Introduction

Recent U.S. enforcement developments indicate a structural shift in how corruption risk is assessed in cross-border operations. In 2025, the U.S. Department of Justice (DOJ) revised its Foreign Corrupt Practices Act (FCPA) enforcement guidelines, emphasizing misconduct that intersects with Transnational Criminal Organizations (TCOs). This change reflects a broader policy alignment between anti-corruption enforcement and national-security considerations, particularly in regions where organized crime exerts significant operational influence.

Understanding TCOs and Their Compliance Implications

Transnational Criminal Organizations (TCOs) are structured criminal groups operating across multiple countries, engaging in activities such as drug trafficking, extortion, corruption, money laundering, contraband, infiltration of public authorities, and subversion of legitimate businesses. Their cross-border networks can infiltrate supply chains, logistics channels, and public procurement ecosystems.

The DOJ’s 2025 guidelines articulate a more targeted enforcement strategy, prioritizing FCPA cases involving:

  • misconduct connected to cartels and transnational criminal organizations (TCOs),  particularly when bribery facilitates or is intertwined with criminal operations;;
  • conduct causing economic harm to U.S. companies or individuals;
  • risks to national security, including sectors such as energy, critical infrastructure, defense, telecommunications, logistics, and natural resources;
  • serious misconduct involving large bribes, complex concealment schemes, obstruction, or abuse of financial systems.

The prioritization of TCO-related matters signals increased scrutiny of transactions in jurisdictions where these groups influence commercial dynamics or public-sector interactions. For FCPA purposes, the DOJ views TCO involvement as a significant aggravating factor. Corruption schemes that enable, benefit, or intersect with TCO operations are likely to receive heightened attention — even when companies are not directly aware of the criminal context. This includes misconduct involving:

  • intermediaries with undisclosed criminal affiliations;
  • suppliers operating in territories controlled by organized crime;
  • public officials coerced or influenced by TCOs;
  • payments made under extortion or coercion, which regulators may still evaluate within a corruption-risk framework.

Expansion of Foreign Terrorist Organization (FTO) Designations

In parallel, the U.S. government has significantly expanded the list of designated Foreign Terrorist Organizations (FTOs),[1] including several Latin American cartels and criminal groups.

Once designated as an FTO, these organizations trigger civil and criminal liability risks to any company/entity with which they maintain business relationships.  The most critical risk is linked to the prohibition for a person in the United States or subject to the jurisdiction of the United States from knowingly providing “material support or resources” to the designated organization. The definition of “material support” is extremely broad, including “any good, property, or service, including currency or monetary instruments or financial securities, financial services, training, advice, or specialized assistance.

This requires enhanced monitoring of financial flows and counterparties connected to high-risk regions, as the legal threshold for liability includes circumstances in which a company knew or reasonably should have known of a counterparty’s affiliation with a designated entity. This broad standard increases the importance of robust due-diligence processes and supply-chain oversight.

The FCPA and the New Risk Landscape

The DOJ has signaled that cases involving corruption linked – directly or indirectly – to cartels or TCOs may fall within its highest enforcement priorities. This includes situations where:

  • bribe payments facilitate operations of criminal organizations;
  • state-owned enterprises or public officials have known ties to cartels or TCOs;
  • third parties or intermediaries operate in regions influenced by organized crime;
  • corporate controls fail to detect potentially illicit financial movements.

This means that if a company, willingly or due to failure in its due diligence and monitoring processes, conducts payments or business transactions with an entity controlled by a TCO – such as a supplier, distributor, or service provider – it can be investigated for providing “material support.” The transaction, even if apparently legitimate (e.g., payment for a logistics service), could be framed as support for a terrorist organization. The failure of internal controls that allowed such a transaction could be a violation of the FCPA.

Importantly, under the FCPA, companies may face enforcement not only for improper payments but also for violations of the statute’s accounting provisions, which require accurate books and records and the maintenance of effective internal controls. These provisions do not require evidence of bribery.

As DOJ has elevated TCO-related conduct within its enforcement priorities, companies may be scrutinized for:

  • inaccurate recording or misclassification of payments made under coercion or extortion;
  • insufficient controls to detect suspicious transactions in TCO-influenced regions;
  • failure to conduct adequate due diligence on third parties with potential criminal affiliations;
  • internal-control gaps resulting in unaddressed diversion of assets, falsified documentation, or unmonitored cash flows.

Because the accounting provisions operate on a strict-liability standard for issuers, the DOJ can pursue cases where TCO exposure reveals broader weaknesses in financial governance, even absent any intent to bribe a public official. This reflects the DOJ’s broader alignment of financial integrity controls with national-security and organized-crime enforcement objectives.

Regional Considerations for Brazil: Evolution of investigations in Brazil

Recent analyses have identified several ways through which cartels and TCOs infiltrate legitimate economic activity: (i) subversion of businesses; (ii) extortion, such as “safety payments,” “access fees,” or coercive “taxes” required for operation in certain regions; (iii) obstruction of transportation routes; and (iv) infiltration of law enforcement, i.e., impersonation of authorities, corruption of local officials, or misuse of enforcement actions to coercively influence businesses.

In Brazil, the concern with the interaction between companies and criminal organizations is not merely theoretical. Recent operations by Brazil’s Federal Police and Internal Revenue have exposed the deep infiltration of criminal organizations such as the Primeiro Comando da Capital (“PCC”) into vital sectors of the economy, impersonating complex corporate structures to launder money and expand their profits.

Brazil’s legal framework treats organized crime and terrorism under distinct statutory standards. While TCO classification is not a formal category under Brazilian law, many criminal dynamics in Latin America resemble or overlap with DOJ definitions of TCO exposure.

In fact, recently, U.S. authorities have openly discussed the possibility of classifying Brazilian criminal organizations – notably the PCC and Comando Vermelho (“CV”) – as TCOs under U.S. policy frameworks. Public reporting, including statements by members of Congress and U.S. security officials, reflects concerns about these groups’ cross-border operations, their presence in neighboring countries, and their involvement in activities such as narcotics trafficking, arms smuggling, extortion, and corruption. Although no formal designation has yet been adopted, the topic remains under review by U.S. government.[2]

Conclusion

Although Brazilian domestic law remains unchanged, the global enforcement environment – particularly the DOJ’s integrated approach to TCO-related corruption – elevates expectations for integrity controls. Companies with operations or suppliers in Brazil may be assessed not only on their anti-corruption frameworks but also on their ability to identify, mitigate, and document TCO-related risks.

For companies operating in Brazil, this evolving landscape is relevant because any future U.S. designation of PCC and CV as TCOs could raise counterparties’ risk profiles, intensify scrutiny of supply-chain operations, and increase expectations around due diligence and integrity controls in regions where such groups exert influence. The risk of violating U.S. law by providing, even inadvertently, “material support” to these organizations becomes a significant concern.

In order to build an efficient compliance program and effective risk mitigation, it is necessary to understand the geographical and cultural context in which the various parts of the company operate. The potential designation of the PCC and CV as TCOs challenges companies operating in Brazil to recalibrate their integrity programs, adapting to the reality in which they are applied.

Therefore, Companies operating in TCOs high-risk areas should conduct new risk assessments focused specifically on the possibility of interaction with criminal organizations, which goes beyond the traditional corruption risk assessment, and should map sectors, areas of operation, and types of transactions most vulnerable to organized crime infiltration.

To navigate this evolving landscape, organizations may benefit from: (i) strengthened third-party and supply-chain due diligence; (ii) targeted training and awareness programs for employees in sensitive regions or functions; (iii) updated risk assessments incorporating cartel/TCO exposure; and (iv) enhanced internal controls to detect and prevent irregular payments or coercive dynamics.

Also, due diligence of third parties needs to be deepened. Verification should go beyond traditional sanctions lists and include the search for “red flags” of connection to organized crime, such as suspicious corporate structures, use of unnecessary intermediaries, adverse news in the media, and investigations into the final beneficiaries. Payment and billing controls should be robust enough to detect anomalies that may indicate transactions with shell companies and detect irregular payments, including those made under coercive circumstances. Continuous third-party monitoring is essential to identify changes in behavior or new information that may alter your risk profile.

Proactive due diligence, well-structured training programs, and dynamic compliance controls form essential pillars for maintaining operational resilience and reducing enforcement exposure in a rapidly evolving risk landscape.

For more information, please contact Saud Advogados.

[1] FTO designation is a formal act by the U.S. Secretary of State, in consultation with the Attorney General and the Secretary of the Treasury, that identifies a foreign organization as engaging in terrorist activities that threaten the security of citizens or U.S. national security. The criteria for such designation, according to Section 219 of the Immigration and Nationality Act (“INA”), are: (i) it must be a foreign organization; (ii) engage in terrorist activity or terrorism, or have the ability and intent to do so; and (iii) the organization’s terrorist or terrorist activity threatens the security of U.S. nationals or the national security (national defense, foreign affairs, or economic interests) of the United States.

[2] At present, PCC and Comando Vermelho are not designated TCOs under any binding U.S. statute, nor do they appear on terrorism-related lists. However, the ongoing policy discussion signals that U.S. agencies increasingly view major Latin American criminal organizations through a transnational and security-driven lens.