This article is based on content originally published on our partner platform Seerist, the augmented analytics solution for threat and risk intelligence professionals.
The US designation of several Mexican organised criminal groups (OCGs) as Foreign Terrorist Organizations (FTOs) in January 2025 has significantly altered the legal, reputational and financial risk landscape for companies operating in or with ties to Mexico.
The move, made early in Trump's second term, empowers the US Department of Justice (DOJ) to prosecute those providing material support to designated groups. Companies must now assess criminal liability under anti-money laundering laws and consider their exposure to terrorism-financing risks.
What is a "cartel"?
The term "cartel" is a misnomer. It suggests an organised criminal group focused solely on drug trafficking, with an agreed market share among rivals and a clearly defined sphere of influence. OCGs in Mexico are now involved in a wide array of illicit and "legal" activities – which they fight to control through turf wars and internecine conflict – and they have extremely fluid spheres of influence.
Groups such as the Santa Rosa de Lima Cartel, the Juárez Cartel, and the Tijuana Cartel are also significant actors and may soon be added to the list.
Material support and legal exposure
Liability can arise if a company knowingly supports a group or shows “deliberate indifference” to its designation or activities – even if that support is legal in nature. Prosecutors do not need to prove intent to support terrorism or involvement in illegal acts.
The most commonly cited example of indirect support – and a likely focus for enforcement – is companies paying extortion (derecho de piso) to a criminal group. Companies across multiple sectors, especially mining and oil and gas, are periodically subjected to extortion demands. Verifying the identity of the extorting group can be challenging, as smaller actors often claim ties to larger, well-known OCGs to gain credibility.
Given the complexity and geographic extent of organised crime in Mexico, sector exposure varies significantly by region. The level of risk depends on each group’s dominant activities by location, the economic strengths of individual states, and specific vulnerabilities within supply chains.
Control Risks has already identified several preliminary cases of private sector exposure in key hotspots since the designation in January.
Narcos and networks
Key developments to watch following the designation include how enforcement will unfold and what the DOJ will focus on first: targeting companies linked to OCGs or dismantling major organised crime schemes. The Trump administration will likely start with high-profile cases, followed by more targeted enforcement.
On 1 May, the Office of Foreign Assets Control (OFAC) confirmed that OCGs in Mexico are operating binational fuel theft networks with shell companies in Texas. OFAC sanctioned three Mexican nationals and two Mexico-based companies. Days later, Mexico’s Anti-Corruption Ministry linked the scheme to Pemex customs officials in Veracruz working with the Jalisco New Generation Cartel (CJNG) in fuel theft operations (huachicoleo fiscal) by systematically failing to report hydrocarbon imports and exports. The US Treasury also warned of secondary sanctions for entities engaging with penalised companies.
Uncertainty around enforcement has led some companies to delay taking proactive measures. However, information from Control Risks' sources suggests that the DOJ is already preparing cases, with the first expected in 2025. One politically expedient priority will likely involve Canadian entities operating in Mexico, considering recent US-Canada tensions.
Law and (dis)order
Aside from direct extortion payments, one of the most immediate risks for companies operating in Mexico will be inadvertent links to OCGs through third parties, such as subcontractors, logistics providers or labour unions. In many states, OCGs influence these actors through coercion, infiltration or mutual benefit. Businesses can be exposed simply by hiring contractors who, in turn, work with – or directly for – other companies linked to OCGs or the groups themselves.
This risk is exacerbated by murky due diligence environments. Middlemen (known colloquially as gestores), opaque corporate structures and falsified documents often obscure links to OCGs. Seemingly legitimate providers often act as fronts or engage in activities like fuel smuggling or extortion rackets, complicating efforts to detect indirect ties.
From penalties to press
Penalties from the FTO designation include fines and imprisonment for knowingly providing material support to FTOs – up to a life sentence if a casualty results. Financial institutions that fail to freeze assets tied to designated groups face civil penalties of at least USD 50,000 per violation or twice the amount that should have been frozen.
A significant but often overlooked risk is civil litigation. In the early 2000s in Colombia, a company admitted to paying a designated FTO and has faced lawsuits in US courts from victims claiming the funds contributed to human rights abuses. Similar cases may emerge in Mexico, brought for example by victims of OCG-related violence or families of fentanyl overdose victims in the US.
Beyond formal legal action, public exposure from the Trump Administration itself could trigger serious reputational damage to companies with perceived links to FTOs, even if those are inadvertent.
Paper trails
Following the US designation of Mexican OCGs as FTOs, the message is clear: companies must reduce exposure by being proactive – not reactive.
Companies should know the key institutions involved in enforcement. These include the DOJ and US state attorneys, who also have jurisdiction to pursue cases under terrorism-financing laws. Adequate documentation can make all the difference when withstanding DOJ scrutiny and supporting due diligence in both civil and criminal cases.
Key steps include:
Trusted ethics, compliance and governance experts
Making informed decisions about who you associate with, ensuring compliance across a global operational footprint, and managing data and cyber security at every level are essential for the success of any organisation.
Find out more about how our experts can support your organisation.