
Dating back hundreds of years, the concept of organized crime is not new for anyone who tracks threats. In recent decades, we have incorporated organized crime into our enterprise risk management catalog as a risk factor affecting the locations where we operate, our supply chain routes, or the sources of specific raw materials or components. While organized crime has traditionally been considered as an external factor one or two layers away from our organization, that assumption is no longer valid.
Multinational organizations operating in high‑risk geographies are exposed to criminal ecosystems that range from traditional extortion to sophisticated enterprises that influence government officials, transportation corridors, labor markets, logistics providers, and ports of entry. In short, these groups can affect any aspect of your supply chain.
Now, the U.S. government can hold your organization and its members accountable for their indirect financial support of these groups.
The New Risk Reality
The designation of certain transnational criminal organizations (TCOs) and cartels as foreign terrorist organizations (FTOs) represents more than a symbolic geopolitical shift. It fundamentally changes the risk environment for companies operating in affected regions or supply chains. It’s no longer about avoiding interaction with criminal organizations. The challenge now is to ensure that none of your operational interactions benefit these organizations.
Historically, cartels were primarily treated as organized crime threats from a physical security function: dangerous, disruptive, and violent. However, FTO designation elevates these organizations into a category associated with national security and counterterrorism enforcement, bringing potentially significant legal, financial, and compliance implications.
Why Leadership Should Pay Attention
Historically, leadership viewed the risk of organized crime through the narrow lens of employee safety, cargo theft, business disruption, and other external factors.
Today, criminal influence can materially affect operational continuity, supply chain resilience, legal and regulatory exposure, and reputational risk—to mention a few of the most critical. However, the most significant challenge currently lies in complying with the expectations of U.S. regulators, who increasingly demand that companies understand and mitigate risks within their supply chains as a financial exposure, rather than merely reacting after an incident has occurred.
Leadership must acknowledge that the “we didn’t know” defense is increasingly untenable, and legal and criminal consequences are inevitable.
The Blind Spot: Organizational Silos
One of the most common governance failures is organizational silos. Security teams monitor threats. Procurement manages suppliers. Compliance oversees regulations. Legal manages exposure. Operations focus on production. Meanwhile, no single function is integrating this new reality into enterprise decision-making. This fragmentation creates dangerous blind spots.
In many cases, organizations assume they are insulated because they are not directly involved in illicit conduct. However, companies operating in high-risk locations may still face consequences if vendors, contractors, labor intermediaries, or logistics providers are compromised by criminal organizations. The question leadership should ask is simple: Do we understand where the risk of organized crime intersects with our business model?
They do not need to become intelligence analysts. They do, however, need to ensure management is asking the right questions and building appropriate controls to provide the critical information necessary to make sound business decisions regarding the operational, financial and budget approaches.
How to Modernize Your Risk Management
Here are the initial items you need to address or revisit in today’s environment:
- Risk mapping of high-exposure geographies and transportation corridors
- Enhanced third-party due diligence for vendors, labor providers, and intermediaries
- Monitoring of emerging criminal threats at all levels
- Clear escalation protocols for extortion, corruption, or coercion incidents
- Cross-functional reporting between security, legal, compliance, procurement, and operations
- Scenario planning for disruptions tied to criminal violence, labor instability, or border interruptions
- Reevaluation of your risk appetite. Prepare to answer the most critical question: What do we do now?
The Uncomfortable Truth of Global Operations
Many organizations operating in high-risk environments believe they are prepared because they have not yet experienced a major disruption. The reality is that many are simply untested, either by error or design.
The issue is not whether transnational organized crime affects global business. It already does. The real question is whether leadership understands how deeply these risks may already exist inside their operating environment.
For directors and executives, this represents a new frontier in enterprise risk management, one where operational resilience, legal exposure, supply chain integrity, and organizational trust increasingly intersect with the realities of transnational organized crime.
Organizations that recognize this shift early will be better positioned to protect operations, safeguard reputation, and sustain resilience in an increasingly complex world.
But overall, this compliance should now be considered as part of your “duty of care” policy to protect leadership from legal and criminal consequences.

Karlo Villalpando is a security and intelligence professional with more than 17 years of experience spanning Mexican federal law enforcement and multinational corporate security leadership. He specializes in enterprise risk management, supply chain security, crisis management, and intelligence-driven strategies that help organizations navigate organized crime, Foreign Terrorist Organizations (FTOs), and other complex geopolitical threats.


