This blog continues our series focusing on the upcoming ACI Forum on Cartels, TCOs, and Compliance in Latin America and why it is so timely. It is also why compliance officers need to understand that this is not simply another enforcement trend. It is a structural change in how risk must be assessed, governed, and managed. Today, I want to explore why you need to recalibrate your risk assessment in light of the US’s shift in classifying cartels from criminal organizations to Foreign Terrorist Organizations (FTOs).
For years, many companies treated cartel risk as a regional security issue, a physical safety issue, or a narrow sanctions-screening issue. That approach is no longer sufficient. Cartel-driven economies now create enterprise risk across sales, supply chain, procurement, logistics, human resources, community relations, government affairs, security, and internal controls. The CCO must help the organization move from episodic screening to a dynamic, evidence-based risk assessment model that identifies where the business may be exposed to Foreign Terrorist Organization (FTO) and Transnational Criminal Organization (TCO) risks.
The legal and enforcement environment has shifted. Executive Order 14157 established a process for certain international cartels and other organizations to be designated as FTOs or Specially Designated Global Terrorists, and described those organizations as threats to U.S. national security, foreign policy, and the economy. OFAC later issued an alert identifying eight designated organizations and warning that companies with operations in, or exposure to, high-risk jurisdictions where designated cartels are active should assess their sanctions compliance controls. That is the compliance lesson. This is not simply a legal list update. It is a risk assessment reset.
Cartel-Driven Economies Change the Risk Ranking Model
Traditional compliance risk assessments often rank risk by country, business unit, transaction value, government touchpoints, and third-party type. Those variables still matter. But cartel-driven economies require additional factors: territorial control, coercive influence, infiltration of local business networks, labor pressure, logistics-route control, cash intensity, proximity to ports or borders, public security risks, and the likelihood that a legitimate counterparty may be owned, controlled, taxed, extorted, or otherwise influenced by criminal organizations.
The ranking model should distinguish between three types of exposure. First, direct exposure, where a company deals with a designated party or a party it owns or controls. Second, indirect exposure, where a supplier, distributor, customer, logistics provider, labor broker, or security vendor is connected to cartel-linked actors. Third, environmental exposure, where the company operates in a geography or sector where coercion, extortion, or criminal facilitation is a predictable operating condition.
The DOJ’s Evaluation of Corporate Compliance Programs (ECCP) asks whether third-party management is risk-based, integrated into vendor management, supported by business rationale, tied to appropriate contract terms, and subject to ongoing monitoring. Those questions should now be applied not only to anti-bribery risk, but also to FTO and TCO risk.
Create an Internal FTO Working Group
A company cannot manage this risk through sanctions screening alone. The CCO should establish an internal FTO working group with a clear charter, executive sponsorship, and board reporting. The group should include compliance, legal, sanctions, AML, procurement, sales, finance, logistics, security, HR, government affairs, community relations, internal audit, and enterprise risk management.
Its mandate should be practical: identify exposures, refresh risk rankings, define escalation protocols, review high-risk contracts, approve enhanced due diligence standards, monitor emerging typologies, and track remediation efforts. It should also define when the company will suspend a transaction, reject a counterparty, exit a relationship, seek external counsel, notify insurers, or brief the board. This working group should meet frequently at the outset, then move to a risk-based cadence. Its output should not be a memo that sits on a shelf. It should produce a revised heat map, a prioritized counterparty review list, an action tracker, and control enhancements that can be tested by internal audit.
Leverage Existing Risk Assessments
The most efficient approach is not to create a wholly separate FTO risk assessment. The better approach is to integrate FTO/TCO risk into existing assessments. Your FCPA risk assessment already identifies government touchpoints, customs brokers, permitting issues, gifts and entertainment, charitable donations, intermediaries, consultants, and high-risk payments. Those same data points are highly relevant to cartel exposure because criminal networks often exploit local permitting, customs clearance, transportation, public security, and procurement systems.
The business and human rights assessment also provides critical intelligence. The UN Guiding Principles on Business and Human Rights recognize a corporate responsibility to respect human rights through due diligence that avoids infringing on the rights of others and addresses adverse impacts with which the business is involved. In cartel-affected markets, human rights due diligence can reveal forced labor, threats against workers, community intimidation, unsafe security practices, land-access disputes, migrant exploitation, and labor-broker abuse.
Sanctions, AML, trade compliance, cybersecurity, and fraud risk assessments should also be mined. Look for recurring names, addresses, beneficial owners, banks, payment patterns, shell entities, shared directors, unusual routes, unexplained subcontractors, and counterparties that appear across unrelated business units.
Review Major Contracts and Customers for FTO/TCO Risk
Companies often focus due diligence on suppliers and intermediaries, while under-reviewing major customers. That is a mistake. A customer can create sanctions, money-laundering, books-and-records, reputational, and material-support risks. The company should identify major contracts in high-risk geographies and sectors, then re-rank them based on ownership transparency, payment behavior, sector exposure, government interaction, logistics routes, and local operating conditions. High-risk contracts should include enhanced representations, beneficial ownership update obligations, audit rights, sanctions, and FTO/TCO clauses, payment transparency requirements, subcontractor disclosure, termination rights, and controls over cash, commissions, rebates, donations, sponsorships, and community payments.
A contract should move into enhanced review when the business cannot explain the counterparty’s commercial rationale, when pricing is uneconomic, when payment comes from unrelated parties, when revenue spikes in cartel-affected regions, when the counterparty refuses beneficial ownership disclosure, or when local employees report pressure to use a particular vendor, union, broker, transporter, or security provider.
Detect Commingling of Legitimate and Illegal Activity
The core challenge is commingling. Cartels do not always operate through obviously illicit entities. They use logistics companies, fuel businesses, casinos, real estate, import-export companies, labor brokers, charities, community organizations, and professional service providers.
Recent enforcement actions show the point. Recently, the US Department of the Treasury announced multiple CJNG-linked fuel schemes involving cross-border smuggling, falsified customs documents, and shell companies. OFAC also described cartel-linked casino activity used to launder proceeds and integrate illicit funds into the legitimate financial system. For compliance professionals, these examples reinforce a familiar truth: a company’s legal form is not the same as its risk profile.
Detection requires data and local intelligence. Compare invoices to actual services. Review customs documentation against logistics activity. Test whether vendors have employees, assets, facilities, and capacity. Analyze payment flows for round-dollar amounts, rapid pass-through activity, third-party payments, and mismatches between business size and transaction volume. Monitor hotline reports for references to threats, forced vendors, security payments, labor pressure, and community demands.
Functions That Must Be in Scope
Supply chain must map critical suppliers, second-tier exposure, logistics corridors, warehousing, border crossings, ports, and emergency sourcing decisions. HR must assess labor brokers, recruitment channels, employee intimidation, workplace violence, the risk of retaliation, and escalation pathways for threatened employees. Community relations must review donations, sponsorships, local foundations, land-access payments, and community intermediaries. Union relations must assess whether labor organizations or labor contractors are being used as pressure points. Government affairs must evaluate permitting, customs, inspections, police interaction, and local political exposure. Security must review private security providers, public security coordination, incident response, travel protocols, and extortion procedures. The board should ask one question above all others: where could the company be doing legitimate business through a channel that criminal actors influence, control, or monetize?
Practical Takeaways
CCOs should refresh the risk assessment now, not after a transaction is called into question. Build the FTO working group, integrate existing FCPA and human rights intelligence, re-rank major contracts and customers, and test controls for commingling. The objective is not perfection. The objective is a documented, risk-based, board-visible process that shows the company understands its exposure, updates its controls, and acts when the risk profile changes.
The Cartels, TCOs & Compliance in Latin American conference will feature these topics and many more. For information and registration, click here. For a complete list of the agenda, click here. You can receive a 10% off the price by using the Discount Code D10-999-CPN26.
ACI is the sponsor of today’s blog.