Fast-evolving enforcement priorities have placed Mexico and other jurisdictions in Latin America at the center of a new and aggressive regulatory posture—one that demands the immediate attention of every multinational executive, compliance officer, and risk manager.
The risks of doing business in Mexico in 2025—and other countries with significant cartel activity—now resemble the profile of operating in Syria and Afghanistan. These and other jurisdictions where US-designated terrorist organizations, known as Foreign Terrorist Organizations, or FTOs, hold government authority and commercial influence require meticulous risk mitigation measures.
Imagine the following scenarios:
- Your company’s routine payments to local “vendors” in Mexico to ensure “security” of your local operations—long considered a cost of doing business—are suddenly reclassified as material support of a terrorist organization. Overnight, your board and senior executives face criminal exposure under US national security laws.
- A wire transfer lands in a supplier’s Mexican account, recently designated as supporting cartel activity. Your bank uncovers the transfer and triggers an immediate freeze on payments to the supplier, halting your supply chain and leaving millions of dollars in goods stranded at the border. Regulators demand a full accounting of this critical relationship, sending your compliance team scrambling.
- Federal agents arrive at your headquarters with a subpoena, investigating whether your company’s logistics agents have made payments at the Mexican port in Manzanillo to groups facilitating fentanyl trafficking under the guise of customs fees. The media reports this development, and your stock price plummets.
These are no longer far-fetched hypotheticals. They reflect a rapidly evolving enforcement landscape in which US agencies such as the Department of Justice and the Office of Foreign Assets Control increasingly treat cartel-linked activity as a national security threat, elevating the pace and scope of enforcement. Border security tactics now incorporate the rhetoric and consequences of terrorism financing, sanctions violations, and transnational organized crime.
Practical Steps
In this new environment, proactive risk management is essential. Here is what companies should do to ensure they are well-positioned to handle any number of scenarios related to their business dealings with Mexico.
Comprehensive risk assessments. Shift the mindset on risk exposure by treating Mexico like high-risk nations where FTOs are known to operate, such as Syria or Afghanistan. This means conducting thorough risk assessments, including engaging local personnel who understand the nuances of the operating environment.
Training. Awareness and vigilance are the best defenses in a rapidly changing environment, so train staff widely and regularly on emerging risks. Also consider whether there are vendors, distributors, or service providers who present sufficient risk to merit targeted training.
Third-party due diligence. Review and update third-party due diligence procedures, ensuring that cartel-related risks are appropriately reflected in third-party risk ratings. Pay particular attention to due diligence for suppliers, distributors, freight forwarders, and financial institutions. Don’t overlook the potential risks associated with local labor unions. These relationships can be a vector for exposure to cartel-linked activity.
It’s essential to be confident that existing processes will catch a newly designated entity (e.g., are you continuously screening on an automated schedule?) and that the diligence process focuses enough on beneficial ownership, key relationships, and capabilities/background to catch red flags.
Enhanced auditing. Consider whether increased auditing and monitoring of key supply chain, distributor, and service provider relationships is necessary. Are you regularly asking major suppliers about security payments? Are you continuously monitoring investigations and allegations regarding critical distributor relationships?
Lookbacks. Don’t get caught unaware of prior conduct that may raise future inquiries. Conduct lookbacks on past transactions involving designated Mexican banks or other entities that trigger revised risk ratings in the current environment.
Account matching. A major risk area for cartel-related risks is black market currency exchange activity, commonly referred to as the Black Market Peso Exchange. Specifically, confirm that there are financial controls to flag and vet inconsistencies between the names and jurisdictions on third-party accounts sending or making payments and the names of the contracting entities.
Payments in these instances will typically come from unconnected third-party accounts or in cash or cash equivalents. Accepting or facilitating such payments carries significant risks given the frequency with which cartels launder criminal proceeds through corporate accounts.
Security policies: no room for ambiguity. Ensure all security policies unambiguously prohibit payments to cartels or other designated organizations. Even implied leeway in policies that allow for ransoms or personal safety-related payments can be a costly mistake.
Port and supply chain activities. Scrutinize activities involving Mexican ports, especially those known to be controlled by cartels. Ensure third-party logistics firms are adequately vetted, subject to clear policies and procedures regarding engaging with cartels, and consider training for key logistics relationships.
Business resiliency. Where political volatility may jeopardize supply chains and other critical relationships, it’s especially wise to build continuity into compliance risk analysis. As has become typical for businesses exposed to jurisdictions presenting volatile sanctions risks such as Russia and China, operations in Mexico and other Latin American regions with significant cartel activity now demand a secondary plan in the event of an unexpected investigation, sanctions designation, or account closure.
Reconsider voluntary disclosure posture. The DOJ’s updated policies offer strong assurances for prosecutorial discretion in cases of certain self-reported violations, including a more predictable path to declinations of prosecution for companies that voluntarily self-disclose. These declinations may serve as a strategic option for mitigating long-tail enforcement risk.
For global businesses, the challenge isn’t just to keep up, but to stay ahead. Dedicating resources to monitor developments and compliance procedures is imperative to effectively meet this moment.
The Rio Grande is more than a border; it’s a dividing line between old assumptions and new realities. Are you ready to cross it?
This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law, Bloomberg Tax, and Bloomberg Government, or its owners.
Author Information
Tara McGrath is partner at Perkins Coie and brings decades of experience in strategic legal counsel.
Jamie Schafer is partner at Perkins Coie and represents clients in criminal and regulatory matters.
Sydney Veatch is an associate at Perkins Coie and represents clients in criminal and regulatory enforcement proceedings.
Write for Us: Author Guidelines
To contact the editors responsible for this story:
Learn more about Bloomberg Law or Log In to keep reading:
Learn About Bloomberg Law
AI-powered legal analytics, workflow tools and premium legal & business news.
Already a subscriber?
Log in to keep reading or access research tools.