With the AML/CTF reform date approaching, clubs with 16 or more gaming machines should be well underway in completing their uplift work, updating documents, refreshing training and engaging advisers if necessary.
Key Points
- A summary of key AML/CTF reform changes impacting your club.
- Download a checklist to check reform readiness and providing board oversight.
- Summary of changes to CDD/KYC and the introduction of customer risk ratings.
The challenge now is less about knowing what AUSTRAC expects, and more about proving your program works day-to-day, on the floor and under pressure.
To support clubs, ClubsNSW has developed an AML/CTF Compliance Officers Reform Readiness Checklist for Senior Management and Board Oversight. It is designed for the AML/CTF compliance officer to check in with themselves on their reform readiness and to prepare board papers to enhance their oversight, not just as a “tick-and-flick” exercise.
The reform demonstrates AUSTRAC’s desire for improved governance, risk-based outcomes and clear processes. In short, clubs should be able to demonstrate:
- A risk assessment that reflects how the club actually operates (including proliferation financing);
- program policies and procedures that staff can execute consistently at the point of transaction (especially the new $5000 CDD trigger); and
- board oversight that is active, documented, and ties back to decisions and resourcing.
Implementation Plans
AUSTRAC understands not every organisation will be able to deliver the full reform changes by 31 March 2026. Where this is the case, AUSTRAC expects a documented implementation plan. More information can be found in Circular 26-029.
A credible plan does two things — it shows disciplined delivery and explains how risk will be managed while controls are still being uplifted.
In practice:
- Determine whether your compliance practices will meet the reform requirements on 31 March 2026.
- If they will not, ensure you develop an implementation plan which states current state of compliance; required end state; the gap, why it exists, and what is required to meet compliance; as well as the timeline, accountable person/s, review processes and how oversight will be maintained.
- Obtain formal senior manager and board approval on this implementation plan and provide continual oversight into its progress/completion.
More information can be found on AUSTRAC’s Reform Implementation Expectations page.
Risk Assessment: The “Generic Template” Trap
AUSTRAC has made clear that template risk assessment without customisation between venues is a red flag. Risk assessments often fail to mention terrorism financing risk, including sanctions, and with the new requirement to mitigate proliferation financing risk, all clubs are required to amend or bolster their ML/TF risk assessment.
A risk assessment is not just an administrative task; it is your justification for the controls that you have decided to put in place to keep your club operating within its risk appetite. If you say you are a small and low risk club, your risk assessment should demonstrate this. The more detailed the risk assessment, its data sources and justifications, the stronger and more risk aligned your program will be.
In practice:
- Review your existing ML/TF risk assessment and ensure it addresses money laundering risks including the proceeds of crime; terrorism financing risks, including sanctions risk; and proliferation financing risks.
- If it does not include risks, ratings and controls for individual risks within these areas, enhance your ML/TF risk assessment.
More information can be found on AUSTRAC’s Risk Assessments page.
Introduction of Customer Risk Ratings
The reforms require risk ratings to be applied to customers undergoing Initial Customer Due Diligence (Initial CDD).
It is important to note that clubs have until recently had exemptions from conducting Initial CDD until a patron receives a payout of $10,000 or greater. This exemption threshold has now reduced to $5000 as a part of the reforms. This exemption doesn’t prevent a club for completing Initial CDD when a risk-based trigger occurs i.e. observing suspicious behaviours by the patron in gaming.
Customer risk ratings must be decided using information that you are reasonably aware of or can collect, including their PEP and sanctions status, and information you have about the patron including past dealings or incidents, and additional information you decide to collect when completing Initial CDD.
Depending on the customer’s risk rating, your AML/CTF program will need to address what additional checks you may undertake such as background checks, adverse media, covert source of wealth and funds checks etc. Further, for a customer identified as high-risk, you will need to seek senior manager approval to continue to let them use your gaming machines.
In practice:
- Develop new processes for conducting Initial CDD and applying customer risk ratings.
- Lower CRT payout limits to $4999.99 or less to ensure customers are attending cashiers and completing Initial CDD.
- Amend cheque payout or customer identification forms to ensure you obtain necessary information to complete Initial CDD and risk ratings.
- Consider necessary training for staff so that they can implement these new processes.
- Consider how you will handle any additional privacy information collected (Circular 26-034).
More information can be found on AUSTRAC’s Customer Risk Rating page.
Assurance and Governance: “For Discussion” Not “For Noting”
All of AUSTRAC’s enforcement actions make a point of holding boards accountable for not maintaining sufficient oversight of AML/CTF compliance. Ensuring that all AML/CTF updates (whether a briefing paper, dashboard update or full presentation from the AML/CTF compliance officer) are marked as items “for discussion” instead of “for noting” is a simple change all clubs can make.
Boards and senior management should be actively engaging with the updates they are being provided, asking questions about conclusions made, changes undertaken, or the approach to determining risk and their controls. Minuting these discussions clearly demonstrates your board’s active engagement with AML/CTF compliance at your club.
In practice:
- Ensure your AML/CTF board updates are marked as a “matter for discussion”.
- Ensure your board minutes accurately capture the discussion, questions posed to the compliance officer or senior management, and any follow up items.
More information can be found on AUSTRAC’s Governing Bodies page.
Fit-and-Proper AML/CT Compliance Officers
AUSTRAC has now introduced expanded requirements to confirm when appointing and AML/CTF compliance officers (AMLCO).
Clubs must ensure they have selected an AMLCO at management level, as well as demonstrate that they are of good moral and ethical character, competent and capable to deliver AML/CTF compliance, and do not have any negative regulatory action taken against them, among several other requirements.
In practice:
- If you have an existing AMLCO, demonstrate that they meet the current requirements per AUSTRAC’s guidance.
- Develop new procedures for appointing new AMLCO as well as ongoing oversight of the existing AMLCO, including repeating checks.
- If you identify any concerns with the current AMLCO, consider remediation including additional training, or if necessary, appointing a new AMLCO.
More information can be found on AUSTRAC’s Compliance Officer page.
Related