Tips & Tricks

Compliance is not a Cost Center: Finding value in non-revenue functions

January 23, 2023
 Min Read
Ben Allmand
Principle @ Prospice Consulting

We’re not even 4 weeks into the new year, and it feels like we are already landing on a consensus for what 2023 will be to the cannabis industry: rough. 

Layoff rounds that began late last year have continued. Legislative relief some operators had hoped for, such as SAFE Banking, didn’t pass. We hear regular stories of operators shutting down, or selling licenses for a smile just to get out of some of the more mature markets. Pricing compression, oversaturation, did I mention the macro economy is teetering on the edge of recession? When I talk to experienced operators the conversation is always similar; most are in wait and see mode attempting to read the tea leaves as to whether this industry can possibly support us all.  

All of which leads to a singular conclusion: 2023 is a year to batten down the hatches and fight for survival. Tough decisions are coming. For many, survival will be determined by the planning and execution of these decisions.

One of the biggest unforced errors you can make for your cannabis business in 2023 is to look at Compliance and Risk Management as a Cost Center.

Compliance as a Cost Center

Anyone who has spent a week in the industry has heard about the “Cost of Compliance”.  Seed-to-Sale and tag requirements, manifesting and inventory tracking, cameras and access controls, etc.  The nascency and politicized nature of cannabis regulation has certainly generated cumbersome red tape for all operators.  

The teams that build and manage these structures are also burdened by the stark reality that they have no means of generating revenue.  Combine those two facts, and we often see companies that look at these functions as a drag on profitability.  In an environment like this – that naturally puts them on the forefront of discussions when it comes to shrinking budgets.  

If this is all sounding familiar to you – let’s take a pause and consider the ways Compliance and Risk Management systems help in a tightening environment – and pivot our thinking to see these functions as tools that help us secure our revenue plan, rather than drags against it.


Start with your Culture of Compliance.  Operating teams will inevitably be under new pressures this year. Most will be asked to do more with less.  Many will lose some teammates. Others will have leadership restructures.  

Under these new pressures – problems are inevitable.  An employee taking on a new process with limited training will make mistakes.  Some will naturally become disengaged and feel less motivation to follow guidance. A facility pushing for a stretch goal with a skeleton crew will find ways to cut corners to meet plan, etc.  When people are under pressure, they act differently, this is human nature.  

If you enter this reality while simultaneously paring back your guardrails, you’re asking for trouble.  Employee accidents, failed production batches, regulatory holds, potential recall/withdrawal, fines and deficiencies, issues with looping or minor sales, plus the lost productivity and reputation damage they inflict.  

What would any of the above cost you? It’s more than you spend on the checks and balances, systems and structure, and continuous improvement to keep you in line.  Your Compliance and Risk Managers are a net positive simply by developing and enforcing standards.


A leading play this year will be to look at process automation and systemization.  This is an important piece of the maturation of the industry and will be paramount to some operators being able to keep the lights on.  However, a tool is only as good as the user.

Who within your organization is going to ensure the tool meets all your regulatory requirements?   Who will build the operating structure around it? SOP’s, audit trail, reporting cadence.   We’ve all heard stories of operators getting into hot water because a tool didn’t do what it was supposed to.  “They told us it worked” isn’t going to fly.  Your Risk Managers are the conduit to compliant and successful tool implementation – allowing you to automate and cut costs out of your business, without opening yourself to additional downside. 


Does the success of your 2023 plan hinge on opening or scaling a new facility?  Maybe it’s a new product offering? Maybe it’s expanding an existing line with new flavors or SKU’s?  If your plan involves expansion of any variety, you inevitably have target dates built into your revenue plan for when those things will happen.

Who keeps the integrity of those target dates?  Meaning - who within your organization provides the regulatory review to verify Compliance of submissions, ensuring minimal rework and resubmission?  Who has the relationship with the regulatory bodies that provide approval? Who can provide a realistic regulatory approval timeline by market to help structure the project and manage expectations?

Choosing to eliminate those functions and the institutional knowledge they carry will throw the process into chaos and risk missing your target dates.  What is a lost month of a new processing facility worth to your goals?  I imagine it's more than enough to justify the Compliance management.

3rd Party Costs

The unforeseen is, well… unforeseen.  But that doesn’t make it free.  In any of the above instances,  you have a high likelihood of finding yourself in conversation with a regulator when something goes sideways.  Absent an in-house expert, where do you turn for defense?  

Most will be looking to hire an outside counsel.  If the issue is hyper-specific – environmental, engineering, etc. you will probably be paying a 3rd party consultant in that field.  Those costs add up quickly.

Having an in-house Compliance and Risk Management cuts down on the probability you will need to enlist such services in the first place.  In the event it arises anyway – that in-house expert is going to be able to guide a more pointed conversation, handle document collection/generation and other internal tasks themselves; generally running a more cost-effective relationship with that outside source. 


These are just the obvious “tip of the iceberg” issues, but the core concept is obvious; when you make large changes to your business, you open yourself up to new and unforeseen risks. Making such moves without the requisite controls can be fatal in this environment. Instead, properly utilize Compliance and Risk Management professionals and tools to manage that risk and ensure that your budget strategy goes to plan.  

Compliance and Risk Management are your revenue and profitability insurance plan, not a Cost Center.

Check Out Our Recent Blog Posts

View All

Where are You Located?

Do you have over 15 employees?

  Yes      No

Are you operating in multiple states?

  Yes      No

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.