Cartels, Corruption, and Corporate Risk: Navigating Trump-Era Enforcement

Key Takeaways

The Enforcement Landscape Has Fundamentally Transformed Beyond Traditional FCPA

• The U.S. government’s approach to Latin American corruption now explicitly integrates Foreign Corrupt Practices Act enforcement with anti-terrorism legislation, OFAC sanctions, FinCEN regulations, and money laundering statutes, creating a multi-statute framework where a single compliance failure can trigger simultaneous investigations by multiple agencies.
• The designation of six Mexican cartels as Foreign Terrorist Organizations (FTOs) creates potential liability under the Anti-Terrorism Act for providing “material support”—including ordinary commercial payments that unknowingly benefit cartel-affiliated entities.
• Companies can no longer treat anti-bribery compliance as a standalone function, as each investigating agency—including the DOJ Criminal Division, DOJ National Security Division, the SEC, Treasury Department, and DEA—operates with different priorities and disclosure protocols.

Cartel Infiltration Operates Through Legitimate Business Structures

• Transnational criminal organizations have systematically embedded themselves into legitimate commercial operations through shell companies, proxy ownership structures, and coerced business relationships that pass standard screening protocols.
• Cartels prioritize two core objectives—moving product and moving money—which means they actively seek legitimate companies in logistics, freight forwarding, and cross-border trade to blend illicit cash flows with normal business transactions.
• The infiltration may be intermittent rather than continuous, with compromised shipments occurring every third or fourth transaction rather than systematically, making detection through periodic monitoring insufficient without continuous transaction analysis and behavioral pattern recognition.

FCPA Accounting Provisions May Become the Primary Enforcement Tool 

• While the DOJ has emphasized using FCPA anti-bribery provisions against cartel-related corruption, the accounting and internal controls provisions may prove more powerful enforcement mechanisms when direct bribery evidence is ambiguous.
• Companies that suspect but cannot definitively prove third-party connections to designated organizations often face a challenging evidentiary threshold for Anti-Terrorism Act violations, but poor internal accounting controls or inaccurate books and records provide sufficient grounds for SEC enforcement action.
• This mirrors the SEC’s historical approach of pursuing accounting violations when jurisdiction or evidence for anti-bribery charges proves insufficient, suggesting companies should expect heightened scrutiny of financial controls and transaction documentation even absent clear corruption allegations.

Due Diligence Requirements Must Expand Far Beyond Standard

• Effective cartel risk mitigation requires integration of anti-money laundering protocols, beneficial ownership verification, sanctions screening against FTO designations, and continuous transaction monitoring that extends beyond the capabilities of traditional compliance due diligence.
• Companies must conduct deeper investigation into ultimate beneficial ownership structures, understanding that third parties may assert confidentiality rights to resist disclosure while potentially concealing cartel affiliations.
• The screening process should incorporate geographic risk intelligence about cartel operational territories, supply chain route analysis to identify vulnerable logistics nodes, and ongoing monitoring that refreshes sanctions list checks and adverse media screening more frequently than annual reviews.

Employee Safety and Extortion Risk Have Become Central Compliance Concerns

• The physical security dimension of cartel-related compliance creates unprecedented challenges for ethics and compliance programs, as employees may face credible threats to themselves and their families if they refuse to cooperate with cartel demands or report suspected misconduct.
• Compliance teams must coordinate closely with corporate security functions to develop employee protection protocols, including potential relocation for threatened staff and secure, confidential reporting channels that overcome cultural distrust of both corporate and government authorities in Latin American markets.
• Companies should establish crisis management protocols specifically for suspected cartel involvement that prioritize employee safety over financial considerations, recognizing that employees may become extortion targets with threats to family members or may be offered financial incentives that make cooperation with cartels economically attractive.

Vendor Disengagement Requires Strategic Exit Planning to Avoid Retaliation

• Terminating business relationships with third parties suspected of cartel affiliation cannot follow standard contract termination procedures, as abrupt disengagement with stated compliance concerns can trigger violent retaliation against company personnel and facilities.
• Effective exit strategies require developing alternative business justifications for relationship termination that leverage contractual provisions unrelated to suspected misconduct, gradually reducing engagement scope, and managing communications to avoid signaling investigative findings to the affected vendor.
• Companies should present the disengagement as a strategic business decision, market exit, or supplier consolidation initiative rather than a compliance-driven termination, while simultaneously providing security protection to employees who had direct contact with the suspected entity.

The “Knowledge” Standard for Anti-Terrorism Act Violations Creates Significant Willful Blindness Risk

• Unlike traditional criminal statutes requiring proof of intent, the Anti-Terrorism Act imposes liability based on knowledge that a counterparty is a designated FTO or is engaging in terrorism-related activities, creating heightened legal exposure for companies that ignore red flags during due diligence.
• This knowledge standard mirrors the FCPA’s “willful blindness” doctrine, where companies that consciously avoid information about potential violations face the same liability as those with actual knowledge, making inadequate investigation of concerning indicators as legally problematic as confirmed violations.
• Companies operating in high-risk markets who encounter vendors who refuse to provide ownership information or unusual transaction patterns cannot simply proceed with inadequate investigation, as red flags that would trigger further inquiry establish the knowledge threshold necessary for Anti-Terrorism Act prosecution if violations ultimately occurred.

Self-Disclosure Decisions Have Become Exponentially More Complex Across Multiple Agencies

• A single compliance incident involving suspected cartel activity may require disclosure to the DOJ FCPA Unit, SEC, DOJ National Security Division, OFAC, and FinCEN—each with different disclosure protocols, cooperation credit frameworks, and enforcement priorities that may not align.
• The DOJ FCPA program offers relatively clear declination incentives for voluntary disclosure with cooperation and remediation, but companies cannot expect equivalent treatment from National Security Division prosecutors or OFAC enforcement personnel, who may view the same facts through fundamentally different risk lenses.
• Strategic self-disclosure may provide opportunities to assist government investigations of larger cartel networks in exchange for favorable treatment, but the multi-agency coordination challenges and potential for inconsistent positions across different government offices make the disclosure calculus significantly more complicated than traditional FCPA decisions.

Internal Whistleblower Systems Must Overcome Deep Cultural Distrust in Latin American Markets

• Building effective speak-up culture in Latin American operations faces structural challenges beyond typical ethics program concerns, as employees may distrust corporate reporting channels based on experiences with corrupt government institutions and fear that local police or security forces are themselves cartel-affiliated.
• Companies must invest substantially in confidentiality protections, anonymous reporting technologies, and independent investigation capabilities that operate outside local management structures to overcome employee concerns that reporting cartel activity will expose them and their families to retaliation.
• The compliance function should establish clear protocols demonstrating how employee reports will be handled, what protections will be provided, and how the company will respond to suspected cartel involvement without creating additional risk to the reporting individual.

Compliance Programs Require Integration of Security, Crisis Management, and Legal Functions

• Traditional compliance organizational models that operate independently from corporate security and crisis response functions are insufficient for managing cartel-related risks, which simultaneously present legal exposure, physical security threats, and reputational crisis scenarios.
• Effective programs must establish formal coordination protocols between compliance, legal, security, and communications teams to ensure that suspected cartel involvement triggers immediate multi-functional response including threat assessment, employee protection measures, and legal analysis of disclosure obligations.
• This integrated approach should include pre-established crisis protocols specifying decision-making authority when time-sensitive situations arise, such as when investigators encounter threats during internal investigations or when employees report extortion attempts, ensuring that employee safety considerations drive immediate response.

Conclusion