AUSTRAC Reporting Entity Forum — Gambling Sector
AUSTRAC's recent supervision findings specific to the gambling sector — casinos and corporate bookmakers — including findings from the 2024 Compliance Report.
About this webinar
In May and June 2025, AUSTRAC hosted the Reporting Entity Forum. The gambling sector session covered supervision activities across casinos and corporate bookmakers over the past 12 months. AUSTRAC shared the themes to help reporting entities learn from them and consider what actions to take.
What AUSTRAC found — areas for improvement
Money Laundering & Terrorism Financing (ML/TF) Risk Assessments
+
A key concern was the lack of an appropriate and comprehensive ML/TF risk assessment. AUSTRAC said it is not sufficient to list or refer to generic controls — for example, referring to "TMP" or "ECDD" as a control without explaining how those specific components mitigate the risks identified. If you make statements such as "all customers are treated as low risk at onboarding," you should be able to support this through evidence and data. AUSTRAC said: "An ML/TF risk assessment is not tick and flick, nor is it set and forget."
AML/CTF Programs
+
The quality of AML/CTF programs was a critical concern. The program must use your ML/TF risk assessment as its base and include systems and controls your business will actually implement. AUSTRAC found programs that failed to define the processes actually followed, were not sufficiently detailed for consistent execution, and did not reflect how the business actually meets its obligations in practice.
Transaction Monitoring Programs (TMPs)
+
A Transaction Monitoring Program (TMP) is the system a reporting entity uses to monitor customer transactions for unusual or suspicious activity. A recurring theme AUSTRAC found was the failure to have a fit-for-purpose TMP capable of identifying suspicious transactions, large or complex transactions, and unusual patterns. If your TMP uses thresholds, you must be able to justify them and link them to your ML/TF risk assessment. AUSTRAC gave a specific example: your TMP should be able to identify a customer who wagers $100 per month for years and then suddenly gambles five times that amount in a month. AUSTRAC said: "Your TMP is not set and forget."
Enhanced Customer Due Diligence (ECDD)
+
AUSTRAC found failures including: a lack of clear and detailed policies around ECDD, instances where businesses were required to undertake ECDD but failed to do so, and ECDD that did not effectively mitigate the identified risk. AUSTRAC said: "One-size-fits-all ECDD is not appropriate ECDD." Re-verifying a customer's Know Your Customer (KYC) information will not assist in mitigating the risk of a customer who has a sudden spike in deposit value or betting activity. AUSTRAC also made clear that submitting an SMR is a reporting obligation — it is not a risk mitigation measure.
Board and Senior Management Oversight
+
A key concern was the lack of board and senior management oversight of the AML/CTF function. AUSTRAC said this "involves more than having AML/CTF as a standing item at meetings." The AML/CTF function must have access to the board and senior management to regularly report on ML/TF risks. The compliance function may need a reporting line that is sufficiently independent from revenue-generating areas of the business.
Enforcement — casino civil penalty case
Casino operator — substantial civil penalty
- •Failed to meet customer due diligence requirements
- •Systemic weaknesses in risk management and controls
- •High-risk customers moved large sums over several years — obscuring origin and ownership
- •Failed to conduct required checks on customers known to law enforcement
Corporate bookmaker — enforceable undertaking accepted
AUSTRAC accepted an enforceable undertaking from a corporate bookmaker that demonstrated willingness to cooperate and proactively address its obligations.
"A culture which encourages avoidance or compliance window dressing will be a focus of AUSTRAC's enforcement work."
Case study — Melbourne organised crime syndicate
AUSTRAC shared a real case to illustrate the value of SMR reporting:
A Melbourne-based organised crime syndicate operated a company arranging overseas students to migrate to Australia while facilitating a credit card shopping fraud scheme. Recruits with gambling debts were used to purchase high-value goods fraudulently across shopping centres. Goods were on-sold for cash. One SMR submitted by a casino revealed a syndicate member had converted $32,000 worth of gaming chips for cash using a casino identity card not linked to any gambling activity. Further transaction reports linked the same person to four other gaming chip cashouts totalling $59,000 over 14 months. Two syndicate members were charged — one sentenced to 2 years 3 months' imprisonment, the other to 12 months.
2024 Compliance Report data — gambling sector
63%
reviewed or updated ML/TF risk assessment
7%
did so in response to AUSTRAC feedback
72%
reported conducting ECDD
41%
sought SM approval to provide a designated service
60%
sought SM approval to continue a high-risk relationship
84%
completed their 2024 compliance report (up from 82%)
Disclaimer: Published by GetPost Labs Pty Ltd for educational purposes only. Not legal, financial, or compliance advice. Summary of publicly available AUSTRAC content — original: AUSTRAC Reporting Entity Forum — Gambling Sector, 17 July 2025. Refer to austrac.gov.au. Errors: sumit@getpostlabs.io