Introduction

On October 20, 2025, the terms of three first-of-their-kind Financial Crimes Enforcement Network (FinCEN) orders issued pursuant to the Fentanyl Sanctions Act and the FEND Off Fentanyl Act took effect.

FinCEN, a bureau of the U.S. Department of the Treasury, issued the unprecedented orders in June 2025, identifying three financial institutions based in Mexico as "primary money laundering concern[s] in connection with illicit opioid trafficking" and prohibiting certain transmittals of funds involving said institutions by U.S. covered financial institutions. FinCEN delayed the effective date of the orders, but the terms are now in effect.   

The named financial institutions include two commercial banks, CIBanco S.A., Institution de Banca Multiple (CIBanco), and Intercam Banco S.A., Institución de Banca Multiple (Intercam), and one brokerage firm, Vector Casa de Bolsa, S.A. de C.V. (Vector) (together, the Mexican financial institutions). According to FinCEN, the Mexican financial institutions "have collectively played a longstanding and vital role in laundering millions of dollars on behalf of Mexico-based cartels and facilitating payments for the procurement of precursor chemicals needed to produce fentanyl." 

While adherence to the FinCEN orders is required by covered financial institutions,¹ both covered financial institutions and other entities operating in Latin America should see these developments as a broader call to action to assess if their compliance programs are fit for purpose to mitigate against risks posed by transnational criminal organizations (TCOs) and narcotics trafficking. Furthermore, in recent months, the Trump administration has designated 13 cartels and TCOs in Latin America as Foreign Terrorist Organizations (FTOs). These designations create potential civil and criminal liability under the Anti-Terrorism Act (ATA) for companies and individuals providing material support to or aiding and abetting FTOs, and also create significant corruption, economic sanctions, and money laundering risks, altering the risk landscape for companies operating in the region.

Recommended Risk Mitigation Steps 

The following recommended actions are designed to help financial institutions and other entities assess and enhance their risk management strategies in response to this evolving enforcement landscape.

1. Mapping Touchpoints and Transactions Flows 

As a first step, financial institutions should map their relationships and touchpoints with the designated Mexican financial institutions, including their branches, subsidiaries, and offices in Mexico. As part of this process, it is important to understand the nature of the relationships to determine if they are covered by the orders. For example, FinCEN clarified that if the Mexican financial institution serves only as a trustee but the accounts are held at other financial institutions, the transactions are not covered by the orders. Following the mapping exercise, covered financial institutions subject to the orders should take steps to block the transmittal of funds to and from accounts at CIBanco, Intercam, and Vector. Non-covered financial institutions should consider their exposure to determine if blocking fund transmittals or other measures are warranted. 

2. Revisiting Broader Financial Crime Risk Assessments

While organizations should conduct risk assessments on a periodic basis, risk assessments should be reevaluated in response to specific triggers, such as changes in regulatory requirements, emerging risk typologies, and enforcement priority updates. In response to the orders, this may include: 

• Prioritizing high-risk geographies (Mexico, China), vulnerable customer types (import/export entities, shells), and products linked to precursor chemicals or virtual assets
• Examining the mechanics of how a risk may materialize, e.g., through correspondent relationships, customer payment activity, or exposure via nested transactions or services 

3. Updating Customer Due Diligence (CDD) and Screening Capabilities

Financial institutions should take immediate steps to review and enhance their CDD processes to ensure they are robust enough to identify direct and indirect exposure to the designated Mexican financial institutions and any other actors that may be engaging in related illicit activities. CDD and associated screening processes updates may include: 

• Updating blocklists to include the designated entities, as well as their full legal names, aliases, Mexican branches or affiliates, and related identifiers into screening systems
• Reassessing the categories of parties required to undertake Enhanced Due Diligence (EDD) to contemplate geographic exposure to Mexico, involvement in the trade of precursor chemicals, and companies with elevated risks, such as travel agencies and cash intensive businesses

4. Enhancing Transaction Monitoring Rules 

Financial flows linked to TCOs and narcotics trafficking can involve cross-border networks, intermediaries, unknown participants, and obfuscation through seemingly legitimate business operations. Financial institutions should consider the following when enhancing transaction monitoring rules: 

• Back-testing to assess whether current transaction monitoring thresholds and system configurations would have detected similar fact patterns to those facilitated by the designated Mexican financial institutions
• Applying lower dollar thresholds as narcotics-related drug trafficking can be in the form of low value transactions in higher volumes, particularly for convertible virtual currency transactions
• Keyword screening for relevant keywords such as fentanyl

5. Use of AI/Generative AI to Alleviate Operations 

With lower transaction monitoring thresholds, the resulting increase in alerts can strain investigative teams and increase capacity constraints. Generative AI may offer a scalable solution, enabling efficient processing of large data volumes, alert prioritization, and detection of complex patterns of potentially suspicious activity without a proportional increase in headcount. 

To fully realize these benefits, institutions should implement AI and Generative AI models within a strong governance framework. This includes thorough technical reviews to ensure responsible development and deployment, quality control processes, and effective management of associated risks such as biases in the data leading to unfair or discriminatory results.

Conclusion

For financial institutions and other entities with operations in Mexico and Latin America, the FinCEN orders serve as a reminder to reassess whether existing compliance frameworks are adequate to address these evolving risks. Beyond satisfying the legal requirements of the orders, financial institutions should view this as an opportunity to strengthen programs to address the broader challenges posed by TCOs and narcotics trafficking, thereby mitigating both enforcement exposure and reputational harm.

Authors

Miller & Chevalier

Jeffrey A. Lehtman, jlehtman@milchev.com, 202-626-1484

Leah Moushey, lmoushey@milchev.com, 202-626-5896

Facundo Galeano, fgaleano@milchev.com, 202-626-5961

Forensic Risk Alliance

Meredith Fitzpatrick, mfitzpatrick@forensicrisk.com, 202-836-1425

Thomas Hyun, thyun@forensicrisk.com, 202-819-0439

Blair Sprott, bsprott@forensicrisk.com, +44 7860 855236

----------

¹ "Covered financial institutions" include "[e]ach agent, agency, branch, or office within the United States of any person doing business, whether or not on a regular basis or as an organized business concern" in the capacity of (1) a bank, (2) a securities broker or dealer, (3) a money services business, (4) a telegraph company, (5) a casino with a gross annual gaming revenue exceeding $1 million, (6) a card club or similar gaming establishment with a gross annual gaming revenue exceeding $1 million, (7) a person subject to supervision by a state or federal bank supervisory authority, (8) a futures commission merchant, (9) an introducing broker in commodities, or (10) a mutual fund. See 31 CFR §1010.100(t). The FinCEN orders apply to CIBanco, Intercam, and Vector as well as their branches, subsidiaries, and offices in Mexico; however, the FinCEN orders do not prohibit transactions with branches, subsidiaries, and offices of these entities located outside of Mexico.

The information contained in this communication is not intended as legal advice or as an opinion on specific facts. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. For more information, please contact one of the senders or your existing Miller & Chevalier lawyer contact. The invitation to contact the firm and its lawyers is not to be construed as a solicitation for legal work. Any new lawyer-client relationship will be confirmed in writing.

This, and related communications, are protected by copyright laws and treaties. You may make a single copy for personal use. You may make copies for others, but not for commercial purposes. If you give a copy to anyone else, it must be in its original, unmodified form, and must include all attributions of authorship, copyright notices, and republication notices. Except as described above, it is unlawful to copy, republish, redistribute, and/or alter this presentation without prior written consent of the copyright holder.