Designation of cartels as foreign terrorist organisations expands legal risks for crypto companies

June 2025  |  SPOTLIGHT | RISK MANAGEMENT

Financier Worldwide Magazine

June 2025 Issue

The Trump administration has been strongly supportive of the digital asset industry, championing the growth and use of digital assets, blockchain technology and related technologies across all sectors of the economy.

But another of its priorities poses new risks for crypto companies and financial institutions (FIs) that offer digital asset custody or transfer services: the crackdown on transnational criminal organisations (TCOs), including the designation of certain cartels as foreign terrorist organisations (FTOs).

Immediately upon taking office, President Trump signed Executive Order 14157 – ‘Designating Cartels and Other Organizations as Foreign Terrorist Organizations and Specially Designated Global Terrorists’ – directing the State Department to consider designating TCOs as FTOs and vowing the total elimination of cartels.

On 5 February 2025, Pam Bondi, US attorney general, released a memorandum – ‘Total Elimination of Cartels and Transnational Criminal Organizations’ that described the Department of Justice (DOJ)’s focus on the “total elimination of Cartels and... TCOs”. On 20 February 2025, the State Department designated eight Central and South American cartels as FTOs.

Then, on 7 April 2025, the DOJ’s deputy attorney general issued a memorandum that disbanded the DOJ’s national cryptocurrency enforcement team, but stressed that the DOJ will continue to pursue crypto companies that use digital assets in furtherance of criminal offences such as terrorism, narcotics and human trafficking, organised crime and cartel financing.

These developments open the national security toolkit for cartel enforcement and create a potential liability trap for companies facilitating global financial transactions, particularly those in the digital asset space.

It is no secret that cartels and TCOs launder illicit proceeds through crypto transactions. The DOJ regularly brings cases on this theory and will continue to do so. For example, in June 2024, associates of Mexico’s Sinaloa drug cartel were charged with conspiring with money-laundering groups linked to Chinese underground banking to launder drug-trafficking proceeds through cryptocurrency transactions.

And in November 2024, the DOJ announced a 20-count superseding indictment charging nine individuals with operating a sophisticated money laundering network at the behest of Mexican and Colombian cartels using cryptocurrency.

Even before the FTO designations, the DOJ had pursued numerous actions against crypto exchanges linked to money laundering activity, including transfers allegedly made for the benefit of drug traffickers. To take two examples, in 2023, Bitzlato, a Hong Kong-based exchange, was charged by the DOJ in 2023 with laundering over $700m in illicit funds. In 2017, BTC-e, a now-defunct crypto exchange, was accused of laundering billions for cyber criminals, ransomware groups and drug traffickers while failing to implement anti-money laundering (AML) measures.

Crypto companies that may unwittingly facilitate transactions with cartels now face heightened risk under multiple US laws. The material support statute, 18 USC section 2339B, imposes criminal liability and substantial financial penalties on any person or company that provides material support or resources to an FTO, which includes facilitating illicit transactions.

The Anti-Terrorism Act (ATA) authorises victims of terrorism to bring civil lawsuits against entities that enable or facilitate financial transactions for designated groups. The Bank Secrecy Act and AML laws increase the regulatory scrutiny on terrorism-linked activities, particularly if a company’s due diligence processes or transaction monitoring controls are deemed insufficient in high-risk jurisdictions with known cartel activity.

And sanctions from the Office of Foreign Assets Control (OFAC) present another layer of risk, as failing to freeze or report assets associated with a designated cartel-affiliated customer could lead to significant penalties, enforcement actions or prosecution.

These laws can result in substantial liability. For example, in 2023, a federal jury in Florida found Chiquita Brands International liable under the ATA for making payments to the Autodefensas Unidas de Colombia (AUC), a designated terrorist organisation. The plaintiffs – family members of individuals murdered by the AUC – successfully argued that Chiquita’s financial support contributed to acts of terrorism and were awarded close to $40m.

Chiquita was also previously charged with criminal sanctions violations under the International Emergency Economic Powers Act. Similar theories could be used to pursue claims against crypto companies. In some circumstances, crypto companies may face civil liability even when they did not intend or know they were facilitating illicit transactions or working with members of the cartel. Sanctions enforcement through OFAC, for example, operates on a strict liability basis, subjecting companies to penalties regardless of their knowledge or intent.

This same liability framework will also have implications for traditional FIs that offer digital asset custody or transfer services. Banks, custodians and trust companies that integrate crypto capabilities may likewise find themselves exposed to terrorism-related statutes, OFAC sanctions risk or ATA-based civil claims if they inadvertently process transactions linked to newly designated FTOs. As digital asset functions become embedded in mainstream finance, these institutions should assess their exposure and align compliance practices accordingly.

Beyond that, the designation of cartels as FTOs introduces new potential investigative tools that could be used to seek information from crypto companies. Law enforcement agencies may increasingly rely on national security letters (NSLs) and other classified investigative techniques to obtain customer records, transaction histories and communications data from crypto companies without immediate judicial oversight.

NSLs can compel crypto firms to provide information related to customers suspected of supporting or transacting with FTO-affiliated entities, often accompanied by a gag order prohibiting disclosure of the request. FTO designations also could create substantial insurance gaps for crypto companies and their executives. Directors and officers insurance policies may contain exclusions for terrorism-related claims, sanctions violations or civil suits under the ATA, leaving the crypto industry exposed to massive legal bills and multimillion-dollar liabilities.

Crypto companies should take proactive steps now to address these potential risks. As a starting point, companies, particularly those with a presence in Central and South America, should do a risk assessment to determine their exposure to investigations and claims that they may be facilitating or enabling illicit transactions. This includes evaluating whether the crypto company may be maintaining accounts of individuals or entities directly or indirectly associated with cartels, or otherwise facilitating transactions for those individuals or entities.

Crypto companies should also assess whether their individual employees may be in possession of information suggesting that the business may have exposure to cartels, which could be imputed to the company. Foreign-based crypto companies should also consider whether they have activities or affiliated businesses that might provide a basis for jurisdiction in the US, where, for example, they may be haled to court for a civil claim under the ATA.

Compliance programmes should be improved and modified. In addition to enhancing AML and know your customer protocols – particularly in jurisdictions with known cartel or FTO activity – crypto firms should, as applicable, implement real-time transaction monitoring, conduct ongoing customer diligence and maintain internal escalation procedures for any activity that may raise red flags.

Importantly, compliance teams must be empowered with clear reporting lines, updated training and sufficient resources to respond to developments in this space. Beyond internal controls, crypto companies should prioritise constructive engagement with law enforcement and regulators, including establishing points of contact for emergency requests. Fostering public-private partnerships, such as collaboration with the Financial Crimes Enforcement Network, OFAC and regional tasks forces, will help detect emerging threats early and demonstrate a good-faith commitment to compliance in the event of future scrutiny.

The intersection of Trump’s pro-crypto stance and his aggressive anti-cartel policies has created a complex and uncertain landscape for digital asset firms. With cartels now designated as FTOs, exchanges must navigate an entirely new frontier of counterterrorism enforcement. These designations give federal agencies sweeping powers to seize assets, impose sanctions and bring terrorism-related charges against entities facilitating illicit transactions – whether knowingly or not.

Plaintiffs also now have available new mechanisms to seek civil liability against crypto companies with alleged connections to FTOs. In this new regulatory era, crypto companies must not only embrace compliance but proactively shape their approach to risk management, or risk becoming the next high-profile target.

 

Matthew Laroche and Nola Heller are partners and Peter Farag is an associate at Milbank. Mr Laroche can be contacted on +1 (212) 530 5514 or by email: mlaroche@milbank.com. Ms Heller can be contacted on +1 (212) 530 5108 or by email: nheller@milbank.com. Mr Farag can be contacted on +1 (212) 530 5830 or by email: pfarag@milbank.com.

© Financier Worldwide

BY

Matthew Laroche, Nola Heller and Peter Farag

Milbank

©2001-2025 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.