The Expanding Reach of Transnational Crime
Crime is becoming more globalized, with organized crime groups increasingly collaborating and entering into a wider range of criminal markets. As transnational criminal organizations (TCOs) grow and become more profitable, they have also become more influential. Rising global influence means that more industries are grappling with the impacts of transnational crime. As such, risks to corporations have intensified, increasingly impacting supply chains, finances and operations. To better understand this threat landscape and how companies can best protect themselves, RANE spoke with Andrej Bastar of Brasidas Group AG, Jacob Sims of Operation Shamrock, James Bosworth of Hxagon and Joshua Skule of Bow Wave LLC.
The experts RANE spoke with identified three main trends that characterize the transnational criminal ecosystem in today's world:
Trend Alert: Increasing Collaboration and Confluence
Bosworth tells RANE that "because these groups are businesses, they collaborate with each other, even when they compete with each other." Sims reiterates this, pointing to a broader trend of a "confluence of multiple forms of organized crime coming together." He says, "we are noticing that network alignment is occurring." This means that major industries of crime, like the drug trade and the cybercrime market, or the drug trade and the illegal mining trade, are increasingly working together for mutual benefit. Sims offers an explanation for this phenomenon, saying that "as the supply chains and value chains of these types of crime become longer and longer, it requires a more sophisticated set of operators to run it successfully."
Sims says this means that as the drug trade and cybercrime converge, for example, the groups need not only "cultivators, mules, smuggling networks and dealers that span the entire world" to facilitate the drug trade, but also cybercrime requires personnel to recruit workers and transport them across the world, along with agents to be involved in the money laundering process for both markets. He further elaborates that "it [requires] lots of different types of specialized actors that are operating over a really wide territory. And so the number of people capable of scaling these sorts of activities is really small." Sims says that because of this, "it just makes sense that they are all starting to work together." With this increasing collaboration, Skule says that it is important to recognize "that crime is globalized more than it ever has been."
Trend Alert: Expanding into Different Types of Crime
Bastar tells RANE that "especially as of early 2025," there has been "a convergence of different illicit markets, state actors and emerging technologies." He elaborates that "these different TCOs are blending trafficking, cybercrime, financial fraud and legal commercial operations." Bastar says this represents a shift, "where before they were specialized, they operate more now in a hybridized model." Bosworth notes that some groups remain highly specialized but acknowledges that many of these groups "have multiple fronts."
For example, Bosworth explains that major drug traffickers are not only profiting from drug trafficking but also making a lot of money from local extortion and human trafficking, with drugs only representing a third of their business model despite being characterized as a drug cartel. Bastar explains this trend by saying that this model "enhances their profit diversification and enhances their resilience." For example, Bastar points to Balkan cartel alliances like the Kavac and Skaljari clans in Montenegro, which he says have "diversified from cocaine logistics into cyber fraud, crypto laundering and arms trafficking." Moreover, these groups use shell companies registered largely in Cyprus, the United Arab Emirates and the Netherlands "to channel both illicit proceeds and investment capital."
Trend Alert: Increasing State Involvement and Increasing Infiltration of the Public Sector
When asked about major trends, Sims points to the "increasing centralization of state involvement." He mentions Cambodia as a prime example of how this is occurring with human trafficking to cyber scam compounds. In September, the United States sanctioned Ly Yong Phat, a powerful Cambodian billionaire, senator and business partner to the Cambodian president, for his alleged role in trafficking forced labor to these scam centers. Referencing this case, Sims says that Cambodia is "emblematic" of growing state involvement in transnational crime, "where there is top-to-bottom state actor involvement not only in accepting bribes, but in actually perpetrating the crime and seemingly welcoming this into their country."
This growing collusion between state actors and transnational crime contributes to the growing influence and power of these groups, with Skule noting that the extremely lucrative nature of these industries leads to "actors that rival governments" in terms of money and capability. Specifically, Skule points to the growing counterintelligence capabilities, access to arms, and the influence and political status of these groups. While not perpetrated by a state actor, in a related example, Bastar speaks to organized criminal groups' growing infiltration into EU infrastructure and the criminal capture of the public procurement process. Bastar notes the growing presence of criminal groups in state-owned entities like port infrastructure, transportation, utility sectors and green energy, all of which pose legal risks for EU companies that may inadvertently become linked to criminal groups or caught up in criminal schemes.
Experts told RANE that transnational crime has surged in Ecuador, Southeast Asia, and Southern and Eastern Europe. The Balkans remain a key facilitator, with Chinese organized crime groups playing an increasing role globally. Bosworth calls Ecuador a "hot spot" where "murders have tripled in the last five years" as a result of foreign, rival transnational criminal groups entering the country. He says, "it is now one of the most violent countries in the world, and it was not that way five, six years ago." To help explain this, Bosworth notes that Ecuador is not a major cocaine producer on its own, but its neighbors, Colombia and Peru, are the two main producers in the world, "so cocaine is trying to find its way out via ports." To make matters worse, he says,"Albanian gangs have entered the [cocaine] market" in Ecuador.
This means that criminal groups across the continent are coming into Ecuador and fighting over cocaine exports at the same time that Albanian groups are expanding geographically to operate in Latin America in addition to Europe. Historically, cocaine would come into the Balkans, and the Albanians would move the product around Europe. Now, however, Bosworth says that "Albanians took control of part of the supply chain that they did not control before" to get bigger profit margins, exacerbating the security situation in Ecuador and underscoring both the larger trend of how TCOs are expanding into different markets, along with the role of the Balkans as a key facilitator of transnational crime. Looking forward, Bosworth says that "Peru is the next Ecuador."
With the expansion of Albanian gangs into Latin America, the Balkans continue to act as a "critical facilitator region," as Bastar puts it, helping to enable heightened crime in Southern and Eastern Europe in particular. Bastar says that the Balkans is a "convergence point for a number of these underground economies," with a legacy of conflict and institutional corruption helping to support its role as a "transit corridor" linking Turkey and the Middle East to the European Union. Bastar says that while the Balkans are "not necessarily the source of the crime," they nonetheless see "everything from human trafficking to cocaine logistics and heroin trafficking, arms smuggling, cybercrime and money laundering." As such, coupled with government corruption, Bastar says that "the biggest issue or zone that we see is Southern Eastern Europe." Here, Bastar says that TCOs are "embedding themselves into ports and border towns across Southeast Europe, using corruption and coercion to control logistic hubs and get access to infrastructure," underscoring the broader trend of TCOs increasingly infiltrating the public sector.
Beyond Europe and Latin America, Sims says that "one of the biggest explosions of that crime in recent years has been cybercrime or transnational scams that have emerged out of Southeast Asia and predominantly concentrated within Cambodia, Myanmar and Laos." As they gain attention internationally in these areas, Sims notes that this type of criminal enterprise is popping up in other areas as well, but that Cambodia, Myanmar and Laos "are still the epicenter." These scam compounds are run largely by criminal networks originating from China and often with coordination from local criminal organizations. While Sims notes an expansion in these operations from China-based criminal networks, Bastar also highlights an uptick and growing role of Chinese organized crime groups in Europe that are engaging in counterfeit production and crypto money laundering using small and medium-sized businesses, as well as environmental crime like illegal logging, mining, wildlife trafficking, waste dumping and carbon credit frauds. Bastar says these groups' "operations intersect with the Latin American cocaine logistics and Africa smuggling routes," underscoring the increasingly globalized and interconnected nature of crime.
Bastar points to a wide array of criminal markets that have grown in recent years, including ransomware and cybercrime enabled by greater digitization, environmental crime like illegal logging, money laundering, counterfeit and fraudulent goods, and sanctions evasion or dual-use goods smuggling, which has been brought on amid geopolitical conflicts like the Russia-Ukraine war. Data from the Global Initiative Against Transnational Organized Crime echoes Bastar's insights, with the Global Organized Crime Index showing that its scores to assess criminality increased in every criminal market between 2021-23. Human smuggling and the synthetic drug trade represented the largest increases for the Global Organized Crime Index. This data underscores points from Bosworth and Skule, who both comment on a marked increase in the fentanyl and synthetic drug trade. Skule says that "for more than a decade, [there has been] a flood of fentanyl coming over from Mexico," into the United States. Bosworth notes that the shift from plant-based drugs to synthetic drugs has dramatically changed the nature of transnational crime in Latin America, with groups that were previously growing opium and heroin in Afghanistan and Mexico no longer making the same kind of profits.
Instead, Bosworth says that this has shifted with "precursor chemicals coming from places like China and India." Meanwhile, Bastar sheds light on the dual-use goods smuggling market, saying that in recent years, this industry has been highly active in bringing goods to Russia, Iran and North Korea, with Turkey, Armenia, the Emirates and others in Central Asia often used as the intermediate countries. Additionally, Bastar notes that the Balkans are typically used as a node for dual-use goods smuggling, "very often via Serbia." Bastar also points to Iranian procurement groups that are launching from Lebanon and Syria as a way of evading sanctions, with a "touch point in the Balkans," along with nodes in Germany, the Netherlands and France.
Experts cited weak rule of law, ongoing conflict and the gambling industry as major drivers of transnational crime. Bosworth says that "weak rule of law creates openings for organized crime to come in." He elaborates that it often begins with moving things across borders for profit before cascading into different types of crime. Relatedly, Bastar points towards conflict as an enabler of weak rule of law, saying that "conflict drives sanctions evasion and dual-use goods smuggling and weakened rule of law that can further enable transnational crime." Sims reiterates these thoughts, noting that Cambodia, Myanmar and Laos are epicenters of crime because they exhibit the "perfect storm" of factors like degraded rule of law, along with "large populations of vulnerable people seeking jobs." Similarly, Sims notes how gambling plays a role, saying that "the gray market of the gambling industry provides criminals with a wealth of opportunities to scale their operations." Specifically, he points to "the cash nature of the business and the easily explainable gains and losses," which "makes it ideal if you are already embedded in those networks to transfer it into illicit flows." Sims elaborates that a "24/7 cash business where no one asks questions when large amounts of money are moving in and out" makes gambling "the perfect mixer in terms of a money laundering instrument."
To think about future trends in transnational crime, Bosworth also says that "the price of gold matters." For example, "when the price of cocaine drops and the price of gold goes up, gold becomes more profitable than cocaine, and illegal mining becomes much more profitable than illegal drug trafficking." Like other drivers of transnational crime, this factor can be helpful for organizations to think about in terms of identifying areas where they may be most vulnerable to the impacts of transnational crime and for planning for a projected increase in the types of crime that impact their organizations the most or the least.
While Skule says every organization "has a risk at some point of being involved with organized criminal elements," some industries are at a higher risk than others. Bosworth says that any organization with fixed assets is at a higher risk because "when you have fixed assets, you're very vulnerable to extortion." Further explaining this phenomenon, Bosworth gives the example of mining – a highly vulnerable sector to organized crime – saying, "the mines can't move, and therefore, the group that controls the mining sector can extort that mining company." This applies not only to extractive industries, including agriculture, but also to large-scale manufacturing. Beyond this, our experts highlighted the financial sector, logistics and transportation, industrial machinery and tech exporters, and the chemical and pharmaceutical sectors as most at risk. Here is what they had to say about each of these sectors:
Speaking to the broad range of impacts transnational crime can have on organizations, Skule tells RANE, "it's business risk, it's reputational risk, it's operational risk." If implicated in criminal activity, Skule points towards broader risks resulting from reputational damage, saying that "if you take a reputational hit for engaging in poor business practices, you run the risk of folks not wanting to do business with you … which impacts your losses in a greater value [than compliance fines] because people refuse to do business with you." Companies face reputational risks not only if they are implicated in criminal activity but also if they fall victim to it, because being successfully targeted by criminal groups can suggest a failure of business processes and controls and may call into question the security of the company.
Of special note, Skule flags that one of the biggest areas of vulnerability for corporations is sourcing unskilled labor, as forced labor represents the largest form of exploitation for victims of human trafficking. Skule says this is true for both "services that are either supporting or that you are directly hiring for that are more manual labor services." He emphasizes the importance of due diligence and vetting of any service an organization uses, such as cleaning crews. In the due diligence process, Skule suggests asking of any service or third party: "What are their hiring practices? How do you guarantee that they are not trafficking for forced labor? Is the company controlled by an organized criminal element?"
To protect against the risks associated with transnational crime, our experts suggest an array of best practices for organizations to undertake. At the heart of this is information sharing. Bosworth tells RANE that "all companies should be sharing information," particularly with their neighbors. Bosworth says that "getting good intel from the local community as well as sharing information locally with their geographic neighbors" can help organizations protect against the impacts of transnational crime. Bastar also echoes the importance of information sharing, emphasizing more public-private partnerships that can help share intelligence and coordinate law enforcement efforts.
Our experts also emphasized the importance of due diligence. Skule says that "doing your due diligence on hiring practices … is critical for your supply chain." Within this process, he says, "know your vendors." Skule says global companies, in particular, "need to understand the hiring practices of partner companies to reduce risk of unintentionally becoming associated with organized criminal elements." Bastar echoes this, emphasizing due diligence and Ultimate Beneficial Ownership (UBO) screening as essential baselines; companies, particularly those operating in high-risk environments, should go beyond standard Know Your Customer (KYC) procedures. This is especially critical in sectors such as shipping, energy trading, chemicals and precious metals, where complex ownership structures and jurisdictional opacity can obscure exposure to illicit activity or sanctioned entities.
Sims provides guidance specifically for the financial sector. Sims encourages financial organizations to improve consumer fraud protections not only to ensure they are aligned from a compliance standpoint but also because, he says, "there is a clearly aligned self-interest for banks to do what they can to dissuade their customers from making bad decisions with money that they are holding." This helps to protect financial organizations from blame for customers who are victims of financial fraud or cyber scams, helping to shield the organization from reputational harm and potential legal action from the customer.
When operating in areas with high rates of transnational crime or planning for such scenarios, Bosworth tells organizations that an important exercise is to think big picture and worst-case scenario. He says, "think about the 10x or 100x exercise" and ask "what would be your worst case scenario and then make it 10x or 100x worse." This can help organizations address the systemwide security risks. Bosworth says "protecting against that mass event becomes really important because sometimes those are the big losses that actually cause problems."
Finally, Sims strongly encourages organizations to invest in rule of law initiatives. He says this not only helps organizations bolster their reputations and spend their money ethically, but it also helps to address the drivers of transnational crime at its source. Sims says that corporations working in enabling environments should consider trying "to strengthen how those governments operate or work with partners on the ground that are trying to do that." This, he says, not only "tells a nice narrative of a corporation's intent to contribute to ethical supply chains, but also has a real chance of actually impacting and changing the situation on the ground from which all these issues are emerging." He says that "all of this emerges from justice systems that don't function properly, corruption, low capacity of government to go after crimes in an effective way," and that investing in "NGOs that work in the justice system and work to combat organized crime" or funding research into these issues, as well as "funding the capacity building of local government offices," is a way for corporations to mitigate risks.
About the Experts:
Andrej Bastar is Managing Director and co-founder of Brasidas Group AG, a Swiss-based global strategic intelligence and risk advisory company that operates throughout the Middle East, Africa, Asia, Europe, Russia and Commonwealth of Independent State (CIS) countries. Andrej has over 20 years of international experience in the areas of business intelligence, investigations and analysis, having amassed a personal network of relevant contacts across multiple business and governmental segments. Prior to co-founding Brasidas, Andrej worked for the International Criminal Tribunal for the Former Yugoslavia (ICTY), investigating war crimes. Andrej holds a Master of Science degree from John Jay College of Criminal Justice, focused on Forensic Science. He holds a BA from Rutgers University.
James Bosworth writes and consults on politics, security, economics and technology issues in emerging markets, primarily Latin America and the Caribbean. He is the Founder of Hxagon, a consulting company that provides political risk analysis and bespoke investigations in emerging markets on topics including election predictions, political economy outlooks and cryptocurrency usage. James, also known as Boz, is the author of the weekly newsletter, Latin America Risk Report, and has a weekly column in World Politics Review. James is a global fellow at the Woodrow Wilson Center's Latin America Program and a certified Superforecaster for Good Judgement, Inc. James holds a BA in Political Science and History from Washington University, St. Louis.
Jacob Sims leads various efforts to combat human rights violations, transnational crime and address global development challenges. Jake is a Board Advisor and Executive Vice President for International Programs and Government Affairs of Operation Shamrock, a public-private coalition dedicated to disrupting transnational organized crime's expansion of human trafficking and cyber fraud crime, such as the "pig butchering" epidemic in Southeast Asia. Jake concurrently works as a columnist for The Diplomat publication, as a visiting expert on transnational crime at the U.S. Institute for Peace, and as an advisor to other organizations and government agencies, including the United Nations and the US Department of State with regard to the trafficking-transnational cybercrime nexus and other emerging non-traditional security threats. He previously served in various leadership roles with the International Justice Mission, including an in-country position in Cambodia. Jake has led policy research at the College of William and Mary and conducted human rights research in northern Myanmar. Jake holds a Master of Science (MSc) in International Development and Economic History from the London School of Economics and Political Science and a Bachelor of Science (BS) in Accounting from Grove City College.
Joshua Skule is the CEO and Founder of Bow Wave LLC. Prior to Bow Wave, Josh was Senior Vice President of Allied Universal's Risk Advisory and Consulting Services. Prior to his entry into the private sector, Josh had a 21-year career with the Federal Bureau of Investigation, including roles as Executive Assistant Director for Intelligence, leading the Bureau's Intelligence Branch. Josh is a graduate of the U.S. Naval Academy in 1991. Before joining the FBI, he served as a U.S. Marine Captain and led teams in challenging deployments worldwide. Bow Wave provides professional technology services for a variety of mission-critical fields to support U.S. National Security. The firm's leadership provides over 60 years of U.S. Government and commercial executive and operational leadership experience.
The new Trump administration is focusing intensely on cartels and other transnational criminal organizations (TCOs), particularly in Latin America, as part of a crackdown on illegal immigration and fentanyl trafficking. Within his first 30 days in office, U.S. President Donald Trump launched efforts to designate drug cartels as foreign terrorist organizations (FTOs), announced an initial round of designations, and began implementing sweeping changes to financial crime compliance, enforcement and transparency priorities. Amidst this, his America-First policy may strain international information sharing and collaboration channels. These changes in policies and priorities present complex sanctions and anti-money laundering (AML) compliance challenges for U.S. and non-U.S. financial institutions, financial platforms that process remittances, and international organizations with operations in Mexico. To better understand the dynamics at play and the associated risks, RANE spoke with Robert Appleton, Partner at Olshan Frome Wolosky LLP, and Guillermo Christensen, Partner at K&L Gates LLP.
Over the past 40-odd years, drug cartels in Mexico have grown increasingly pervasive, engaging in a wide range of criminal activities, including drug trafficking, extortion, kidnapping and violence, heightening exposure risk for organizations doing business there. Drug cartels are deeply integrated into Mexican society, using existing infrastructure and exploiting economic opportunities to gain power and influence, leading to widespread corruption and violence. While Trump's designation of cartels as FTOs is recent, the concern that led him to do so is not. The U.S. Congress first proposed the FTO designation for the Mexican cartels in 2011 as a response to two separate killings of U.S. citizens by the cartels. The goal was then, as it is now, to pressure Mexico into doing more to curb cartel activity, give U.S. federal and state law enforcement agencies more aggressive tools to confront the fentanyl crisis, deny cartel members entry into the United States and allow prosecutors to pursue harsher punishments against those providing material support to these organizations.
However, designating a group as an FTO carries increased legal and financial implications. When paired with the deep and diversified entrenchment Mexico's cartels have in society, individuals, businesses and financial institutions risk possible U.S. prosecution if they knowingly or unknowingly engage in transactions that touch the widespread world of the cartels. This risk is further compounded by the vast extortion networks these cartels have built, for which businesses trying to operate in the area are coerced into paying for the right to function or for protection.
The Trump administration argues that the international connections and operations of these transnational criminal organizations – including drug trafficking, migrant smuggling and violent pushes to extend their territory – warrant the designation of terrorist organizations and the deployment of resources to fight them as such. Immediately following his inauguration, on Jan. 20, 2025, Trump issued Executive Order (EO) 14157, "Designating Cartels and Other Organizations as Foreign Terrorist Organizations and Specially Designated Global Terrorists (SDGTs)." On Feb. 5, 2025, newly-confirmed Attorney General (AG) Pam Bondi issued a Memorandum to Department of Justice (DOJ) employees, calling for the "Total Elimination of Cartels and Transnational Criminal Organizations" and realigning DOJ priorities and resources to effect this. On the same day, and in furtherance of the U.S. goal of eliminating cartels and TCOs, AG Bondi implemented changes to the National Security Division and dissolved the KleptoCapture Task Force and related initiatives, with "resources currently devoted to those efforts [to] be committed to the total elimination of cartels and TCOs."
Then, on Feb. 20, 2025, Secretary of State Marco Rubio designated eight cartels and TCOs as FTOs, adding them to the U.S. Treasury's Office of Foreign Assets Control (OFAC)'s Specially Designated National and Blocked Persons (SDN) List. While almost all of these groups were already subject to U.S. sanctions, having been previously listed by OFAC as SDNs, the FTO designation ushers in considerable new legal and compliance consequences. FTO and SDGT designations have traditionally been used on groups like al Qaeda and the Islamic State that do not have significant involvement in international business. Mexico is a major global manufacturing and trade partner, and cartels have a ubiquitous presence there. Any individual or entity that engages with cartels or engages with a third party that engages with cartels risks U.S. sanctions violations and enforcement. Other risks include becoming designated by association, criminal investigation and prosecution, or becoming a party in drawn-out terrorism-related private civil lawsuits in the United States.
Christensen notes that while employing the FTO designation for the first time for Mexican cartels may indicate an increased enforcement focus by the United States, he thinks it was a natural consequence of ineffective efforts to curb the entrenchment of Mexican and Central American cartels in North America. The reality is, he says, that many cartels have not been blocked from actively doing business in the United States by existing interdictions like sanctions, and they have extensive business activities in the United States. Christensen cautions that U.S. companies and persons will have to be much more diligent in understanding ownership to ensure that any potential or existing partner entities, in either Mexico or the United States, are not connected to or owned by cartels, including by way of various shell companies.
The second Trump administration has been vocal about its desire to crack down on cartels, so federal agencies will likely be aggressive about enforcement. As such, organizations should assess risk exposure and appetite accordingly. This may be particularly challenging due to the lack of currently available guidance and existing protocols. A shift in mindset and a reinforcement of different types of controls and information-sharing tools may be necessary to follow the downstream flow of money that the Countering the Financing of Terrorism (CFT) part of the AML/CFT equation requires. Companies that previously relied on traditional AML and sanctions compliance strategies must now adapt to the more challenging legal framework applicable to FTOs.
While Trump's designation of cartels as FTOs represents a major shift in U.S. financial crime priorities, it is not the only major change he has directed since taking office, as his administration moves to de-prioritize enforcement of an overseas corporate bribery law and narrow efforts for domestic corporate transparency. On Feb. 10, 2025, Trump issued an EO that placed a temporary halt on investigations or enforcement actions related to the Foreign Corrupt Practices Act (FCPA) for 180 days and directed AG Bondi to review pre-existing and in-process FCPA-related actions. The order also directed Bondi to issue new guidelines to govern the DOJ's enforcement of the FCPA, a U.S. law that has been a key tool in the global fight against corruption for decades.
In the "Total Elimination of Cartels and TCOs" memo, AG Bondi directs the FCPA unit within the DOJ and the Money Laundering and Asset Recovery Section (MLARS) to "prioritize investigations related to foreign bribery that facilitates the criminal operations of cartels and TCOs." While many questions remain about the shape of future FCPA enforcement, for which drug and violent-crime-related cases have never been the focus, with a whole-of-government approach dedicated to eliminating cartels, agents and prosecutors will likely be highly active in their investigation and enforcement efforts.
Trump has also directed the U.S. Treasury's Financial Crimes Enforcement Network (FinCEN) to significantly water down the Corporate Transparency Act (CTA), a bipartisan effort to curb money laundering through shell companies by requiring businesses to disclose beneficial ownership information to FinCEN for a non-public registry. While the CTA initially required both domestic and foreign companies to disclose their beneficial owners, on March 21, 2025, the Treasury Department issued an Interim Final Rule (IFR) that narrows the scope of the CTA to apply only to certain foreign companies that register to do business in the United States. The IFR exempts all domestic companies, as well as all beneficial owners of covered foreign companies who are U.S. persons.
While the narrowed scope may have been welcomed by parts of the business community – some of whom viewed the CTA as burdensome and intrusive – criminal networks continue to exploit shell companies to launder money, evade sanctions and fund illicit operations. Historically, drug cartels have relied on banks to launder their dirty money. However, as U.S. AML laws for banks have strengthened, these TCOs are increasingly utilizing non-bank professionals like lawyers, accountants, trust and company service providers, incorporators, and others, who are not subject to these laws and are not required to understand the nature or source of income of their clients, to form or register companies for their clients.
The Trump administration has taken a markedly different stance on international relations than its presidential predecessors, which may impact prosecutors' ability to conduct investigations or obtain bank records and other critical overseas evidence, among other things. The transnational nature of money laundering networks and drug syndicates makes it difficult to catch criminals since it requires cooperation between officials in different countries. Intelligence partnerships and international joint efforts are critical to tracking illicit finance flows and shutting down cartels.
Appleton notes that the United States has intentionally developed relationships with authorities abroad in order to coordinate and combine forces to investigate priority cases. The United States has spent two decades nurturing these relationships, particularly in Europe as well as Latin America, Australia and Africa, all of whom have become very close partners in cross-border criminal cases, and he warns that severing them will make bringing cross-border cases much more challenging. Reflecting on his past experience conducting export trade, international money laundering, and international fraud and corruption prosecutions in the DOJ, Appleton remarks that he regularly needed to work closely with authorities from multiple countries to gather evidence. He questions the ability of the United States to pursue cases involving priority issues like immigration and cartels without Mexico's willing involvement and participation. The concern is compounded, he says, when he imagines how tariffs might factor into the equation, adding that he cannot imagine these authorities will be too disposed to help in a timely and comprehensive manner.
The concern over how Trump’s trade policies will impact international collaboration may be reflected in how Canada navigates its developing relationship with the United States. In 2024, in preparation for an upcoming review by the Financial Action Task Force, Canada increased its efforts to expand and strengthen tools to combat money laundering and enforce economic sanctions, including by making changes to its Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and its Criminal Code, which will create new enforcement and compliance considerations. Following the upcoming PCMLTFA amendments, the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) will be granted the authority to share information with foreign states if there is an agreement to do so. However, while Canada initially showed signs that it is prepared to coordinate with the United States – as evidenced by its mirror designations naming seven of the same cartels as terrorist entities immediately after the U.S. designations, appointment of a fentanyl czar, launch of the Canada-U.S. Joint Strike Force and convention of a new task force to combat money laundering – the impact of tariffs, negotiations between newly-installed Prime Minister Mark Carney and the results of Canada's snap elections on April 28, 2025, may lead to a different economic and security relationship.
For Europe and the United Kingdom, the Trump administration's retreat from corporate anticorruption enforcement and other traditional financial crime priorities is a chance to step up and attempt to fill the enforcement gap. In the potential absence of U.S.-led efforts, which have driven the enforcement of corruption cases in the European Union for twenty years, prosecutors in the United Kingdom and Europe will be more ambitious and work together more to bring cases.
In the United Kingdom, Serious Fraud Office (SFO) Director Nick Ephgrave has made clear his wish to take a "bolder, more pragmatic, more proactive" approach to investigating and prosecuting serious financial crime. Under his direction, the SFO launched six new investigations, charged 15 suspects, obtained its first-ever unexplained wealth order and brought back the use of dawn raids. Despite Ephgrave originally indicating that he would focus on domestic fraud, he has taken on large, international corruption cases, including in partnership with the French Parquet National Financier (PNF).
Formalizing these partnerships, on March 21, 2025, the United Kingdom's SFO, France's PNF and the Office of the Attorney General of Switzerland announced the creation of a new task force to strengthen collaboration against international bribery and corruption. Its founding statement states that its members recognize that "success relies on us working closely and effectively together." The announcement noted that all three countries have anti-bribery legislation with jurisdiction to prosecute criminal conduct, even if that activity occurs overseas, provided there is a link to the prosecuting country. Notably absent from this task force is the United States. Despite the agencies saying this is not a response to Trump's EO pausing and redirecting FCPA enforcement, the timing of the announcement suggests that the United Kingdom, France and Switzerland are distinguishing themselves from the current anti-corruption enforcement posture of the United States.
There are a handful of legislative developments that support this trend in Europe, namely the European Union's Anti-Corruption Directive, which, as of February 2025, is in trilogue negotiations and which attempts to harmonize anti-corruption efforts in the European Union and support efforts of EU agencies to investigate and prosecute cross-border cases. Additionally, the European Union has announced regulation related to cross-border access to electronic evidence in criminal proceedings, and the EU Whistleblower Directive, which ostensibly makes it safer for whistleblowers to report potential wrongdoing, might create a pipeline that could result in a rise in investigations.
Both Christensen and Appleton believe non-U.S. regulators may increase white-collar crime investigations and enforcement proceedings in an effort to fill the void left by the United States. In this event, U.S. companies may be targeted in an attempt to maintain a level playing field since the DOJ has indicated that it may still wield the FCPA to target foreign companies paying bribes to obtain resources deemed by the administration to be of national or economic security to the United States. Appleton notes that EU regulators have already signaled that they are gearing up to increase enforcement in money laundering and cross-border fraud, although he is less confident in their ability to prosecute sophisticated corruption cases as these non-U.S. enforcement bodies have significantly smaller budgets, fewer resources, limited extraterritorial laws to address cross border crime and less-developed infrastructure. As a result, this may give rise to more cases brought against individuals, as it is generally easier for the European Union to bring cases against individuals than companies due to the legal standing of individuals and the complexity of corporate structures, which can make it harder to pinpoint responsibility and enforce legal actions.
The Trump administration's push to designate cartels and TCOs as FTOs and SDGTs, as well as the DOJ's prioritization of investigations into these entities, may result in more cartel- and TCO-related corporate prosecutions, as well as increased scrutiny and compliance burdens. It is important to note that FTO risk is not limited to U.S. companies, as the FTO statute has broad extraterritorial purview. As such, foreign subsidiaries of U.S. companies, joint ventures and even companies based outside the United States should consider incorporating FTO compliance into their Mexico business strategies.
To stay ahead of these risks, companies should consider taking several proactive steps. First and foremost, companies should assess the extent to which their businesses may come into contact with criminal syndicates. It is critical for organizations operating in higher-risk areas in Mexico, particularly those involved in the cross-border movement of goods or that facilitate cross-border transactions, to incorporate due diligence and training about FTO laws. There is currently a dearth of guidance from the U.S. government about how to comply with the FTO statute. Organizations should keep an eye out for the DOJ's forthcoming guidance, which is expected between July and December of this year. Christensen reminds organizations that in the case of SDNs or designated entities, there is a strict liability for a civil violation. If they do business with a designated entity, whether knowingly or not, they could still be in violation of the regulations. He advises organizations to ask third parties questions about operations and relationships until they feel comfortable with the responses. That way, even if they end up working with someone they should not have, they can better demonstrate that they made a good-faith effort.
While the United States may be retreating from robust FCPA enforcement for now, companies should remain mindful of both the FCPA's five-year statute of limitations, extending beyond this current administration, as well as the potential rise in prominence of anti-corruption laws of other countries and non-U.S. enforcement. Appleton says that he has clients who have spent years developing robust anti-corruption and AML compliance programs who are now, in light of Trump's EO, wondering if they should maintain these compliance efforts. The general consensus in the legal community, Appleton notes, is that they should because the FCPA has a statute of limitations that is longer than the current presidential administration, and, should the next president hold a different position on anti-corruption priorities than Trump, it might aggressively target FCPA violations to make up for the gap in enforcement. Appleton warns that Trump's deprioritization of FCPA enforcement for domestic companies will not be an adequate defense in the event of any future prosecution, as an executive order does not invalidate a statute passed by Congress.
The next presidential administration and/or non-U.S. authorities may carefully inspect how companies acted during this period of lax enforcement, so documenting decisions and compliance efforts may be especially valuable. As other countries might begin enforcing their own anti-corruption laws more vigorously, companies may want to consider implementing training and policies that are more reflective of local regulations and concerns. It may be valuable to assess compliance policies, procedures and resourcing to ensure they are not overly focused on addressing only FCPA and U.S. enforcement-related risks. Organizations should also be mindful of U.S. foreign policy. As the administration aligns FCPA enforcement with its national security and foreign relations priorities, enforcement may be directed towards countries the United States believes to be at odds with U.S. interests, such as China.
Third parties remain particularly vulnerable to corruption and money laundering risks. It is important to understand the business as a whole and where third parties intersect with the business and the community. Organizations should pay particular attention to any third party whose role is not clearly defined. Appleton recommends that organizations be especially diligent in hiring decisions and personnel, and ensure they know their counterparties. He reminds companies that sanctions are still in place and that he expects this administration will actively use them as a tool to forward its goals. This means that companies conducting commercial activity and business transnationally should be careful about trade and exports to ensure they are not dealing with SDNs. Christensen recommends supply chain mapping and warns that getting behind the veil of corporate ownership structures is critical but can be incredibly difficult depending on the jurisdiction. Beyond the need for businesses to understand with whom they are dealing in light of the FTO designations, he also reminds organizations that other sets of regulatory requirements and reputational risks come from having nationals from countries of concern to U.S. national security as beneficial owners.
About the Experts:
Robert Appleton is a Partner at Olshan Frome Wolosky LLP. A leader in high-profile, cross-border cases, investigations, due diligence and regulatory matters – focusing on OFAC sanctions, Committee on Foreign Investment in the United States (CFIUS) matters, cross border fraud, the FCPA and global asset recovery and due diligence – Appleton advises and defends international and U.S. companies, organizations and individuals in sensitive government investigations, before U.S. regulatory bodies and criminal litigation. Appleton specializes in Russia, China and Iran sanctions and submitting applications for Special Licenses with OFAC to address sanctions restrictions. Prior to private practice, Robert served for more than 13 years as a senior Assistant U.S. Attorney in the U.S. Department of Justice (DOJ), senior and principal legal counsel to U.S. Federal Reserve Chairman Paul Volcker at the UN’s Independent Inquiry Committee into the Iraq Oil for Food Programme bribery scandal and Chairman of the first and only United Nations Anti-Corruption Task Force. Robert holds a JD from Western New England School of Law and a BA from Emory University.
Guillermo Christensen is a Partner at K&L Gates LLP. Prior to that, he was a CIA intelligence officer and a diplomat with the Department of State. He is a national security law practitioner, focusing on cybersecurity, export controls and sanctions, and national security reviews of mergers, acquisitions and investments. Drawing on his national security background, Christensen counsels clients about economic sanctions and embargoes administered by OFAC, including complex technology matters involving China, and ransomware payments. Christensen is an adjunct law professor at Georgetown University Law Center, and a life member of the Council on Foreign Relations. He holds a JD and an MS in Foreign Service, both from Georgetown University, and a BA from American University.
Throughout history, governments have not only attempted to eliminate criminal activity both domestically and abroad, but some governments have at times tolerated – and even enlisted – the support of domestic and transnational criminal groups to carry out a variety of illicit operations. In countries where the rule of law is particularly weak, many governments have adapted to the presence of criminal activity rather than attempting to root it out entirely, resulting in the establishment of domestic political or economic arrangements that enable the two to mutually coexist with minimal friction.
Time and again, political offices and intelligence agencies have also turned to the criminal underworld to employ for-hire proxies for illegal acts like assassinations, sabotage or other acts while transnational criminal enterprises benefited in the form of financial payouts, legal impunity and political influence. For governments seeking to subvert the Western international order, like China, Iran, North Korea and Russia, transnational criminal organizations with global reach are particularly attractive third parties to contract out illicit acts which can undermine Western organizations while creating a layer of plausible deniability that minimizes potential risks of escalation.
As the 21st century progresses, the rapid expansion of cyberspace – alongside the growing concentration of critical data, financial assets and sensitive communications within the digital domain – has increasingly drawn the attention of both state and cybercriminal actors seeking to exploit this environment for intelligence gathering, financial gain, or coercion. As the cybercriminal landscape has matured, the increasing sophistication of these groups has made them more attractive prospective partners for digitally based campaigns.
To analyze how this relationship may further develop and how organizations can proactively prepare, RANE spoke with Adam Golodner, CEO of Vortex Strategic Consulting, LLC, and Ellis Gyöngyös, an independent analyst based in the United States who focuses on money laundering and the cryptocurrency market.
In spite of repeated efforts by states to root out domestic instances of criminality, illicit activities have existed endemically as an almost natural byproduct in some organized political systems. In many countries, the political regime is simply too weak to strictly combat the growth of homegrown criminal organizations that take up residence, forcing many governments to reach transactional arrangements that either enable them to benefit from or be minimally harmed by the presence of transnational crime organizations.
Latin America is home to several examples of this symbiotic relationship, where rampant political corruption coupled with weak law enforcement in countries like Brazil, Colombia, Ecuador, El Salvador, Haiti, Mexico, Nicaragua and Venezuela has spurred the development of robust, organized transnational crime groups. These groups – including Mexico's notorious Los Zetas, Sinaloa and Jalisco New Generation cartels, El Salvador's Mara Salvatrucha (MS-13), and Venezuela's Tren de Aragua – operate freely in many countries thanks to tradeoffs such as financial bribes, taxes on illicit goods and political backing from certain communities. In one recent, high-profile example, Mexico's former public security chief, Genaro García Luna, was handed down a 38-year sentence in October 2024 for charges linked to taking bribes from cartels in exchange for offering legal protection while serving as public security secretary from 2006-12.
Such illicit ties have burgeoned in numerous other regions, including Europe, where Italian mafia groups like Cosa Nostra, Camorra and 'Ndrangheta maintain some of the largest drug trafficking, money laundering and extortion schemes in the world. In the Asia Pacific region, groups like the Japanese Yakuza and the Chinese Triads reign supreme in racketeering, gambling, prostitution and drug trade. Nearby, in South Asia, Myanmar's ongoing civil war has created the perfect breeding ground for drug dealers moving opium and other synthetic drugs and operating online scam factories and gambling dens. Meanwhile, in Sub-Saharan Africa, the Nigerian transnational group Black Axe is tied to a range of crimes across the continent, as well as increasing digital-based crimes.
Many of these groups have turned to digital assets to facilitate their operations, as the inherent anonymity of cryptocurrencies attracts a range of state, transnational and cybercriminal groups seeking to move or launder illicit funds. Gyöngyös explains that "cryptocurrencies definitely have an aspect of pseudonymity. Many of them are traceable, but they do provide a level of obfuscation to the identity of the funds." As a result, they are a natural choice for a range of threat actors and are most frequently the form of currency that ransom groups demand during a campaign from victimized organizations and a frequent financial payout of choice when state-sponsored groups enlist the help of cybercriminals for occasional joint campaigns.
This implicit obscurity also makes these digital funds particularly attractive for sanctioned countries that face challenges generating revenue from conventional economic means. In recent years, the most sanctioned countries have also increasingly become governments infamous for associations with crypto-heists like North Korea and Iran. According to Gyöngyös, evading sanctions is a big purpose for governments to steal cryptocurrency because while many stolen cryptocurrencies are traceable, "these types of investigations take more resources and as a result, many get dropped because they're too difficult to follow and there is not really regulatory clarity on what would even happen" if you identified the perpetrator of the theft.
Beyond the conventional examples of some governments acquiescing to or using transnational criminal entities, the onset of a new digital space in the 21st century created new avenues of collaboration between state and non-state actors.
For governments, the rapid movement of sensitive information into the digital space quickly elevated many states' efforts to develop offensive cyberespionage capabilities aimed at garnering insights into adversaries' state secrets, top-level political communications and internal planning. In a recent high-profile example, ten Chinese nationals linked to the Chinese company i-Soon were indicted by a New York District Court on March 4 for their involvement in Chinese state-sponsored hacking, namely, cyberespionage. In addition to pure intelligence gathering, state-sponsored cyber threat groups have also sought to exploit the growing intersectionality of operational technology systems in industrial control systems to burrow into the networks of other countries' critical infrastructure entities, typically for the purpose of malware prepositioning that could be used in a conflict scenario. Industries of particular interest for state-sponsored groups range from electricity grids, energy plants, gas and oil facilities, telecommunications providers, transportation services, and water stations.
The increasing importance of cyberspace for commercial purposes has also propelled state-driven cyberespionage campaigns targeting a range of companies, particularly those in strategic sectors with a high investment in research and development, like aerospace and defense, automotive, manufacturing, pharmaceutical, technology and semiconductor design, and manufacturing, wherein intellectual property is highly lucrative.
The rise of the digital realm has also concurrently witnessed a proliferation of other highly motivated and increasingly advanced nonstate threat actors, namely cybercriminals, seeking to exploit individuals' and organizations' growing reliance on cyberspace to store sensitive personal and financial information and credentials. While many cybercriminals ultimately fall well below the threshold of state-level threat capability and rely primarily on tactics like social engineering-based phishing or smishing lures to breach devices or networks, organizations worldwide have become increasingly afflicted by the scourge of ransomware.
Highly proficient ransomware groups have sprung up in jurisdictions where governments tacitly permit their existence, typically on the basis of unspoken rules like avoiding campaigns that target entities within the jurisdiction or those of allied countries. Nowhere has this been more prevalent than within the Russian Federation, where the most prolific and technically sophisticated ransomware groups in the world operate and seek to exploit the large number of organizations that have come to rely on cyberspace for a host of daily functions and subsequently stand to be likely to pay out a ransom demand if their internal systems are encrypted or destroyed and data leaked or sold.
In the last several years, there has been a rise in reported instances of state-sponsored groups working in tandem with cybercriminal groups or obtaining their distinctive toolkits in their operations. There appear to be several drivers for this increasing intersection. Firstly, for governments like the Kremlin, which have a readily-accessible domestic cybercriminal population, these groups make attractive options for outsourcing or contracting out certain threat activity that carries less risk or has more limited objectives. In particular, the resource strains of the war in Ukraine, where cyber toolkits like data wipers and encryption malware have featured prominently, have created challenges for Russian threat groups seeking to maintain a high tempo of offensive operations. As a result, by turning to Russia's extensive domestic cybercriminal landscape, Russian state-sponsored groups can task out less strategic targets to these nonstate actors while prioritizing more important cyber campaigns in-house. By primarily delegating less high-profile targets, the Russian government can also avoid potential risks from outsourcing, such as potential retaliation from targeted countries that could occur if a contracted campaign goes beyond its intended scope.
The state-cybercriminal relationship also appears to be driven by transactional objectives, wherein governments simply stand to benefit financially from selling compromised networks that they have already made use of to cybercriminal organizations for profit. This approach offers a secondary advantage for governments: financially motivated cyberattacks such as ransomware are highly disruptive, enabling significant damage to be inflicted on organizations in presumed adversary states while maintaining plausible deniability and distancing the state from direct attribution. For example, there have been indications that Iranian threat groups occasionally use toolkits typically associated with financially motivated attacks, like ransomware or data wiper malware, to cause harm to Western organizations without causing overt escalation. In late August 2024, a joint advisory from U.S. intelligence agencies warned that Iranian state-sponsored groups like Pioneer Kitten were breaching U.S. and Israeli organizations and then handing off access to Russian ransomware groups in an effort to cause harm to targeted entities. Gyöngyös explains, "[Outsourcing to a cybercriminal group] allows state-sponsored threat actors to do both political damage and economic damage. It doesn't hurt these organizations to try out financially-motivated cybercrime – they're already breaking the law, so they will likely be open to new, more-profitable forms of criminal activity.”
Another major benefit of using cybercriminal toolkits or groups arises from the fact that intermingling a nonstate actor into the scene can act as an effective cover-up to the true motivation of the campaign, enabling state-sponsored groups to steal sensitive information without the target knowing of the true severity of the breach. Chinese state-sponsored groups are suspected of occasionally employing this tactic to create a veil around their campaigns. For example, a June 2024 report by U.S.-based cybersecurity firm SentinelOne Labs details a campaign wherein suspected Chinese state-sponsored hackers breached the Presidency of Brazil and the major Indian healthcare institution AIIMS in November 2022 and deployed ransomware to redirect attention from the true motivation behind the campaign, which was cyberespionage. According to Golodner, it is particularly salient "for companies in strategic industries to understand their information may be taken and never be made public because that information has value to a foreign country and they don't want you to know they've stolen it." As international economic competition escalates, this third motive becomes increasingly relevant as governments seek to co-opt intellectual property in highly lucrative industries like artificial intelligence and information technology.
Looking ahead, the nebulous relationship between governments and criminal organizations will continue to persist and increasingly manifest in the digital realm, where the intrinsic opacity of cyberspace creates a natural environment for state and non-state actors alike to engage in shadowy activity. Expanding instances of state-cybercriminal collaboration will elevate a range of risks for organizations, and so, being cognizant of the current geopolitical context is crucial to knowing the scope of potential threats. Golodner says, "Businesses have to think in terms of who am I? What's happening geopolitically around me?" In greater detail, organizations will need to be increasingly knowledgeable about the particulars of their work and which threat actors, state or non-state, may be interested in breaching their systems. Golodner explains, "As the cyber landscape continues to evolve, the likelihood of businesses being affected by geopolitics through a cyber breach increases."
While organizations across the board need to be mindful of their potential threat landscape, certain sectors will be more attractive targets for certain threat actors. In particular, as international economic competition escalates amid a global trade war, the pursuit of intellectual property will also ramp up as governments seek to maximize domestic innovation. Golodner notes that "businesses in strategic industries like semiconductors, AI, quantum computing, satellites, advanced materials – they are sitting in industries that nation states care about, their intellectual property and business practices in that innovation matters...So for companies that are driving innovation they have to understand that they are targets because of the kind of innovation and work they do." Similarly, some organizations are most likely targets of financially motivated threat activity like ransomware. While these actors are ultimately driven by opportunism, entities in sectors with a higher impetus to avoid operational disruptions – like gas, manufacturing and transportation – make more attractive targets because they are more likely to pay a ransom to continue operations.
As malign governments increasingly pursue opportunities for joint collaboration with nonstate actors, particularly during geopolitical tensions, this trend will also elevate the potential for more disruptive cyberattacks. As a result, organizations will also need to consider how the industry in which they operate may be potentially targeted or impacted in the case of a conflict or escalating tensions between sophisticated global actors. Golodner notes, "to the extent that a kinetic conflict a war breaks out … companies need to understand they may be in industries where an adversary would like to shut them down."
Over the course of the Russian-Ukrainian war, Russia has demonstrated how a state can make use of offensive cyber toolkits and cybercriminals to wreak havoc on organizations across public and private sector industries. It has also offered the Kremlin a sandbox to test a broad array of threat capabilities, including more than 15 observed data wiper malware variants alongside a host of other malicious toolkits. According to Golodner, other organizations can draw lessons and consider how they could be targets for potential short-term cyberattacks or longer-term campaigns involving malware prepositioning. He explains, "the motivation of the hackers, whether they be state-sponsored or proxied out to cybercriminal organizations, would be to disrupt or destroy elements of an [adversary's] warfighting capability…." As a result, Golodner emphasizes that even if state-linked cyberattacks are not highly disruptive in the short term, a campaign may be oriented around longer-term goals.
Specifically, Golodner explains, "hackers who are planning for that or involved in that are more likely to embed some technology into your enterprise that they could turn the switch on later in order to disrupt or destroy elements of your technology infrastructure… so if you're in one of the industries or if you're a company that is important for a conflict like that you need to be very concerned about whether there would be malware that was embedded into your infrastructure that can be triggered at will tomorrow, whether it's by Chinese or Russian or North Korean or Iranian hackers."
Organizations that become victims of a state-linked cyber campaign or cybercriminal attack they suspect could be partially politically motivated or sponsored will have to consider the potential risks that could result from a breach. In addition to the potential reputational risks involved in data compromise or theft, the potential involvement of financially-motivated cyber toolkits like encryption-based malware or data wiper malware that could cause lasting internal systems damages and delays in business operations, as well as the added monetary toll of a potential ransom demand. Organizations in critical infrastructure or other key public sectors will also need to be mindful of the potential that threat actors are looking to maintain persistent access to facilitate additional campaigns down the road.
About the Experts:
Adam M. Golodner is CEO of Vortex Strategic Consulting, LLC, and an advisor and authority on global cyber, emerging technology, national security and regulatory issues. A former global law firm partner, technology executive, senior Justice Department official and academic, Adam advises companies on how to navigate the intersection of cyberspace, markets and governments. Adam has served as a Fellow at the Center for Digital Strategies, Tuck School of Business at Dartmouth, and as an Adjunct Professor of Law at the George Mason University Law School. He is a graduate of the University of Colorado Law School and Colorado College.
Ellis Gyöngyös is an independent analyst based in Washington, DC, focused on anti-money laundering and the cryptocurrency sector. Before relocating to the United States, Ellis founded Know Your Token (KYT) Ltd. in Hong Kong in June 2017, providing industry-grade due diligence reports about cryptocurrency projects. Ellis is a Certified Anti-Money Laundering Specialist (CAMS) and holds an Advanced CAMS certification in Financial Crime Investigations. Prior to founding KYT, Ellis was an analyst with Kroll Compliance in Hong Kong from June 2014 through November 2017, where he conducted due diligence research in Chinese and English on businesses and individuals across Asia. Ellis graduated from the Hopkins-Nanjing Center with a certificate in Chinese and American Studies from Johns Hopkins University and Nanjing University in 2014. Ellis received Bachelor of Arts degrees in Asian Studies (Chinese) and Global Studies (International Economics) from the University of North Carolina at Chapel Hill in May 2013.
Transnational criminal organizations (TCOs) infiltrate legitimate supply chains, creating risks and implications for corporations from this often unintentional association with criminal syndicates. Typically, TCOs work their way into legitimate supply chains by planting insiders; using bribery, corruption and intimidation; or creating fake work fronts or impersonating legitimate businesses. While operating within licit networks and supply chains, TCOs disregard laws, commit human rights violations, and threaten the safety of facilities and employees.
TCOs' infiltration into supply chains is particularly rising in the technology and critical minerals, logistics, and transportation sectors, creating broad impacts for companies. Through a series of case studies, this section will illustrate the legal, regulatory, compliance, reputational, operational, financial and security risks businesses face from the growing presence of TCOs in these supply chains. Three geographic regions in particular are affected: Africa, Europe and the Americas. To help better understand this topic, RANE spoke with James Bosworth of Hxagon and Tony Pelli and Anna Lee Robbins of BSI Solutions.
The nexus between critical metals and organized crime in Africa has grown as the demand for minerals increases worldwide amid clean technology transitions, advancements in semiconductors and artificial intelligence, evolving defense technology, and more. Bosworth also notes that the increasing value and profitability of gold are driving an increase in illegal mining. In the Democratic Republic of the Congo (Congo), for example, the International Peace Information Service reviewed data from 829 Artisanal and Small-scale Mining sites in the east of the country from 2021-23. It found that approximately 61% of miners in the survey faced interference, or illegal rent-seeking, from armed actors, including state security actors and non-state armed groups. Notably, the Congolese army's illicit revenue-generating practices impacted 37% of the mines surveyed. The Congo loses an estimated $1 billion annually from illegal cobalt mining.
One of the main groups infiltrating the Congo's mining industry is the Rwandan rebel paramilitary group M23, or March 23 Movement. M23 is expanding into eastern Congo, aiming to seize mineral-rich areas. Most recently, the group took control of mineral hub Goma in January and mining hub Walikale in March. A year prior, M23 seized the strategic mining town of Rubaya, which produces 15% of global coltan used in electronic equipment manufacturing. M23 imposed a production tax on coltan, which is estimated to generate around $300,000 in monthly revenue for the group. While M23 is a militia, it operates similarly to TCOs through its cross-border operations, control of illicit trade, use of violence and collaboration with other criminal groups in the region.
Criminal networks take advantage of governments' lack of monitoring and enforcement surrounding mining, easily laundering and smuggling minerals. M23, for example, transfers minerals to Rwanda, labeling them as produced there and, hence, "conflict-free." Law enforcement and soldiers often accept bribes or provide security for the smugglers, aiding their efforts. Beyond the exploitation of the mines by these groups, artisanal miners may collude with criminals to gain access to mines controlled by them. Since this mining is not properly regulated, there are many risks involved regarding worker safety. In addition to the involvement of rogue public security forces and corruption, the OECD found that copper and cobalt sectors in the Congo are plagued by child labor, with Pelli confirming that "a lot of the forced labor that we see is related to mining and extractives." Additionally, workers inhale high levels of minerals that can result in serious health issues. Finally, illegal mining leads to toxic dumping that destroys landscapes, pollutes water and contaminates crops.
For companies connected to these supply chains, these issues could raise reputational; financial; and legal, regulatory and compliance risks. Reputationally, companies can face damage to brand image, public backlash and boycotts if supply chain connections to criminal groups and worker or environmental rights violations emerge. Companies may also need to spend more on supply chain audits and due diligence to ensure compliance with international laws. Examples of laws that could be violated include the U.K. Modern Slavery Act, the European Union's Forced Labor Regulation, the European Union's Corporate Sustainability Due Diligence Directive, the EU Battery Regulation, the United States's Federal Acquisition Regulations, and the OECD Due Diligence Guidance for Responsible Mineral Supply Chains. Violators of these regulations could face fines, bans or lawsuits. Businesses sourcing minerals from illegal mining operations may also be at risk of violating international sanctions or the Foreign Corruption Practices Act.
For example, in December 2019, the nonprofit organization International Rights Advocates filed a lawsuit in the United States against Apple, Google, Dell, Microsoft and Tesla on behalf of 14 parents and children from the Congo, alleging that the companies aided and abetted the deaths and injuries of children working in cobalt mines in the companies' supply chains. The families sought damages for forced labor, unjust enrichment, negligent supervision and intentional infliction of emotional distress. In December 2024, the Congo filed criminal complaints in France and Belgium against subsidiaries of Apple over the use of "conflict minerals" in its supply chains. The complaints claimed that Apple was complicit in crimes committed by armed groups controlling mines in eastern Congo, including laundering minerals through international supply chains and using deceptive business practices to assure customers that supply chains are clean.
The conflict in eastern Congo is just one area in Africa that illustrates the risks of TCOs infiltrating the technology supply chain. Other areas at risk of seeing heightened criminal activity in mining include South Africa (chromium, gold, platinum), Nigeria (lithium), Zambia (copper), Zimbabwe (platinum, gold), Ghana (gold), and Central Africa (gold). South Africa, for example, loses around 10% of its annual chromium production to illegal mining. Meanwhile, Ghana's small-scale miners produced more gold in the first seven months of 2024 than the whole of 2023, with only 40% of Ghanaian gold output coming from small mines.
According to a December 2024 report by the European Parliamentary Research Service, logistics is one of the three sectors most impacted by organized crime infiltration or abuse. Prominent mafia groups in Italy, for example, infiltrate legitimate logistics networks from ports to warehousing and beyond to help facilitate the trafficking of illegal goods. Due to advanced technology tracking criminal activities being introduced at major ports, this issue has risen in areas where secondary ports are popular, like the Calabria region and Trieste and Livorno in Italy. Robbins confirmed that "we're seeing a pretty big drop in illegal drug smuggling incidents in those bigger ports, and we're seeing it shifting to a lot of the smaller ports." Selecting areas that are least secured, as well as the procurement and creation of companies specialized in logistics, has made it more difficult for law enforcement, according to Marco Antonelli, who specializes in mafia penetration of Italian ports.
Criminal groups may use coercion and corruption to infiltrate existing logistics companies, threatening business owners into partnerships or cooperation. Groups will also conduct labor racketeering, which is the practice of gaining control of or leveraging influence over unions and labor groups to ensure members connected to the group are hired into certain organizations or industries, creating insider risk at places where these individuals are employed. Organizations can also enter logistics networks by establishing their own firms or fake cooperatives that supply cheap labor and services. Alternatively, criminal groups may use bribery, intimidation or blackmail against officials to ensure they overlook the group's operations.
Organizations operating in this type of environment face competitive disadvantages due to mafia-linked businesses being able to offer lower prices by evading taxes, underpaying workers and using illicit funds to support their operations, outcompeting legitimate corporations. These groups may also steal shipments to threaten businesses and eliminate their rivals, posing operational and security risks. Other security risks include being forced to pay protection money or face violence. This may add to costs, in addition to increased costs from higher insurance premiums in areas of high crime and mafias making officials charge legitimate businesses higher costs or impose unfair fees and fines. On the legal and compliance side, companies may unknowingly be affiliated with these groups because they hide illicit goods inside legitimate shipments. This could result in penalties and investigations, as well as damage to firms' reputations. The suspected affiliation with criminal groups could result in businesses losing out on future deals and investments.
In one case, the German logistics firm DB Schenker's Italian subsidiary faced legal issues after an investigation revealed that members of the 'Ndrangheta mafia infiltrated its network of subcontractors in 2020. A truck operated by the company's contractor was reportedly found with 30 kilograms of cocaine hidden inside a shipment of dairy products. Prosecutors found that the mafia-connected contracting business received contracts worth over $2 million in a five-year period, leading investigating judges to approve the prosecutors' request for judicial administration. The subsidiary, Schenker Italia, was subject to at least a year of oversight from an administrator. Additionally, DHL Express Italy, FedEx Italia and Amazon Italia Transport have been investigated for their involvement in cooperative labor schemes linked to tax fraud and potential ties to criminal organizations.
As for customers, organizations seeking logistics services may unknowingly hire entities connected to mafias or criminal groups, potentially exposing them to investigations and reputational damages. The mafia-linked entities' cheaper prices are often what attracts unsuspecting customers. In other cases, mafia-affiliated fronts may threaten businesses into using their services instead of their legal competitors, posing safety risks for non-cooperation.
Outside of Italy, Europol, or the European Union Agency for Law Enforcement Cooperation, found that ports in Antwerp, Rotterdam and Hamburg are among the most targeted by criminal infiltration. Ports are easily targeted as EU authorities are estimated to only inspect between 2%-10% of the 90 million containers passing through Europe's ports annually. A 2023 report by the group notes that criminals infiltrate ports by corrupting shipping companies' personnel, port workers, imports, transport companies and national authorities' representatives. Moving forward, however, TCOs may implement techniques that rely on a smaller number of insiders.
North and South America have seen a surge in cargo theft, posing many risks within the transportation industry. According to Overhaul, the United States has seen year-on-year increases in the volume of cargo stolen from 2021-25, with a notable 49% increase in 2024 compared to 2023. A further increase of 22% is expected in 2025. The average value of cargo stolen in 2024 was $686,692, up 17% in average value from 2023, per Overhaul's estimates. The top goods targeted were electronics (24%), miscellaneous/mixed cargo (15%), home and garden (10%), autos and parts (10%), food and drink (10%), and clothing and shoes (9%).
Other areas that are seeing rising cargo theft include Mexico, Brazil and Argentina. Violent thefts involving cargo vehicles have become more frequent in Chile, Colombia and Peru, with Ecuador also indicating a growing risk of cargo theft. Bosworth explains that increases in cargo theft are often driven by geography and the locations of factories and ports. Major criminal groups like cartels have gotten involved in the cargo theft business, using the revenue from selling largely untraceable stolen cargo to supplement drug trafficking revenue, but smaller groups most commonly carry out cargo theft. Some places, like Mexico, even have specific cargo-stealing syndicates, and Bosworth predicts that specialized cargo theft groups could pop up in other countries.
Cargo theft commonly occurs through straight, strategic, cyber and pilferage methods. Straight theft happens when goods are stolen from their present locations, like truck stops, while strategic theft involves deception to gain control of shipments. According to Aon, strategic theft is a key driver of rising global cargo crimes, with cyber theft – such as phishing attacks – playing an increasing role. Pilferage involves stealing small amounts by altering shipping records. Stolen goods are resold through various markets for profit, with Bosworth projecting that stolen goods will likely increasingly be sold online.
To facilitate cargo theft, TCOs increasingly appear to be leveraging insider access within the supply chain to gain critical information on shipment contents, delivery routes, cargo flows and security protocols. Criminal groups may pressure, coerce or bribe employees to provide ongoing intelligence. Some corrupt employees may aid TCOs by disabling GPS trackers, breaking and resealing cargo containers to help avoid detection, and manipulating delivery instructions to delay or redirect shipments so criminal groups can intercept them. In some cases, truck drivers participate in cargo theft by staging fake hijackings.
TCOs infiltrating transportation networks to steal cargo pose financial, operational and reputational risks for businesses. Financially, companies face higher insurance premiums due to frequent thefts, lost revenue from stolen goods, increased security costs and added expenses for altering transit routes. Operationally, stolen shipments cause delays, stock shortages, and the need for frequent route modifications or even relocation of operations to safer areas. As for brand image, ongoing thefts and delays can damage credibility, leading to dissatisfied customers, lost business opportunities and a negative public image.
For example, in November 2024, beverage company Santos Spirits had two trucks carrying $1 million worth of products from their tequila brand stolen on their journey from Mexico to Pennsylvania. Sometime after the cargo was picked up from a warehouse in Laredo, Texas, the truck drivers received new orders – from someone who they presumed was in charge of delivery – directing them to a warehouse in Los Angeles. A trucking broker gave the job to a trucking company that transferred the job to another company — a practice called "double brokering." The trucking broker reportedly received fictitious accounts of breakdowns and other reasons that the drivers could not bring the tequila to the warehouse in Pennsylvania, and one of the trucks used a GPS emulator to disguise its location.
Bosworth argues that the rise in organized crime is generally about the lack of rule of law, as a weak legal framework creates openings for criminal activity. He notes, for example, that "when you have places where cargo theft has occurred and it hasn't been prosecuted, it grows. Once cargo theft starts, it tends to spiral bigger and bigger because as people see that it can be done profitably and not be prosecuted, more groups get into that sort of activity, and that gets really hard to bring back down because it's hard to build rule of law once something has spiked like that." Pelli agrees that a potential lack of U.S. participation in international groups focused on transnational crime could hurt global efforts, though he notes the European Union and others have led international efforts to fight crime.
U.S. efforts to reduce foreign aid programs could contribute to a potential increase in transnational crime. While many different types of foreign aid have been cut, programs directly funding police units combating cargo theft have also been impacted. Bosworth feels that "U.S. aid cuts in general are having huge impacts across Latin America and we're going to start seeing them in the next four to five months." However, Bosworth highlights that aid cuts' "indirect impact is in many ways worse, because if the United States cuts assistance to NGOs that deal with democracy or to media outlets that were investigating corruption, that undermines rule of law, and then organized crime benefits."
Both Bosworth and Pelli predict that U.S. regulatory burdens on companies will likely lighten over the next several months. Bosworth notes that American companies could face a reduced regulatory load at home due to the likely deprioritization of prosecutions and a reduction in anti-corruption enforcement. However, "businesses based in other countries like Europe could become easy targets," creating "a biased enforcement of some of these regulations." And while certain anti-corruption regulations may receive less focus, Pelli believes there will likely be "a stepping up in other areas like forced labor enforcement or border enforcement in general."
In the long term, however, Pelli emphasizes that most companies will still need to answer to regulations in other countries: "[The European Union] has as strong, if not stronger, laws around forced labor and supply chains, so I expect other countries or regions to pick up the slack if the U.S. is backing off." Britain, France and Switzerland have already agreed to form a new intelligence-sharing partnership in a bid to tackle cross-border bribery and money laundering cases following the pullback of U.S. authorities from corporate bribery cases. Plus, businesses need to keep their customers in mind. Pelli points out that "consumers more broadly care more about [forced labor and corruption] now. So there's pressure that goes beyond the pure regulatory pressure around these types of issues."
One rising trend Pelli warns businesses of is the increasing impersonation of legitimate businesses, especially further down in the second or third level of the supply chain, which can increase the risk of unknowingly working with an organized criminal front. Ultimately, Pelli says that criminal groups' constant adaptation will continue to be seen: "As one area is cracked down on, organized crime will appear in another area."
About the Experts:
James Bosworth writes and consults on politics, security, economics and technology issues in emerging markets, primarily Latin America and the Caribbean. He is the Founder of Hxagon, a consulting company that provides political risk analysis and bespoke investigations in emerging markets on topics including election predictions, political economy outlooks and cryptocurrency usage. James, also known as Boz, is the author of the weekly newsletter, Latin America Risk Report, and has a weekly column in World Politics Review. James is a global fellow at the Woodrow Wilson Center's Latin America Program and a certified Superforecaster for Good Judgement, Inc. James holds a BA in Political Science and History from Washington University, St. Louis.
Tony Pelli is Director of BSI Group's Security and Resilience, BSI Consulting team. Tony utilizes a broad range of specialized skill sets, including experience conducting end-to-end, enterprise-level supply chain risk assessments for clients and their supply chain partners. As a member of BSI's Advisory team, he also helps clients design, implement and refine their supply chain security programs. Tony has led assessments to model, forecast and quantify the risk of cargo theft, counterfeiting and other supply chain risks. Tony has designed loss prevention and security assessments and mapped and assessed security and business continuity risks in supply chains for Fortune 500 companies and in over 30 countries throughout the Americas, Europe and Asia-Pacific. Tony has completed intensive training in non-proliferation and arms control at the Center for International Trade and Security and assessed the impact of strategic trade controls on legitimate commercial trade. Tony has a BA degree in History and International Affairs from the University of Georgia.
Anna Lee Robins is a Lead Business Intelligence Analyst with BSI Consulting. Joining the Group in 2019, Anna is focused on providing intelligence and project management research for BSI Group's clients. Anna has experience in providing critical supply chain intelligence on crime, regulations, human rights and environmental risks. Anna holds an MA in International Policy from the University of Georgia School of Public and International Affairs and a BA in International Affairs and Political Science, also from the University of Georgia.
