One of the most serious issues facing cannabis licensees, regulators, and the public is fraud.
The most common type of fraud is misreporting cannabis inventory, with management or employees either ignoring internal control and government regulations, or sidestepping them in the name of profit.
Fraud in compliance auditing relates mainly to the operations of the licensee, but also to fraudulent reporting on compliance issues. Instances of non-compliance with authorities may constitute deliberate misuse of a license to grow, process, or sell cannabis for improper benefits.
Improper benefits are advantages of a non-economic or economic nature gained by an intentional act by one or more individuals among management, those charged with governance, employees, or third parties.
Planning and factors that contribute to fraud include:
• Poor internal controls
• Management override of internal control
• Collusion between employees
• Collusion between employees and third parties
Some of the techniques used in identifying fraud are explained below.
Observation: Compliance officers/auditors may observe the extent to which the management and staff are complying with policies, procedures, and internal controls.
Observation may reveal a deficient control environment including a lack of ethics and integrity on the part of top management.
Inspection: Compliance officers/auditors may examine the record for processing large rounded amounts of raw cannabis and the yields.
Interviews: Compliance officers/auditors may interview top managers and key officials and note changes in management and employee behavior indicating deception, corruption, red flags, and other abnormal occurrences that indicate fraud.
Analytical reviews: Compliance officers/auditors compare production information from period to period to identify abnormal production data relationships.
Walk through: Compliance officers/auditors may trace an original source document through recording processes to test the reliability of the internal control systems and discover opportunity points for fraud.
In cases where the management does not give due importance to the irregularities identified, the risk of fraud is higher.
If and only if the compliance officer has irrefutable proof of fraud committed by management, they should contact an attorney.
The compliance officer should explain the situation, provide documentation, and ask the lawyer for the following:
• Guidance in preparing a document for the proper parties.
• Guidance on employment law to ensure the compliance officer is within their rights to report the information, and how to protect their job.
• Guidance on the proper parties to report the information to, and how to find them.
The attorney will find out from the state exactly to whom the license was issued.
There may be multiple stakeholders who should be apprised of the situation, but one or more of them may be involved.
The proper way to handle this is to give the information to every shareholder and all people on the license.
The compliance officer should contact the licensee and inform them of their findings.
If the licensee is not involved, generally they will tell the compliance officer to document everything in order to either fire/prosecute the alleged perpetrators, or if they are involved, they will either fire the compliance auditor, or try to explain it away.
In the event of the latter, the compliance auditor only has one choice — report it to regulators. Make sure you’re prepared for what you might find! ϖ