New Designation of Cartels as Terrorist Organizations: Growing Legal Risks and the Role of Strategic Due Diligence

This article was originally published on the LEC – Legal, Ethics, and Compliance blog.

 

Current Landscape: Recent Changes in the International Regulatory Approach

In an environment where legal, financial and reputational risks are constantly evolving, adopting a prevention strategy is no longer just a best practice, but a business necessity. The U.S. government’s recent Foreign Terrorist Organization (FTO) designations and associated regulatory actions reflect a global shift in key regulations, especially those affecting companies with a direct or indirect presence in Mexico and Latin America.

Therefore, a thorough understanding of who you do business with has become a strategic necessity to avoid penalties, operational losses and reputational risks. In this article, we explore how these measures can impact organizations and why having a proactive due diligence strategy is key to protecting your reputation and operational continuity.

 

Legal and Operational Implications for Companies with Ties in Mexico

This recent FTO designation represents an important expansion within the existing legal framework. Among the designated groups are the Sinaloa Cartel and the Jalisco New Generation Cartel (CJNG), groups with a strong presence in Mexican territory.

While many of these organizations had previously been classified as Transnational Criminal Organizations (TCOs)or were subject to sanctions by the Office of Foreign Assets Control (OFAC), this new FTO category opens the door to additional or complementary mechanisms for law enforcement and international cooperation.

For companies with operations in or links to Mexico, this designation increases the risk of legal exposure, particularly if any link in their value chain—suppliers, intermediaries or partners—maintains direct or indirect relationships with these organizations. The measure, backed by U.S. Executive Order 14157,¹ enables the Department of Justice (DOJ), under the Anti-Terrorism Act (ATA),² to exercise extraterritorial jurisdiction and pursue cases of “material support” (as defined in 18 U.S.C. §§ 2339A and 2339B), even when there is no malicious intent.

While OFAC’s sanctions regime already provided for financial penalties, as well as potential criminal and civil consequences for individuals or entities with ties to criminal organizations, the designation as an FTO introduces an additional legal basis under the ATA that gives the DOJ broader powers to pursue legal action, including the ability to enforce its jurisdiction extraterritorially, even when the link is indirect or unintentional. In addition, if there is a commercial or financial nexus with the U.S., systems such as the Terrorist Finance Tracking Program strengthen regulators’ ability to track and sanction financial movements associated with these entities.

In this context, companies must update their due diligence processes, strengthen their continuous monitoring and ensure the comprehensive visibility of those with whom they do business. It is not a matter of complying with regulations but of anticipating risks that increasingly transcend borders and are hidden in the gray areas of daily operations.

These legal implications do not occur in a vacuum. Measuring the scope of these criminal organizations is key to understanding how and where they operate, as well as how companies can be exposed to them.

According to InSight Crime’s profile of Mexico,³ states such as Baja California, Coahuila, Jalisco, Michoacán, Nuevo León, Sinaloa, Tamaulipas, and Zacatecas have a significant concentration of criminal groups. This presence is not new, but their recent designation as FTOs puts the spotlight on a key aspect: In certain regions, these groups operate as parallel structures to the state, controlling economic, social and even institutional aspects of local life.

For companies, this reinforces the need to evaluate not only their deals with actors of obvious risk but also possible indirect links, such as contracts with public or private entities operating in co-opted or vulnerable contexts. While these risks already existed, the current environment makes them more visible and potentially punishable. In this context, a lack of visibility can represent a real legal risk, even if the company is acting in good faith.

Importantly, these types of risks are not hypothetical. In a March 31, 2025, press release, OFAC announced sanctions on six individuals and seven entities linked to the Sinaloa Cartel, for their participation in an international money-laundering network. The entities, registered as legal companies in Mexico and Ecuador, operated as fronts that facilitated illicit operations in legitimate sectors.⁴ These types of structures can be integrated into formal supply chains without raising obvious red flags, underscoring the need for reputational analysis beyond traditional compliance.

 

Industries Vulnerable to New Routes and Methods of Organized Crime

A recently published report by the U.S. Office of the Director of National Intelligence (ODNI), which highlights the use of passenger vehicles and trailer transport by organized crime in Mexico,⁵ confirms that organized crime in certain regions of the country has reached a level of penetration similar to that of a parallel power structure. This report, which is part of ODNI’s annual threat assessment for 2025, reveals how cartels have managed to diversify their methods of transportation for drug trafficking and other illicit activities.

The report notes that these groups now control not only crime routes but also key logistic infrastructures in various regions, exponentially increasing the associated risks for companies operating in areas where these organizations have a high influence.

It is therefore essential that certain industries strengthen their prevention and third-party-assessment strategies regarding the risk involved in establishing business relationships with actors directly or indirectly linked to sanctioned or FTO-designated organizations. The most exposed sectors include the following:

• Logistics and cargo transport, especially companies that operate fleets or last-mile services that work in both directions between Mexico and the U.S., making them vulnerable to the movement of drugs and people.
• Parcel and courier services, which are exposed to the risk of inadvertently transporting illicit goods.
• The automotive sector, including workshops, distributors, and rental services, where vehicles can be used as a front.
• Cross-border trade and customs sectors, and companies with operations on the northern border, which have threats such as forged documents and contaminated trailers.
• Agribusiness and food transportation, which involve frequent use of refrigerated units on long routes, exposing them to the risk of being exploited for smuggling of people, weapons, and narcotics alongside legitimate products.
• Land tourism, such as bus lines and private transportation that crosses states or borders.

Organized crime has demonstrated the ability to infiltrate or take advantage of any weak link within these chains. Therefore, it is critical to implement due diligence mechanisms that are not limited to the initial evaluation of a third party but include geographic monitoring, reputational alerts and updated knowledge of the evolution of organized crime routes.

In addition to the operational risks on the ground, there is growing financial exposure for companies that use banking services connected to the U.S. system. These groups’ FTO designation strengthens the U.S. government’s ability to apply secondary sanctions to foreign entities that facilitate, even unintentionally, transactions with terrorist organizations. This risk affects both Mexican and international companies with operations or commercial ties in the country. Having visibility into beneficial owners, banking connections, and strategic partners is key to avoiding legal and reputational consequences.

 

Strategic Perspective: Key Recommendations Based on Our Expertise in Risk, Compliance, and Investigations

In this new scenario, having a robust and localized due diligence strategy becomes more relevant than ever. Establishing such a strategy involves strengthening existing compliance programs—including anti-corruption policies, anti–money laundering policies and third-party-assessment processes—and adapting these programs, policies and processes to address the new risks associated with FTOs.

Against this backdrop, companies must go beyond avoiding acts of corruption to take a deeper look at their business relationships, ownership structures, and geographic, and reputational exposure. Risk assessment becomes more complex and requires specialized tools, continuous monitoring and increased sensitivity to local risk.

In our experience, these are some of the key actions that we recommend implementing to face this environment with greater safety:

• Assess geographic and sectoral risks in areas with a high presence of organized crime through environmental analysis and risk maps developed by our Enterprise Security Risk Management (ESRM) team.⁶
• Identify indirect links of third parties with sanctioned persons or entities through reputational background investigations and Due Diligence (TPVS) services.⁷
• Continuously monitor suppliers, partners, and supply chains through our Compliance, Risk, and Diligence (CRD)⁸ solutions and local intelligence with continuous coverage in Mexico and Latin America.
• Proactively comply with international regulations by designing customized compliance programs developed by our Compliance and Regulatory (CR) experts.⁹

These actions allow companies to anticipate potential regulatory investigations, avoid risky relationships and protect their corporate reputation, especially in an international regulatory environment that places greater focus on operations in high-risk areas.

 

Prevention as the Cornerstone of a Sustainable Business Strategy

Having a comprehensive view of risk that combines local knowledge, deep reputational analysis and strategic monitoring allows organizations to anticipate problems before they become a crisis.

 

References:
¹ U.S. Department of State, Bureau of Counterterrorism. (February 20, 2025). Foreign terrorist organizations. Retrieved April 2025 from https://www.state.gov/foreign-terrorist-organizations/
² U.S. Department of Justice. (May 4, 2005). Fact sheet: Patriot Act provisions ready for reauthorization. Retrieved April 2025 from: https://www.justice.gov/archive/doj-espanol/pr/2005/April/05_opa_163_spanish.htm
³ InSight Crime. (January 19, 2024). Mexico profile. Retrieved April 2025 from https://insightcrime.org/mexico-organized-crime-news/mexico/#crim
⁴ U.S. Department of the Treasury. (March 31, 2025). Treasury sanctions criminal operators and money launderers for the notorious Sinaloa Cartel. Retrieved April 2025 from https://home.treasury.gov/news/press-releases/sb0064
⁵ Office of the Director of National Intelligence. (March 18, 2025). ATA 2025 unclassified report. Retrieved April 2025 from: https://www.dni.gov/files/ODNI/documents/assessments/ATA-2025-Unclassified-Report.pdf 
⁶ Kroll. (n.d.). Enterprise Security Risk Management (ESRM). Retrieved April 2025 from: https://www.kroll.com/en/services/enterprise-security-risk-management
⁷ Kroll. (n.d.). Third-Party and Vendor Screening Services. Retrieved April 2025 from: https://www.kroll.com/en/services/background-screening-market-intelligence-investigative-due-diligence/third-party-vendor-screening
⁸ Kroll. (n.d.). Compliance Risk and Diligence. Retrieved April 2025 from: https://www.kroll.com/en/services/investigations-diligence-and-compliance
⁹ Kroll. (n.d.). Compliance and Regulation. Retrieved April 2025 from: https://www.kroll.com/en/business-challenges/compliance-and-regulation