Reinventing Bank Risk Mgmt. After 2025's Cartel Crackdown

The Trump administration's 2025 campaign against transnational drug cartels has not stopped at the border. It has been waged through terrorism designations, geographic targeting orders, economic sanctions and an unmistakable reorientation of criminal enforcement — tools that run straight through the U.S. financial system.

Banks now sit at the fulcrum of a policy pivot that recasts cartel exposure as a national security risk rather than a financial crime compliance problem. That shift is already changing examiner expectations, elevating compliance obligations, increasing exposure under the Anti-Terrorism Act, or ATA, and raising the stakes of getting risk assessments wrong.

For banks, the real story of this shift is how 2025 became a turning point, reshaping long-standing assumptions about Bank Secrecy Act, or BSA, and anti-money laundering oversight, and the risks they are expected to manage.

From Financial Crime to National Security: Key Policy and Enforcement Shifts in 2025

Since Inauguration Day, the administration has deployed a coordinated mix of regulatory pressure, enforcement initiatives and national security authorities to confront cartel activity.

Each action carries legal and compliance implications for banks. The pace and scope of these changes have been hard to ignore, from FinCEN issuing its first orders under the newly enacted Fentanyl Sanctions Act, or Title 12 of the U.S. Code, Section 2313(a), targeting cartel-linked Mexican financial institutions[1] to the U.S. military conducting strikes against alleged drug cartel vessels.[2]

Two actions in particular frame the present risk environment for financial institutions. First, on Inauguration Day, President Donald Trump issued Executive Order No. 14157, declaring transnational drug cartels a national security threat and laying the legal foundation to designate Mexican and other Latin American cartels as foreign terrorist organizations, or FTOs.[3]

On Feb. 20, 2025, pursuant to the executive order, the U.S. Department of State designates eight cartels as FTOs. The designation of these cartels as FTOs triggers immediate blocking obligations, sanctions risks and the sweeping "material support" felony that has anchored U.S. counterterrorism enforcement for decades.

The second action framing the risk financial institutions face is how the U.S. Department of Justice is updating to its corporate enforcement priorities — explicitly pushing Foreign Corrupt Practices Act and related corporate cases toward conduct that facilitates cartels and transnational criminal organizations.[4]

The practical consequence for banks is a compressed margin for error. Transactions that once posed only BSA and anti-money laundering risk now sit at the intersection of sanctions, terrorism financing, FCPA exposure and potential private litigation under the ATA. In other words, risks that were once contained within a compliance silo now extend across the entire enterprise, encompassing legal, operations, sanctions, financial crime and board oversight.

Know-Your-Customer Practices and Enhanced Due Diligence in a Cartel-Focused Era

The FTO designations and FinCEN's actions underscore the importance of maintaining disciplined know-your-customer, or KYC, and enhanced due diligence, or EDD, practices. The old question--Ddo we know our customer? — has mutated into a more exacting standard: Do we know our customer's counterparties, corridors and operating geographies well enough to detect cartel-adjacent risk? Banks should anticipate examiner emphasis on three areas.

First, the logic of sanctions screening and interdiction must be refined to catch the various ways cartel exposure manifests.

Screening is not limited to named individuals. It also includes entities and transactors operating in or adjacent to cartel-controlled regions. Screening also applies to industries cartels are known to penetrate, as well as activity patterns consistent with typologies FinCEN has flagged, such as mislabeling waste oil to smuggle crude oil or mirror transfers used by Chinese laundering networks serving cartel cash.

Second, onboarding in higher-risk sectors — such as logistics, warehousing, cross-border carriers, small import-export traders and independent oil brokers near the border — requires documented, risk-based EDD that looks beyond formal ownership to proxies, agents and performance. In high-risk corridors, banks should expect to validate invoices and bills of lading, test counterparties' beneficial ownership claims, and require granular evidence of goods movement or services rendered.

Third, transaction-monitoring logic must be able to absorb new thresholds and typologies. The $200 currency transaction report trigger for applicable money services business corridors should prompt elevated alerting scenarios for small-dollar cash velocity, repeated structured deposits with rapid cross-border transfers, and repeated use of accounts to finance high-risk commodities that are inconsistent with the customer's profile.

In 2026, examiner credibility is built as much on what you can show about risk-tuning and model governance as on the software itself.

Risk Assessments: From Annual Exercise to Operational Imperative

A static, once-a-year enterprise risk assessment is misaligned with the pace of policy change. The administration's designations and orders have been iterative, with short effective dates and evolving typologies. Banks should move toward a living risk assessment framework that is:

• Scenario-driven;
• Specific about corridors and counterparties; and
• Woven into reporting lines up to management and the board.

Geography should be mapped alongside product and customer risk, with overlays for cartel-controlled logistics hubs, high-risk ports and areas of known fuel theft and bulk cash activity. Counterparty risk should extend to agents — such as customs brokers, security contractors and small freight forwarders — whose proximity to cartel operations raises exposure beyond their balance sheets. Product risk should consider trade finance, payable finance and supply chain finance structures that can be exploited to move cartel value within otherwise legitimate shipments.

On the back end, the risk assessment should feed discrete workstreams: an financial intelligence unit-led lookback focused on specific risk threads — for example, exposure to the three Section 2313(a)-designated Mexico-based institutions named by FinCEN — model-tuning projects to reflect typology updates, and a training refresh for frontline bankers and second-line investigators.

Crucially, banks should develop a risk and response narrative that aligns with the expectations of prudential examiners: Identify the risk, demonstrate how it was assessed, explain the mitigation steps and establish a feedback loop to test the effectiveness.

The Policy Reframe and Examiner Expectations

The shift from financial crime regulation to national security is not abstract. It is changing how prudential regulators and enforcement agencies read the same facts. A bank that once faced a BSA program consent order now faces the credible possibility of a sanctions investigation, a terrorism-financing theory or parallel asset forfeiture counts if funds are tied to cartel-facilitating activity.

This convergence of AML and national security risk has three concrete consequences for banks.

Scrutiny of Governance

First, expect scrutiny of governance. Boards and senior management will be expected to understand how strategy and capital allocation intersect with cartel exposure.

Institutions expanding into Southwest corridors, courting logistics and energy clients near the border, or launching cross-border products should be prepared to demonstrate that those decisions were informed by a national security risk filter — not just a BSA checklist.

Tests of Responsiveness

Second, expect testing of responsiveness.

When FinCEN posts an alert or order, do your policies update or do you rely on ad hoc bulletins? How quickly do core systems reflect new blocking lists and scenario rules? Are frontline teams trained to escalate protection payment demands or suspicious oil shipments they hear about from customers?

Alignment Across Compliance Teams

Third, expect alignment questions across silos. Sanctions, AML, fraud and KYC cannot be managed as separate compliance islands in this environment.

Institutions should have a unified escalation path for cartel exposure, one that brings together financial intelligence unit investigators, business leadership and security personnel.

What Banks Should Be Doing Now

The core playbook turns on speed, specificity and documentation. The institutions that will fare best are those that can demonstrate they identified the risk, assessed it, mitigated it, and monitored their mitigation in a manner that is transparent to examiners and credible to prosecutors.

Conducting Thorough Risk Assessments

First, conduct a privileged, top-down risk assessment calibrated to the 2025 landscape. Identify specific risks, such as:

• Exposure to customers using or nested within the three Mexico-based financial institutions subject to FinCEN's orders;
• Customers transacting in sectors featured in recent FinCEN alerts;
• Corridors where small-dollar cash velocity has spiked; and
• Relationships dependent on municipal permits, port calls or customs interactions in cartel-heavy regions.

Use that assessment to prioritize governance, staffing and technology spending.

Risk assessment is not a check-the-box deliverable; it is your institution's North Star in a policy environment where rules can change overnight.

Strengthening Oversight in High-Risk Areas

Second, strengthen onboarding and monitoring where the exposure is most prevalent.

Higher-risk geographies and sectors require documentary proof of performance and counterparty integrity beyond standard KYC. Map and monitor relationships that involve customs brokers, security contractors and small freight forwarders.

For commercial customers with exposure to Mexico, consider requiring attestations regarding banking relationships in Mexico and immediate notification if those relationships change — particularly if they involve institutions subject to U.S. prohibitions.

Tune transaction monitoring rules to capture new threshold-driven risks and typologies, and document the tuning with model governance artifacts.

Refreshing Training on Signs of Cartel Influence

Third, refresh training with a focus on red flags unique to cartel influence. Generic AML modules will not suffice.

Frontline bankers in border states should understand the typologies of oil smuggling. Investigators should be able to identify mirror transfers tied to Chinese laundering syndicates serving cartel funds. Sanctions analysts should be able to triage screening hits that implicate agents, not just principals.

Build escalation playbooks that encourage early involvement from legal and security teams when cartel-related relationships are identified.

Coordinating Sanctions and AML Programs

Fourth, align sanctions and AML programs — and be prepared to respond promptly.

The FTO designations and Section 2313(a) orders compress implementation windows. Institutions need a repeatable process for translating legal and regulatory updates into system changes and customer communications.

Where exposure to prohibited institutions or people is discovered, ensure coordinated blocking, suspicious activity report decision-making and customer outreach.

Planning to Engage With Examiners and Enforcers

Fifth, plan for examiner and enforcement engagement.

Build a risk and response narrative that you can put in front of the Office of the Comptroller of the Currency, Federal Deposit Insurance Corp. or the Federal Reserve Board. Supervisors want to see not just that you exited risky relationships, but that you measured the risk, mitigated it where appropriate, escalated your concerns and only then made exit decisions where no risk-managed alternative existed.

Law enforcement relationships matter, too. Proactive outreach — particularly when your institution is situated in a high-risk corridor — can demonstrate good faith and may help prevent misunderstandings.

Stepping Up Readiness for Whistleblowers

Finally, elevate whistleblower readiness.

Financial crime whistleblower programs have matured. They now cover BSA and sanctions violations and offer significant awards. In an era of constrained government resources, whistleblowers multiply the enforcement capacity.

A well-governed speak-up culture, clear nonretaliation policies, and credible investigation and remediation protocols are not just Human Resources best practices — they are core controls against explosive external complaints. In a cartel-focused environment, an anonymous allegation that a bank looks the other way on Southwest cash or Mexico-linked oil trades can metastasize rapidly unless the institution can demonstrate disciplined internal handling.

The Bottom Line

The Trump administration's war on cartels has transitioned from campaign rhetoric to the framework of banking supervision and enforcement. By designating cartels as terrorist organizations, focusing FCPA enforcement to prioritize cartel-facilitating conduct, and empowering FinCEN with swift and sweeping orders, the government has reframed the role of banks from gatekeepers of the financial system to frontline actors in a national security campaign.

For banks, the message is sober but actionable. This is no longer a compliance perimeter guarded with generic policies and annual refreshers. It is a dynamic risk environment that demands current-state risk assessment, continuously tuned monitoring, sector- and corridor-specific EDD, and integrating sanctions and AML governance.

Institutions that invest in those disciplines — and can prove it — will be best positioned to steer clear of the next FinCEN order, DOJ press release, or ATA complaint. Those who cannot may discover too late that the cost of inaction now comes stamped with a national security seal.

Republished with permission. This article, "Reinventing Bank Risk Mgmt. After 2025's Cartel Crackdown," was published by Law360 on January 13, 2026. (login required)

Notes

[1] FinCEN, Press Release, Treasury Issues Historic Order Under Powerful New Authority to Counter Fentanyl, available at https://home.treasury.gov/news/press-releases/sb0179.

[2] See e.g., Reuters, US military Kills 11 People in Strike on Alleged Drug Boat from Venezuela, Trump Says, Sept. 3, 2025, available at https://www.reuters.com/world/americas/us-military-kills-11-people-strike-alleged-drug-boat-venezuela-trump-says-2025-09-03/.

[3] "Designating Cartels and Other Organizations as Foreign Terrorist Organizations and Specially Designated Global Terrorists," Jan. 20, 2025, available at https://www.whitehouse.gov/presidential-actions/2025/01/designating-cartels-and-other-organizations-as-foreign-terrorist-organizations-and-specially-designated-global-terrorists/.

[4] U.S. Department of Justice, Guidelines for Investigations and Enforcement of the Foreign Corrupt Practices Act, June 9, 2025, available at https://www.justice.gov/criminal/criminal-fraud/foreign-corrupt-practices-act/fcpa-guidelines.