Metrc combines a software platform with radio frequency identification technology to track plants and cannabis products from seed to sale. The track-and-trace model quickly became adopted by dozens of states to regulate their cannabis markets over the years, becoming an important standard in the industry.
With government contracts in nineteen states and counting, Metrc has become an omnipresent fixture in the United States cannabis market. States work with Metrc to provide their market’s traceability software for the entire supply chain, which helps prevent diversion to the black market, offers security and safety, aids in recalls and regulatory compliance tools.
We sat down with Michael Johnson, CEO of Metrc, to discuss retail challenges, regulations, cybersecurity, compliance and more.
Aaron Green: What are the major compliance challenges retailers face?
Michael Johnson: Major compliance challenges that retailers face will vary from state to state, however, we do see common themes across state lines. Financial services, for instance, has been a historical industry hurdle, as most big banks and credit card companies deny access to their network, making it difficult for retailers across the board – from bank account setup to limited customer and patient payment options to security issues when managing a cash-only retail business. The tides are starting to change with more credit unions and state-chartered banks opening their doors to the industry, along with new payment technologies for consumers to use instead of cash.
We also see common operational challenges, including inventory management issues due to human error, lack of consistent quality assurance, and product theft. Retailers regularly face strict packaging, labeling, and product safety laws along with requirements for public health, storage and sanitation procedures and additional layers of security and surveillance.
Finally, access to compliant and retail-friendly technology systems is important as it can have a major operational impact. If a retailer can choose, selecting the right platform will manage all their operational needs – from ID-scanning at check-in to inventory management to banking – while properly integrating with their state’s track-and-trace technology. That’s a major benefit and one that Flowhub brings to the industry, alongside Metrc.
Aaron: How does compliance for retailers differ from cultivators and manufacturers?
Michael: It is important to note that proactive compliance sits at the center of cannabis regulation. Not only does it ensure the maintenance of license(s) and overall businesses, it helps expand and enhance the industry as a whole. As a highly regulated sector, transparent and consistent compliance initiatives provide the necessary foundation for a safe and secure environment, strengthening all levels of the supply chain and the industry at large.
All industry players must adhere to specific licensing and documentation requirements – an expired or illegal license may lead to serious fines and carries the potential of losing the business. In a handful of states, employees may need a license as well. Real estate also comes into play for all license holders, with special cannabis zoning restrictions, such as requiring distance limits between select institutions.
Since retailers are customer- and/or patient-facing, they may experience unique operational requirements compared to cultivators and manufacturers, including ID-checking policies, customer or patient delivery laws, additional packaging and labeling rules, strict dispensation regulations, in-store and on-shelf product placement, retail signage, and product promotion rules, and more.
Just like retail, cultivation and manufacturing compliance will also vary across states, but with a host of additional compliance requirements to keep in mind – for example, biological, chemical, and physical hazards are something that play a larger role at facility operations, which are subject to Occupational Safety and Health Administration (OSHA) rules. Other compliance issues to highlight on the cultivation and manufacturing side include state requirements on inventory reporting, security patrols, waste removal, and meticulous logging.
Aaron: What is your process for evaluating vendor integrations?
Michael: At Metrc, we maintain an efficient and consistent process for evaluating vendor integrations – an example of our commitment to ensuring the safety and security of legal cannabis markets.
First, integrators petition access into specific instance(s) by filling out a form with their basic information (business name, software name, contact info, etc.), along with any state-required agreements that must be signed. The integrator is then given a set of steps to perform in each instance requested. The steps provided are then evaluated by our API Support team. When all steps are performed accurately, the integrator is added into production and an API key is generated for their use. Licensees must also issue the TPI a User API key to gain access to the API. Overall, the process is a combination of meeting state, Metrc, and licensee requirements.
Aaron: Can you address the cybersecurity landscape METRC faces? What is METRC’s process for dealing with cybersecurity threats?
Michael: Cybersecurity threats are shared across industries and although not unique to Metrc or the cannabis sector, cybersecurity threats and the value of data continues to change. Maintaining strict safeguards around data privacy and the security is a top priority at Metrc and we keep a constant pulse on changes in the cybersecurity landscape, to maintain this safeguard for our customers, industry users, and Metrc as a whole.
Aaron: What trends in cannabis regulation are you following?
Michael: cannabis rules and regulations are ever evolving, which is why it is vitally important for anyone in the industry to stay up to date. Examples of some we are following closely at Metrc include the SAFE Banking Act, Marijuana Opportunity Reinvestment and Expungement (MORE) Act, and cannabis Administration Opportunity Act (CAOA); and more generally federal legalization, public health protection, and environmental regulations.
Aaron: What’s next for METRC?
Michael: We continue to expand our customer and user feedback loop to ensure our roadmap meets the unique needs of markets and an overall evolving industry/regulatory landscape. Examples include continued performance improvements, more robust analytics capabilities, user-driven functionality updates, and exploring the design of a more sustainable RFID tag.