Increased US Government Enforcement Targeting Companies Linked to Mexican Cartels Presents New Challenges for White-Collar Lawyers in Florida and Underscores a Need for Increased Compliance Measures 

Introduction

Historically, white-collar crime has been regarded mostly as separate from offences associated with drug cartels, which were typically categorised as organised and violent crimes. However, the US government’s recent designation of major drug cartels as Foreign Terrorist Organizations (FTOs) and Specially Designated Global Terrorists (SDGTs) has blurred these distinctions and marks an unexpected paradigm shift in the approach to white-collar enforcement, especially for companies operating in Mexico, where most of these cartels have a strong presence. This development is formalised by Executive Order 14157 issued by President Donald Trump on 20 January 2025, and reinforced by a Department of Justice Memorandum dated 12 May 2026, titled “Focus, Fairness, and Efficiency in the Fight Against White-Collar Crime.” Both reflect that pursuing cartels has become a top priority for US authorities, which have significantly increased resources dedicated to investigating and prosecuting these organisations and those who facilitate their illegal activities. Importantly, as further discussed below, companies do not have to knowingly facilitate or support cartels to face liability.

Florida lawyers have seen more subpoenas, investigations, and other enforcement actions involving companies, particularly financial institutions, associated with Mexican drug cartels. It is not surprising that Florida, a hub for international companies in many industries with strong business ties to Latin America, is one of the first states to witness implementation of the new directive from the US government. For white-collar attorneys this means tackling this work with a different lens. The enforcement emphasis on companies deemed to facilitate drug cartels’ activities, even without direct knowledge, is complex and can have catastrophic implications for businesses. Thus, an approach that encompasses collaborating with cross-border lawyers, understanding traditional white-collar crime and other specialised areas of expertise, such as Office of Foreign Assets Control (OFAC) sanctions and the Antiterrorism and Effective Death Penalty Act of 1996 (AEDPA), as well as having a command of the legal and practical challenges international companies are facing to assist with compliance efforts, is critical.

For multinational corporations, particularly those operating in regions known to have a cartel presence, these designations create unprecedented compliance challenges. The broad reach of US anti-terrorism laws means that even inadvertent transactions with designated cartels or their associated (“front”) companies may result in direct consequences, as such interactions typically carry more severe penalties than most white-collar crimes.

This article provides a summary of the legal framework activated by these designations and offers practical guidance for attorneys and companies seeking to navigate this complex new reality.

Part I: legal framework

OFAC sanctions

The most immediate consequence of the new designations is the application of the US sanctions programmes for terrorist organisations administered by OFAC. Cartels designated under Executive Order 14157 become subject to the already existing sanctions programmes established by Executive Order 13224, which was originally issued to address the 11 September 2001 terrorist attacks.

The sanctions applicable to designated cartels are blocking sanctions, the most severe type contemplated under US law. These sanctions categorically prohibit any transaction that involves, directly or indirectly, a designated cartel. Additionally, any person or entity possessing assets belonging to cartels must freeze (ie, block) such assets and make them available to OFAC. The regulatory definition of “assets” is remarkably expansive, encompassing all property and interests in property, whether tangible or intangible, present or future.

The jurisdictional reach of OFAC sanctions extends broadly across two categories of persons and entities. First, all US persons and entities are directly bound by these prohibitions, regardless of where in the world they conduct their activities. Second, non-US persons and entities become subject to these sanctions when they violate them while acting within US territory, conspire with US persons to violate sanctions, or cause a US person to violate sanctions. The jurisdictional requirements for this second category are satisfied by minimal contact with the United States. A wire transfer passing through a US bank or an email transmitted through servers located in the United States can be sufficient to establish jurisdiction.

Violations of OFAC sanctions can result in both criminal and civil penalties. Criminal liability requires proof of a wilful violation ‒ that is, the person or entity acted with knowledge that the transaction involved a designated cartel and that such transaction was prohibited by law. Criminal penalties include fines up to USD1 million per violation and, for individuals, imprisonment of up to 20 years. Civil liability under OFAC sanctions operates on a strict liability basis, requiring no proof of knowledge or intent. Civil penalties can reach USD377,700 per violation or double the transaction amount, whichever is greater. The strict liability nature of civil violations makes them particularly dangerous for companies, as even the most well-intentioned compliance efforts may not provide a complete defence.

OFAC also possesses the authority to impose secondary sanctions on persons and entities outside US jurisdiction. These secondary sanctions can effectively place the designated party that provides “material support” to cartels in the same position as a designated cartel itself, prohibiting all transactions involving that party and requiring asset freezes by any US person in possession of their property. This mechanism significantly expands the potential reach of sanctions, as it can affect parties with no direct connection to the United States beyond their interaction with designated cartels.

Criminal liability under the AEDPA

The AEDPA creates criminal liability for knowingly providing “material support” to designated terrorist organisations, which now includes the designated cartels. This statute represents one of the broadest and most significant legal tools available to US prosecutors in combating terrorism and, by extension, designated drug cartels.

The AEDPA’s definition of “material support” encompasses virtually any form of assistance that could benefit a terrorist organisation. This includes any property, tangible or intangible, or service, including currency or monetary instruments, financial services, communications, equipment, and transportation. The breadth of this definition means that even seemingly innocuous business transactions can potentially constitute material support if they substantially benefit a designated cartel.

The statute criminalises both direct provision of material support to cartels and indirect provision through intermediaries. Liability attaches when a person provides support through third parties while knowing that a cartel is the ultimate beneficiary. This aspect of the law is particularly relevant in the context of drug cartels, which often operate through complicated networks of front companies and intermediaries to obscure their involvement.

The knowledge requirement under the AEDPA merits careful attention. While the statute requires that defendants act knowingly, prosecutors need not prove knowledge of any specific terrorist act the organisation plans to commit. Instead, they must only show that the defendant knew the organisation was designated or engaged in terrorist activities generally. Moreover, courts have recognised that this knowledge requirement can be satisfied through “constructive knowledge” ‒ a showing that the defendant deliberately ignored red flags indicating possible involvement with a terrorist organisation. This standard significantly expands potential liability, as companies cannot simply turn a blind eye to suspicious circumstances and claim lack of actual knowledge as a defence.

The AEDPA’s jurisdictional provisions grant US courts authority over material support provided anywhere in the world, provided the offence affects interstate or foreign commerce of the United States. Courts have interpreted this jurisdictional hook broadly, finding it satisfied by even indirect or remote effects on the US economy. Additionally, the United States can exercise jurisdiction over offences committed entirely abroad if the perpetrator is later brought into US territory.

Penalties under the AEDPA are severe. Individuals face up to 20 years of imprisonment and fines up to USD250,000 or double the gross gain or loss resulting from the offence. Corporations face fines of up to USD500,000 per violation or double the gross gain or loss. These penalties, combined with the broad definition of material support and expansive jurisdictional reach, make AEDPA violations a critical concern for companies operating in regions where designated cartels are active.

Civil liability under the AEDPA

In addition to criminal penalties, the AEDPA creates a private right of action that allows US nationals injured by acts of international terrorism to seek civil remedies. Plaintiffs may sue both designated cartels and those who facilitate their activities, including individuals and entities who knowingly provide material support. The civil cause of action, thus, incorporates the same broad definition of material support and knowledge requirements as the criminal provisions.

The statutory framework provides for enhanced damages that make civil litigation particularly attractive to plaintiffs. Successful plaintiffs are entitled to treble damages. Additionally, prevailing plaintiffs can recover attorney’s fees and litigation costs, removing a significant barrier to bringing suit and potentially encouraging more private enforcement actions. The combination of treble damages and fee-shifting creates substantial financial exposure for companies found liable under the civil provisions.

Civil litigation under the AEDPA also presents unique procedural challenges for defendants. Discovery in these cases can be extensive and intrusive, potentially exposing sensitive business information and compliance practices. Moreover, the emotionally charged nature of terrorism-related litigation can create unfavourable dynamics for corporate defendants, particularly in jury trials. Companies must therefore consider not only the direct financial exposure but also the reputational risks and litigation costs associated with defending against private AEDPA claims.

Part II: corporate compliance

Developing and updating policies and procedures

The designation of cartels as terrorist organisations calls for a fundamental review of corporate compliance programmes. Companies operating in Latin America, especially Mexico, must recognise that existing anti-corruption and anti-money laundering policies, while important, may not adequately address the unique challenges posed by anti-terrorism laws. The starting point for any effective compliance programme is the development or revision of policies and procedures that specifically address the risks of engagement (even if inadvertent) with designated cartels.

Companies with existing compliance programmes should begin by conducting a gap analysis to identify areas where current policies may fall short of addressing terrorism-related risks. This process should examine whether existing policies adequately capture the broad definition of material support, the constructive knowledge standard, as well as the expanded jurisdictional reach of US anti-terrorism laws. Updating policy language to explicitly reference anti-terrorism laws and related cartel designations serves important purposes: it demonstrates corporate awareness of evolving legal requirements, provides clear guidance to employees, and can serve as evidence of good faith compliance efforts in any future enforcement proceedings.

The policy development process should involve key stakeholders from across the organisation, including legal, compliance, operations, finance, and human resources. This cross-functional approach ensures that policies address practical operational realities while maintaining legal compliance. Policies should be written in clear, accessible language that employees at all levels can understand and implement. Technical legal requirements should be translated into practical guidance that employees can apply in their daily activities.

Regular review and updating of policies are essential given the dynamic nature of cartel operations and evolving enforcement priorities. Companies should establish a formal review cycle, typically on an annual basis, but with provisions for interim updates when significant changes occur in the legal or operational environment.

Conducting comprehensive risk assessments

A robust risk assessment forms the foundation of any effective compliance programme. In the context of cartel-related risks, the assessment must go beyond traditional financial crime risks and account for cartels’ operational methods and territorial presence. The risk assessment process should be systematic, documented, and regularly updated to reflect changing circumstances.

The geographic dimension of risk assessment is particularly critical for companies operating in Latin America, particularly in Mexico. Companies must develop a nuanced understanding of cartel presence and influence across their operational footprint. Information for this assessment should come from multiple sources, including specialised government reports on drug trafficking, security consultants with regional expertise, and importantly, insights from local employees who understand ground-level realities.

Customer and supplier risk profiling represents another crucial component of the assessment process. Companies should analyse their business relationships to identify those that may present elevated risk of cartel connection. This analysis should consider factors such as the counterparty’s industry sector, ownership structure, geographic location, and business model. Certain industries, such as transportation, logistics, construction, and cash-intensive businesses, may present higher risks due to their utility for money laundering or operational value to cartels.

Transaction-level risk assessment involves examining the types of business activities that could potentially facilitate cartel operations or create inadvertent connections. Companies should map their product and service offerings against potential misuse scenarios. For example, companies selling industrial chemicals should assess the risk that their products could be diverted for drug manufacturing, while logistics companies should evaluate the risk that their services could be used to transport illicit goods.

Documentation of the risk assessment process is crucial for demonstrating good faith compliance efforts. The assessment should produce a clear risk matrix that identifies specific risks, their likelihood and potential impact, existing controls, and any gaps requiring remediation. This documentation should be presented to senior management and the board of directors to ensure appropriate oversight and resource allocation for compliance efforts.

Identifying red flags

The ability to identify red flags indicating potential cartel involvement is essential for preventing violations of anti-terrorism laws. Given the constructive knowledge standard applicable under these laws, companies must train employees to recognise warning signs and establish clear procedures for responding to suspicious circumstances. The development of red flag indicators should be based on the company’s risk assessment and tailored to its specific operational context.

Geographic red flags often provide the first indication of potential cartel involvement. Transactions involving counterparties in known cartel-controlled territories warrant enhanced scrutiny, particularly when combined with other suspicious factors. Unusual delivery locations, circuitous transportation routes, or requests for deliveries at odd hours or to remote locations may indicate efforts to avoid detection.

Corporate structure and ownership red flags can reveal attempts by cartels to disguise their involvement in legitimate business transactions. Warning signs include newly formed companies engaging in large transactions without established business history, frequent changes in company names or registered addresses, and opaque ownership structures with multiple layers of shell companies. Companies should be particularly wary of counterparties that cannot provide coherent explanations for their business model or whose stated activities do not align with their transaction patterns.

Financial and transactional red flags often indicate money laundering or efforts to obscure illicit connections. These may include insistence on cash payments or unusual payment methods, payments from third parties unrelated to the transaction, pricing significantly above or below market rates without clear justification, and structured transactions designed to avoid reporting thresholds. Rapid changes in transaction volumes or patterns, particularly following news of enforcement actions or cartel conflicts, may also signal problematic relationships.

Behavioural red flags in business interactions can provide crucial warning signs. These include evasiveness or inconsistency when providing routine business information, unusual urgency without clear business justification, attempts to circumvent normal compliance procedures, and threats or intimidation during negotiations.

Implementing robust third-party due diligence controls

The complexity of cartel operations, which often involve networks of legitimate-appearing front companies, makes third-party due diligence one of the most critical elements of an effective compliance programme. Companies must implement controls designed not only to identify direct cartel connections but also ‒ and when warranted under a risk-based approach ‒ to understand the ultimate destination and use of their products and services.

The pre-relationship due diligence process should begin with comprehensive information gathering from key third parties. Companies should require prospective business partners to provide detailed documentation establishing their legal existence, ownership structure, and business operations. This includes corporate registration documents, identification of beneficial owners, descriptions of primary business activities and key suppliers/customers, and financial information demonstrating legitimate sources of funding. For higher-risk relationships, companies may need to require additional information such as bank references, customer references from known legitimate businesses, and site visit reports confirming physical operations.

Screening procedures must cast a wide net to identify potential cartel connections. At a minimum, companies should screen key third parties against OFAC’s Specially Designated Nationals list, other US government sanctions and terrorism lists, and relevant international sanctions databases. However, given that many cartel-connected entities may not appear on official lists, screening should extend to adverse media searches, review of court records and litigation databases, and/or consultation of local law enforcement or regulatory bulletins where available.

Contractual protections play a vital role in the due diligence framework. All contracts should include robust representations and warranties regarding non-involvement with cartels or other sanctioned entities. These provisions should be crafted carefully to create ongoing obligations throughout the relationship, not merely point-in-time representations. Contracts should also include audit rights allowing the company to investigate suspicious activities, immediate termination rights for violations of anti-terrorism laws or discovery of cartel connections, and indemnification provisions protecting against losses resulting from counterparty violations.

The importance of ongoing monitoring cannot be overstated. Cartel infiltration of legitimate businesses can occur after relationships are established, and ownership or control changes may introduce new risks. Companies should implement systematic procedures for periodic re-screening of existing business partners, monitoring for changes in ownership or business activities, and reviewing transaction patterns for emerging anomalies. This ongoing monitoring is particularly important for long-term relationships where complacency may develop over time.

The response to any red flags detected through due diligence must be swift and systematic. Companies should establish clear escalation procedures that balance the need for thorough investigation with operational efficiency. Initial responses might include enhanced due diligence, requests for additional documentation, or consultation with outside experts. Where red flags cannot be satisfactorily resolved, companies must be prepared to decline or terminate business relationships, even when doing so may result in lost revenue or operational disruption.

Establishing effective internal investigation protocols

Despite best preventive efforts, companies operating in high-risk environments will likely encounter situations requiring investigation of potential cartel connections. The ability to respond quickly and effectively to such incidents is key to avoiding enforcement action. A robust internal investigation protocol is therefore essential for demonstrating good faith compliance efforts and potentially mitigating penalties for any violations that may have occurred.

Upon discovery of credible allegations or red flags suggesting cartel involvement, companies must act immediately to prevent the issue from escalating and preserve evidence. This includes suspending any potentially problematic transactions, securing relevant documents and electronic data, and implementing litigation holds to prevent destruction of evidence.

Investigation planning requires careful consideration of scope, resources, and potential outcomes. Companies must determine whether to conduct investigations under attorney-client privilege, recognising that doing so may limit their ability to share results with regulators but provides protection for sensitive findings. The investigation plan should identify key witnesses, relevant documents and data sources, and timelines for completion. For investigations involving potential cartel connections, companies should strongly consider engaging external counsel with expertise in anti-terrorism laws and regional knowledge of cartel operations.

The conduct of investigations in potential cartel-related matters presents unique challenges. Witness interviews must be handled sensitively, recognising that employees may fear retaliation from cartels if they provide information. Companies should establish secure channels for employees to report concerns and consider offering protection for employees who self-report violations. Document review should focus not only on direct evidence of cartel connections but also on patterns of behaviour that might indicate constructive knowledge of such connections.

Remediation efforts following investigations must be swift and comprehensive. Where violations are identified, companies should identify root causes of violations and take immediate steps to terminate problematic relationships, enhance controls to prevent recurrence, and discipline employees who violated company policies. The remediation process should be thoroughly documented to demonstrate the company’s commitment to compliance. This documentation becomes particularly important if the company decides to make voluntary disclosures to government authorities.

Deciding whether to self-disclose potential violations to government authorities represents one of the most critical judgement calls in the investigation process. Voluntary disclosure may lead to significant mitigation of penalties and may be the difference between civil and criminal charges. Factors favouring disclosure include clear evidence of violations, systemic control failures suggesting ongoing risk, and situations where disclosure by other parties seems likely.

Conclusion

The designation of cartels as terrorist organisations represents a defining moment for white-collar enforcement and corporate compliance. The convergence of anti-terrorism laws, OFAC sanctions, and expanded enforcement efforts creates an environment necessitating that attorneys be well-versed in relevant specialised areas and companies be exceptionally vigilant about their business relationships and transactions.

Success in this new landscape requires more than mere technical compliance. Companies must invest in robust compliance programmes that combine comprehensive risk assessments, effective due diligence procedures, ongoing monitoring, strong cultural foundations, and outside counsel to advise as needed.

While the challenges are significant, companies that approach compliance proactively will be more likely to avoid severe penalties and also contribute to broader efforts to combat cartel activities. By implementing the practical guidance outlined in this article, organisations can begin to navigate this difficult new environment while maintaining their business operations and protecting their stakeholders.

Importantly, minimising liability through compliance is not a static exercise but an ongoing process that must evolve with changing risks and enforcement priorities. Companies that build adaptive, comprehensive compliance programmes will be best positioned to thrive in the challenging operating environment of Mexico and Latin America.