling this tracking pixel would disable some of our security measures, and is therefore considered necessary for the safe operation of the website. This tracking pixel is cleared from your system when you delete files in your history.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.