ComplianceMike Berardi·6 min read·2026-05-02

The real cost of non-compliance: case studies

Three real-world compliance failures and what they cost. Not theory. Actual fines, lost revenue, and lessons learned.

ComplianceCase StudyFinesRisk Management

Compliance is not an abstract risk. It is a concrete, measurable cost that shows up on your P&L as fines, legal fees, lost revenue during suspensions, and higher insurance premiums. We have worked with operators who survived violations and operators who did not. Here are three real cases — anonymized, but accurate — that illustrate what happens when compliance fails.

Case 1: The $47,000 METRC gap

A California dispensary failed to sync sales to METRC for 11 days due to an API credential rotation that their IT vendor handled poorly. The DCC discovered the gap during a routine audit. The fine was $30,000. Legal fees to negotiate the settlement were $12,000. The shop also had to pay a compliance consultant $5,000 to reconstruct the missing reports manually. Total cost: $47,000. Root cause: a 15-minute credential update that nobody monitored.

Case 2: The phantom inventory audit

A Colorado shop consistently coded inventory adjustments as "other" instead of using MED-required reason codes. During an inspection, the auditor flagged 200 adjustments over six months with no valid reason. The MED issued a $15,000 fine and required the shop to hire a third-party inventory auditor at $8,000. Worse, the shop was placed on a one-year probationary license, which made expansion financing impossible. Total cost: $23,000 plus lost growth opportunity.

Case 3: The delivery manifest failure

A Nevada dispensary's delivery driver left the shop with an incomplete manifest. The driver was pulled over for a traffic violation, and the officer noticed the manifest was missing a package. The shop was cited for transport of cannabis without proper documentation. The fine was $10,000. The delivery license was suspended for 30 days. Revenue loss from suspended delivery during the busiest month of the year: approximately $80,000. Total cost: $90,000.

The common thread

In every case, the violation was preventable with better systems. Credential rotation should be monitored. Reason codes should be enforced at the point of entry. Manifests should be validated before dispatch. The operators who got burned were not careless. They were under-systemed. They relied on manual checks, memory, and goodwill instead of software that enforces compliance automatically.

How to build a compliance culture

  • Make compliance the default, not a choice. Your POS should block non-compliant actions.
  • Review variance reports weekly, not monthly. Catch drift before it becomes a violation.
  • Train employees on why compliance matters, not just what the rules are.
  • Invest in compliance technology that pays for itself by preventing one fine.

Need a compliance checklist for your state?

We built a free, state-by-state checklist that covers METRC setup, audit-log requirements, and delivery manifest rules. Get it in your inbox.

Get a free state-by-state compliance checklist →

Related articles

Technology·7 min read

METRC API integration: a builder's guide

Per-state METRC variants, rate-limit traps, license-type permissions, and what "native integration" actually means versus middleware.

Technology·8 min read

Choosing a cannabis POS by state: 2026 buyer's guide

No POS is best for every state. Here is how to filter the field based on real regulatory requirements in California, Colorado, Florida, Washington, New York, and Illinois.

Technology·9 min read

Multi-state operator data architecture: what we'd build today

MSOs face schema fragmentation, unit conversion, and cross-state compliance reporting. Here is the data model we would use to solve all three.

Back to all articles