WSLCB compliance: coded gates vs operator-handed

Both call themselves 'WSLCB-compliant' on the website. Both are technically truthful. The difference shows up at 9:55pm on Saturday when a budtender about to ring up an under-21 sale either gets an audit-logged refusal-screen — or doesn't.

Not every WSLCB rule needs a gate — some are operator-side judgment calls (advertising decisions, hiring criteria, security planning). But the five below are mechanical enforcement points where a coded gate is straightforward and documentation-only is a known failure mode.

1. 1**Sale-to-minor (WAC 314-55-079).** The age-21 verification has to fire on every transaction with no soft-fail path. Manager override exists, requires PIN + reason + audit-log row. Coded gate refuses to add a flagged item to cart until ID is scanned + birth-date computed + 21+ confirmed.
2. 2**Industry-discount re-verify (WAC 314-55-095).** Industry-discount eligibility lapses every 90 days. Documentation-only puts the burden on the budtender to remember. Coded gate refuses the discount until the customer's last-verified date is < 90 days old.
3. 3**Lab-test passthrough (WAC 314-55-079 5% rule).** Retailers can pass through 5% of lab-test cost to consumers. Documentation-only says 'set this on each product.' Coded gate computes the passthrough at line-item time, validates the 5% ceiling, refuses any markup beyond it.
4. 4**Surveillance retention (WAC 314-55-082).** 30+ days of video retention required. Documentation-only puts a manager's spreadsheet between you and an inspection. Coded gate runs a nightly probe of the DVR/NVR retention window, writes an incident the moment retention drops below threshold.
5. 5**Manager-override audit (WAC 314-55-095 record-keeping).** Any manager-PIN override on a coded gate must write an audit-log row with actor + timestamp + reason. Documentation-only says 'managers should document overrides.' Coded gate refuses the override until the reason field is filled in — no shortcut path, no 'reason: see notes.'

Documentation-only compliance fails in predictable patterns. After two years of WSLCB inspection reports across our two stores, the patterns are remarkably consistent.

• **The new-hire pattern.** A budtender who started 3 weeks ago hasn't internalized rule X yet. The training module exists; the rule was covered in onboarding; the actual enforcement at the register is muscle memory the new hire hasn't built. A coded gate works on day 1; documentation only works on day 91.
• **The end-of-shift pattern.** Last sale of the night, manager already in the office counting cash. Budtender takes a shortcut they wouldn't take at 2pm. Documentation says 'no shortcuts.' Coded gate doesn't permit the shortcut.
• **The relationship pattern.** Customer is a regular. Budtender wants to do them a favor — skip the ID re-check, apply a discount that's 95 days old. Documentation says 'no exceptions.' Coded gate refuses the exception.
• **The rule-change pattern.** WSLCB updates a rule via Implementation Letter (IL). Documentation update has to land in the SOP binder + the training module + the operator chat group. Coded gate updates once, ships once, applies everywhere.

Not everything should be a coded gate. Some rules are inherently operator-judgment. Trying to code those creates platform brittleness without a compliance gain.

• **WAC 314-55-155 advertising rules.** Advertising decisions involve content judgment. The platform can flag risky language (efficacy claims, medical-advice language) but can't make the final call.
• **Premise-security planning.** WAC 314-55-082 requires the operator to have a security plan; the platform can hold the plan + verify retention windows, but the security framework itself is human-designed.
• **Hiring + termination decisions.** Manager-write-up assistant (per the v0.38 guide) helps document — but the decision to hire, write up, or terminate is a human responsibility.
• **Customer service exception calls.** When a customer has a legitimate edge case the rule doesn't anticipate, the operator handles it. The platform should make the exception easy to log; the platform should not pretend it can decide.

The cleanest line: code the gate where the rule is mechanical, document where it's judgment-based, and audit-log everything either way. WSLCB inspectors aren't asking 'did you have a manual.' They're asking 'show me the trail of every override in the past 36 months.' If you can produce that in 30 seconds, you pass; if you can't, you don't.