On March 5, 2026, TransPerfect Legal, Garrigues, and Blank Rome LLP convened the Americas Enforcement Leadership Forum in Mexico City – a roundtable bringing together Chief Compliance Officers and senior in-house counsel to address one of the most consequential questions facing global companies today: what happens when U.S. authorities come knocking on operations based in Latin America? The session was moderated by Maria F. Gallo, Director of the Antibribery and Internal Investigations Group at TransPerfect Legal, and featured Daniel Maldonado Alcántara, Partner at Garrigues, and Bradley L. Henry, Partner at Blank Rome LLP.

The discussion surfaced a defining shift in how U.S. enforcement operates across the region. Sanctions, anti-corruption (FCPA), anti-money laundering (AML), trade fraud, export controls, and anti-terrorism laws are no longer enforced as isolated regimes -- they are converging into a unified national security framework with broader reach and faster timelines than most LATAM compliance programs were built to handle. Key developments shaping this environment include enhanced DOJ incentives for voluntary self-disclosure paired with shorter cooperation windows, an expansion of whistleblower programs driving more investigations, and increasingly aggressive trade enforcement through the False Claims Act. Cartel designations as Foreign Terrorist Organizations (FTOs) are compounding both criminal and civil exposure, while supply chains face heightened scrutiny requiring deeper, multi-tiered due diligence. The central takeaway from the forum was unambiguous: in this new era of U.S.-Mexico enforcement, speed, preparedness, and credibility will define outcomes.

1. Growing Enforcement Pressure: FTO Designations, Sanctions & Cross Border Risk

Speakers noted that the sanctions regime, especially charges under the Anti-Terrorism Act, now heightens risks alongside possible anti-bribery charges under the FCPA, mainly due to ownership-based liability rules that increase indirect exposure. Agencies such as FinCEN are increasingly active, and the False Claims Act is being used aggressively for export related misconduct.

In Mexico, panelists noted a weakening of institutions and strong international pressure, especially due to the U.S. focus on fentanyl related investigations. Several investigations involving Mexico are currently underway but confidential, and recent actions against three Mexican financial institutions and casinos dispelled any doubt about whether U.S. authorities would follow through with enforcement. Companies were urged not to weaken their compliance functions and to avoid “protecting bad apples.”

2. Corporate Response: Early Actions, Narrative Control & Internal Readiness

A recurring theme throughout the discussion was the critical importance of taking immediate, coordinated action when potential exposure arises. Organizations must act swiftly to stop any ongoing harm while simultaneously preserving confidentiality, documents, and relevant data to protect the integrity of the investigation. Equally important is conducting an accurate and early assessment of risk to properly scope the issue and identify all individuals involved. Beyond the investigative steps, companies must also carefully manage and control the narrative—both internally and externally—with employees, financial institutions, the press, and key stakeholders, recognizing that how a situation is framed can significantly influence its ultimate outcome.

The panelists reinforced that being “purely legal” is insufficient. Companies often fail because they are not forensically ready and do not engage external advisors early enough to gain leverage, objectivity, and a defensible investigative story. A clear insight into facts and correct allocation of responsibility is essential.

One of the most significant mistakes highlighted was calling outside counsel too late, rather than engaging them early to support containment, collaboration with regulators, and a proactive response strategy.

3. Red Flags, Common Schemes & the Importance of Continuous Controls

Authorities are increasingly sophisticated and well-informed about common misconduct schemes, which means companies can no longer rely on traditional, reactive compliance approaches. Instead, organizations should proactively identify and investigate potential red flags by asking more creative and targeted questions—such as whether key individuals have experienced U.S. visa revocations, or whether existing internal controls remain fit for purpose in light of evolving risks. This type of forward-looking inquiry not only helps uncover hidden exposure but also demonstrates a genuine commitment to compliance. Regulators are not expecting perfection; however, they do expect companies to show evidence of continuous improvement, thoughtful risk assessment, and the ability to adapt their compliance programs as new threats emerge.

From an accounting and financial controls perspective, particular attention must be given to so-called “grey zone” payments, which often present the highest risk if left insufficiently documented. Companies should ensure that every payment is supported by clear and detailed records that explain its purpose, identify the ultimate recipient, and outline the process through which it was approved and executed. Without this level of transparency, even legitimate transactions can raise concerns. In large organizations, complex structures and high transaction volumes can inadvertently obscure the flow of funds, increasing the risk that improper payments go undetected. Strengthening documentation practices and financial oversight is therefore essential to prevent the unintentional masking of misconduct and to maintain defensible, audit-ready records.

4. Local Challenges in Mexico: Municipal Realities & Right of Way Issues

Only a few municipalities in Mexico are business oriented, so companies must understand local laws and operate accordingly. For dealing with right of way situations, the panelists outlined several practical steps:

• Track all payments carefully
• When extortion applies, document it — but it must not be frequent or large
• Conduct a business continuity assessment
• Create a defense file
• Seek support from Chambers of Commerce to escalate the issue collectively
• File a criminal complaint when appropriate
• Show strength and demonstrate that the company made every reasonable effort
• Look for solutions that change the operating environment, not just short term fixes

5. Due Diligence, Third Party Risk & FTO Related Exposure

The panel highlighted the growing expectation that companies implement enhanced, risk-based due diligence processes that go beyond traditional check-the-box approaches. This includes systematically screening for politically exposed persons (PEPs), identifying ultimate beneficial owners (UBOs), and proactively investigating political affiliations or connections that may elevate risk. Speakers emphasized that effective due diligence requires moving past generic questionnaires and instead asking specific, pointed questions tailored to the nature of the business relationship and the jurisdiction involved. A more thoughtful and targeted approach allows companies to better identify hidden risks and demonstrate to regulators that their compliance programs are both dynamic and fit for purpose.

In the context of Foreign Terrorist Organization (FTO)-related enforcement, the concept of “knowledge” remains central, but the threshold for what constitutes material support is interpreted broadly. As a result, companies may face exposure even in situations where the connection to a prohibited party is indirect or not immediately apparent. This evolving standard reinforces the need for deeper due diligence, stronger internal controls, and robust documentation practices that clearly evidence the steps taken to assess and mitigate risk. Ultimately, organizations must ensure that their processes are sufficiently rigorous to prevent inadvertent violations while also being able to defend their actions under heightened regulatory scrutiny.

6. Data, Labor Laws & Jurisdictional Considerations

The panelists emphasized the increasing complexity companies face when conducting cross-border investigations, particularly in areas such as data hosting restrictions, labor law constraints, data collection policies, and overlapping jurisdictional requirements. These factors can significantly impact how and where data is accessed, reviewed, and transferred, often creating legal and operational challenges that must be carefully navigated. As a result, organizations must incorporate these considerations into their broader risk mapping exercises, ensuring that investigative strategies are aligned with local regulations while still meeting global compliance expectations.

In this environment, the use of technology is no longer optional—it is essential. Advanced tools for data processing, analytics, and secure hosting can help companies manage cross-border restrictions, maintain compliance with data privacy laws, and streamline investigative workflows. Leveraging technology also enables more efficient identification of relevant information, supports defensible processes, and enhances the overall speed and accuracy of internal investigations. Ultimately, integrating the right technological solutions into compliance and investigation frameworks allows organizations to better manage complexity while strengthening their ability to respond effectively to regulatory scrutiny.

What This Means for Your Compliance Program

The enforcement environment has not plateaued. It is accelerating. The session underscored the importance of acting early and decisively, avoiding hesitation when potential risks arise. Companies must prioritize thorough documentation at every stage—clearly capturing the purpose, process, and reasoning behind decisions—to ensure defensibility under regulatory scrutiny. Continuous improvement is essential to staying ahead of regulators, as expectations continue to evolve and enforcement becomes more sophisticated. Equally critical is the strategic management of the narrative, both internally and externally, recognizing that how a situation is framed can significantly influence outcomes.

Panelists also emphasized the importance of engaging external counsel at an early stage rather than waiting until issues escalate, as well as strengthening oversight of third parties, which remain a key source of risk. With enforcement trends pointing toward greater coordination and intensity, companies should be prepared for an increase in U.S.–Mexico cross-border investigations. Organizations that combine speed, preparation, strong governance, and strategic coordination will be best positioned to navigate this increasingly complex enforcement environment.

Is Your Compliance Program Ready for U.S. Enforcement Scrutiny?

Cross-border operations, third-party relationships, and supply chains are under a level of U.S. enforcement scrutiny that most compliance programs were not designed to handle. TransPerfect Legal works with Chief Compliance Officers and in-house counsel to close those gaps -- before regulators find them.

Our experts bring deep experience supporting in-house legal teams through internal investigations, cross-border data challenges, and third-party due diligence -- from early risk assessment through regulatory response. We work alongside your team as an extension of your function, not a replacement for it.

Talk to a TransPerfect Legal expert today.