In 2025, the U.S. government designated Latin American cartels as Foreign Terrorist Organizations (FTOs). The move rewired the global risk landscape overnight. For many financial institutions, it was a wake-up call. But for the cartels? It was business as usual.
Why? Because they’ve been preparing for this moment for years, mastering the art of staying hidden in plain sight.
Know Your Customer (KYC) is designed to protect institutions from onboarding illicit actors. But cartel-linked networks don’t walk through the front door waving a red flag. They come cloaked as importers, wholesalers, consultants, or holding companies. They register shell companies with nominee directors and legitimate-seeming trade flows. They open accounts with perfect paperwork and plausible explanations.
And too often, banks let them in.
According to Sigma360’s proprietary data, a staggering number of cartel-affiliated entities are indirectly connected to active accounts at financial institutions that pride themselves on strong compliance programs. These entities don’t show up on sanctions lists. They aren’t PEPs. They’ve never been convicted. But they’re part of the network.
They share phone numbers, addresses, emails, domain infrastructure, and beneficial owners with known facilitators of criminal networks. They co-locate with shell import/export firms flagged for abnormal trade activity. They operate under aliases that reappear across jurisdictions and product lines.
If your KYC process isn’t designed to detect those patterns, it isn’t designed for 2025.
Let’s walk through an example.
A U.S.-based bank onboards a new customer: a logistics company operating out of Laredo, Texas. The beneficial owner is listed as a local businessperson with a clean record. Trade documentation checks out. Nothing hits against name screening, negative news, or watchlists.
What the bank doesn’t see, unless they’re using enhanced network screening, is that the listed beneficial owner also serves as a nominee director for two other firms tied to a money laundering corridor in Sinaloa. The address provided is linked to over a dozen shell companies that facilitated bulk cash smuggling schemes under DEA investigation. And the company’s customs broker was sanctioned in June for enabling illicit oil smuggling linked to Cartel del Noreste.
Individually, none of those signals are definitive. Together, they form a pattern of proximity that suggests elevated risk. But if your KYC review process ends after the first clean screen, you’ll never see it.
Traditional onboarding KYC assumes that the moment of account opening is the riskiest point in the customer lifecycle. It’s not.
Cartels play the long game. They exploit static due diligence programs by shifting their risk exposure over time. They start with dormant accounts, move small sums, or use trade finance products to hide value in plain sight. And they wait.
Then, once they've validated that their accounts are clean, they scale. By then, your initial KYC file is a year old and never flagged them once.
The FTO designation of cartels should prompt every financial institution to rethink its customer risk lifecycle.
This isn't just about onboarding red flags. It's about whether your institution can recognize when a once-benign client becomes a conduit for organized crime. That requires real-time behavioral analytics, network risk mapping, and a feedback loop between screening, transaction monitoring, and investigations.
With tools like Sigma360’s Entity Risk Graph, institutions can see connections that list-based screening misses entirely. These include nominee directors that span multiple jurisdictions, shared infrastructure between shell firms, and address clusters that light up in pattern analysis. Our data has revealed cartel-adjacent networks involving:
To protect your institution and your reputation, you need to evolve beyond static know your customer software. Here are four steps to start:
Don’t rely solely on customer-provided information. Cross-reference with corporate registries, litigation data, and known facilitator lists. Use analytics to flag nominee directors, layering patterns, and offshoring tactics.
Move from individual to entity clusters. Use shared infrastructure like phones, emails, and addresses as linkage points. Assign risk scores not just to entities, but to the networks they’re embedded in.
Update your sanction screening cadence. Flag when a customer’s co-directors are sanctioned, when associated domains are used by flagged entities, or when new adverse media emerges. Don’t wait for the annual review.
Ask yourself: would your current risk model have flagged an importer one degree removed from a sanctioned cartel financial facilitator? If not, your institution is cartel-blind by design.
The FTO designation wasn’t symbolic. It was a signal. It unlocked material support of terrorism charges for entities tied to CJNG. It laid the groundwork for secondary sanctions on Mexican financial institutions. And it put banks on notice. Business as usual isn’t good enough.
Financial institutions don’t need to panic. But they do need to act. The cartels have already adapted. It’s time KYC caught up.
As these risks grow more sophisticated, the need for deeper intelligence has never been greater. Sigma360 equips financial institutions, regulators, and corporations with the tools to surface hidden relationships tied to designated Foreign Terrorist Organizations (FTOs) and cartel-linked entities that traditional systems often miss.
Through advanced analytics and proprietary datasets, Sigma360 has identified:
By moving beyond static screening and surfacing dynamic network risks, Sigma360 helps organizations protect their reputation, meet regulatory expectations, and strengthen national security.
Learn more at sigma360.com/narcotics.