Emerging Criminal Risks for Companies in Mexico: Terrorism, Workplace Violence, and Preventive Detention

A New Map of Criminal Risks for Companies in 2025

‍
Corporate crime is no longer limited to accounting fraud or regulatory breaches. In 2025, the criminal landscape faced by companies in Mexico has radically changed. New geopolitical factors, constitutional reforms, and judicial criteria have given rise to a series of emerging criminal risks that demand a thorough review of corporate criminal compliance strategies.

In particular, three phenomena stand out for their potential to reshape the way corporate criminal liability is conceived: (i) the designation of Mexican cartels as terrorist organizations by the United States government; (ii) the consolidation of a new precedent from the Supreme Court of Justice of the Nation (SCJN) redefining workplace violence; and (iii) the expansion of mandatory preventive detention in Mexico, with direct consequences for corporate managers and boards of directors.

Understanding these transformations and anticipating their implications has become essential for any company operating in Mexico that seeks to remain legally protected in an increasingly complex and challenging regulatory environment.

‍

1. Terrorism as a New Corporate Risk: Implications of the Designation of Mexican Cartels

‍

From Criminal Organizations to Terrorist Organizations

‍
In February 2025, the United States government formalized a measure that had been under discussion for years: it declared six Mexican cartels as Foreign Terrorist Organizations (FTOs). This classification, which until now had been reserved for armed groups such as Al-Qaeda or ISIS, now applies to the Sinaloa Cartel, the Jalisco New Generation Cartel, the Northeast Cartel, the Gulf Cartel, the United Cartels, and the New Michoacan Family.

The change is not merely symbolic. It carries immediate legal consequences, not only for individuals directly linked to these organizations, but also for any company —Mexican or foreign— that, even unknowingly, maintains business relations with actors or structures connected to them.

H3: Extraterritoriality as a Risk Factor
The recent designation of certain Mexican cartels as terrorist organizations has expanded the reach of U.S. legislation, allowing authorities to impose sanctions beyond their borders. In this context, companies operating in Mexico face new criminal risks, since even actions previously regarded as internal compliance failures may now be interpreted as indirect support for terrorism.

Among the behaviors that may trigger these extraterritorial sanctions are:

• Contracting with suppliers in areas controlled by organizations designated as terrorist, which may involve resource flows that strengthen their operations without the company immediately realizing it.
• Maintaining commercial ties with shell companies used for money laundering by these groups, exposing the company to investigations for indirect financing of terrorism.
• Failing to implement effective due diligence mechanisms, which prevents the identification and blocking of high-risk relationships within the supply chain and commercial operations.
• Making payments to or accepting services from counterparties that have not been screened against international sanctions lists, thereby increasing the risk of violating restrictions imposed by U.S. authorities.

Inclusion of a company on sanctions lists such as those maintained by OFAC may result in asset freezes, severe restrictions on banking operations, and loss of access to international markets. This represents a paradigm shift: what was once considered an administrative breach may now constitute a potential act of material support for terrorism, with far-reaching criminal, financial, and reputational consequences.

‍

Due Diligence Is No Longer Optional

‍
Criminal compliance in Mexico now faces a new level of demand. Companies operating in exposed sectors or maintaining international relations must immediately strengthen their review and control protocols to identify and block any link that may involve relationships with individuals or entities connected to organizations designated as terrorist.

This strengthening of due diligence involves:

• Verifying the origin of funds in all financial transactions, identifying red flags in unusual flows or payment patterns that do not correspond to the nature of the business.
• Analyzing the geographic location and traceability of suppliers, especially those operating in regions with the presence of criminal groups, to rule out indirect ties that may imply complicity risks.
• Conducting a detailed review of the corporate structure of commercial counterparties, including ultimate beneficial owners and relevant partners, in order to identify possible links with entities or individuals included on sanctions lists.

In addition to these controls, companies must have internal reporting channels that allow suspicious operations to be reported confidentially, as well as establish rapid response measures in the face of any indication of irregularity. These processes should be complemented with clear protocols for cooperating with the competent authorities, ensuring that the company’s actions are aligned with legal requirements and contribute effectively to mitigating the emerging criminal risks that characterize the current environment.

‍

The Board of Directors and a New Duty of Oversight

‍

Inaction is no longer an option. The law requires boards of directors and audit committees not only to establish preventive measures, but also to ensure their effective enforcement. In an environment where criminal risk may arise from omission, the governing body has the duty to remain informed, react promptly, and document every decision related to the prevention of criminal risks.

‍

2. Workplace Violence: The New Approach of the SCJN

‍

A Redefinition of Workplace Violence

‍
In January 2025, the SCJN established a precedent that marks a turning point in the way workplace violence is understood. For the first time, phenomena such as labor exploitation, structural discrimination, and gender-based violence are recognized not only as internal conflicts or administrative offenses, but as human rights violations that may give rise to criminal liability for companies.

This shift means that the failure to prevent, address, or sanction such conduct is no longer merely a reputational or labor risk, but a real criminal risk, which may entail direct legal consequences for the organization and its governing bodies.

‍

Beyond the Visible: Structural Violence

‍
The SCJN has emphasized that it is not enough to react to isolated incidents. What is known as structural violence—conduct perpetuated systematically within a company’s culture, policies, or practices—creates liability for the company. This includes, for example:

• Imposing excessive working hours without adequate compensation, which may be interpreted as a form of exploitation.
• Lacking effective protocols for reporting harassment or gender-based violence, revealing the absence of protection mechanisms for workers.
• Failing to take corrective action against acts of discrimination based on gender, sexual orientation, ethnic origin, or social status, which may be interpreted as institutional tolerance of discriminatory practices.

Liability is no longer limited to sanctioning the direct offender: it extends to the organization that, by action or omission, allows these practices to persist.

‍

‍The Company as a Responsible Actor

‍
Under this new standard, the company ceases to be a neutral space where violence merely occurs and becomes a responsible actor obligated to prevent and eradicate it. This means it must:

• Have updated and operational internal protocols focused on the real protection of workers’ rights.
• Implement diversity, inclusion, and non-discrimination policies that translate into concrete and measurable actions within workplace dynamics.
• Carry out periodic internal audits to identify patterns of violence, discrimination, or exploitation, and take immediate corrective action.

This approach compels companies to build a safe and respectful work environment, not only as a matter of corporate ethics but as part of their legal duty.

‍

The Role of Criminal Compliance

‍
Traditionally, corporate criminal compliance has focused on the prevention of financial, tax, or corruption-related crimes. Today, this approach is insufficient. The prevention of crimes related to workplace violence and discrimination must be explicitly integrated into compliance programs.

This requires that human resources and compliance departments work in coordination to:

• Establish mechanisms for the prevention, detection, and response to any indication of workplace violence.
• Train executives, middle management, and employees in human rights, gender equality, and protocols for action in cases of violence.
• Ensure that policies not only exist as documents but are effectively applied in the company’s day-to-day operations.

This shift in perspective on criminal compliance is not optional. It is a necessity to protect workers, safeguard the integrity of the organization, and avoid criminal liability that could compromise the company’s continuity and reputation in an increasingly demanding legal environment.

‍

3. Mandatory Preventive Detention: The Criminal Risk Threatening the Board of Directors

‍

A Reform with Profound Implications

‍
In 2024, the Mexican Congress approved a constitutional reform that considerably expands the range of crimes subject to mandatory preventive detention. With this modification, offenses such as tax fraud, money laundering, corruption, and environmental crimes may now result in the automatic imposition of preventive detention, without the Public Prosecutor having to prove risk of flight or obstruction of justice.

This change significantly increases the level of criminal exposure for companies and, in particular, for their governing bodies. From this reform onward, an error, an omission, or even a well-founded suspicion regarding the actions of an executive may be sufficient to impose preventive detention before a conviction has been handed down.

‍

A Higher-Risk Environment for Executives

‍
Corporate officers—particularly those in regulated or high-exposure sectors—now face a criminal risk that has become more immediate and tangible. Merely being formally charged with any of the offenses now subject to mandatory preventive detention may automatically lead to the detention of an executive, generating impacts such as:

• Abrupt interruption in decision-making and in the day-to-day operations of corporate governance, creating management gaps and uncertainty among clients, suppliers, and employees.
• Severe reputational damage to the company, which may erode the confidence of business partners, investors, and the market in general.
• Freezing of assets and key contracts, affecting the company’s liquidity and financial stability.
• Direct risks to operational continuity, especially in sectors where contracts require the presence and signature of certain legal representatives, or where licenses depend on the legal status of corporate officers.

What was once considered a preliminary stage in criminal proceedings has now turned into a direct threat to the stability of companies and their governing bodies.

‍

Prevention Through Corporate Design

‍
In this context, companies need to strengthen their internal structure and adopt preventive measures that allow them to anticipate and effectively mitigate criminal risks. Some key actions include:

• Redesigning the powers of the board of directors, ensuring that high-impact decisions go through legality filters and specialized committees that document each step of the analysis.
• Thoroughly recording decision-making processes, leaving evidence of the reasons, evaluations, and advice that supported each resolution in order to facilitate defense in the event of investigations.
• Taking out directors’ and officers’ (D&O) liability insurance covering legal defense costs and, in certain cases, compensation for damages arising from criminal proceedings.
• Implementing crisis protocols designed to be activated in the event of the detention of a board member, ensuring temporary removal or immediate replacement and the operational continuity of the business.

In addition, it is essential that governing bodies participate in periodic training on the new criminal scenarios and have constant legal counsel to help them identify risk signals in their daily operations.

In this increasingly rigorous regulatory environment, prevention is no longer a competitive advantage: it has become a minimum condition to operate with certainty and protect the integrity of those making decisions within companies.

‍

Conclusion: Criminal Prevention as a Pillar of Business Continuity

‍
The criminal landscape in Mexico has changed, and with it the requirements for companies and their governing bodies. The designation of Mexican cartels as terrorist organizations, the new standard of the SCJN on workplace violence, and the expansion of offenses subject to mandatory preventive detention are signals of a legal system moving toward shared responsibility of organizations in crime prevention.

In this scenario, corporate crime is no longer an abstract concept, but a real risk that can materialize in multiple ways: from omissions in due diligence to the lack of effective mechanisms to prevent workplace violence and discrimination, to business decisions that fail to consider the criminal exposure of executives in highly regulated sectors.

Criminal compliance can no longer be limited to general ethics or integrity programs. It must become a living instrument, designed to anticipate specific risks, detect potential contingencies, and act swiftly when warning signs are identified. Boards of directors must take an active role, stay informed, document every relevant decision, and design protocols that ensure the operational continuity of the company even in adverse situations.

Protecting the company today means protecting the people who lead it. In an increasingly demanding legal environment, criminal prevention is not an added value, but an essential condition to operate with certainty, maintain the trust of clients and partners, and guarantee business resilience in the face of an ever-evolving risk landscape.

‍