Australia is undergoing the most significant overhaul of its anti-money laundering and counter-terrorism financing (AML/CTF) laws in more than a decade. For the gambling sector – including casinos, gaming venues, wagering operators, and pubs with poker machines – the changes are substantial and the deadline is fast approaching.
The Anti-Money Laundering and Counter-Terrorism Financing Amendment Act 2024 introduces a complete rewrite of obligations for existing reporting entities, with a compliance deadline of March 31, 2026. In response to this shift, this article provides a comprehensive overview of the new requirements for gambling operators.
The reforms are designed to align Australia with global standards set by the Financial Action Task Force (FATF) and to address long-standing concerns about the vulnerability of the gambling sector to financial crime. To that end, the new obligations focus on proactive risk management rather than passive compliance.
Who Is Regulated – Gambling as a Designated Service
Under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act) , certain business activities are classified as “designated services” because they pose a risk for money laundering and terrorism financing .
Gambling services classified as designated services include:
| Service Type | Examples |
|---|---|
| Betting accounts and services | Online and retail betting |
| Exchanging gaming chips/tokens | Casino cage transactions |
| Paying out winnings | Prize payments, jackpots |
| Games of chance for money | Table games, casino-style games |
| Gaming machines | Poker machines (pokies) |
In Australia, a range of gambling entities are subject to specific compliance requirements. Casinos such as Crown, Star, and SkyCity must comply, as do betting agencies and bookmakers. Pubs, clubs, and hotels that operate 16 or more gaming machines are also required to meet compliance standards. Additionally, wagering operators, including Sportsbet, TAB, and Bet365, along with racing totalisators, fall under the same compliance obligations.
The geographical link requirement: You are a reporting entity if you provide designated services that have a geographical link to Australia. This means even offshore operators targeting Australian customers may have obligations .
“If you provide one or more designated services that have a geographical link to Australia, you are a reporting entity.”
— AUSTRAC
Key threshold: Venues with entitlements to operate 16 or more gaming machines must comply with AUSTRAC reporting and program requirements.
[Source: AUSTRAC – Who and what we regulate]Key Changes Under the March 31, 2026 Reforms
The 2026 reforms represent a fundamental shift in how AML/CTF compliance is approached. Specifically, the move is from a compliance-based, template-driven model to a risk-based, outcomes-oriented approach.
Summary of key changes:
| Area | Old Approach | New Approach (from March 31, 2026) |
|---|---|---|
| Program structure | Part A and Part B separation | Flexible, business-specific organization |
| Risk assessment | General compliance risks | Comprehensive ML/TF/PF risk assessment |
| Governance | Minimal board involvement | Governing body approval and oversight |
| Compliance Officer | Often a token position | Senior role reporting to board |
| Customer Due Diligence | One-time checks | Initial + ongoing CDD |
| Transaction threshold | $10,000 for certain exemptions | Reduced to $5,000 for gaming venues |
The March 31, 2026 deadline applies to existing reporting entities (Tranche 1) – organisations already subject to AML laws. A separate deadline of July 1, 2026 applies to new sectors including lawyers, accountants, and real estate professionals (Tranche 2) .
Why this matters for gambling operators:
AUSTRAC has identified the gambling sector as being at particular risk of criminal misuse due to the products and services offered. The regulator has made clear that enforcement activity will increase under the new rules, with particular attention to proactive compliance and demonstrable risk management practices.
“The Australian casino sector is at risk of criminal misuse due to the products and services they offer.”
— Nicole Rose, former AUSTRAC CEO
| Date | Milestone | Affected Entities |
|---|---|---|
| August 2025 | New AML/CTF Rules finalised | All reporting entities |
| October 2025 | AUSTRAC releases new guidance | All reporting entities |
| March 31, 2026 | Reforms take effect for Tranche 1 | Casinos, gaming venues, wagering operators |
| July 1, 2026 | Reforms take effect for Tranche 2 | Lawyers, accountants, real estate agents |
| From March 31, 2026 | Enhanced enforcement expected | All reporting entities |
Core Compliance Requirements for Gambling Operators
Under the reformed AML/CTF regime, gambling operators must meet several core requirements.
1. AML/CTF Program
Operators must maintain a comprehensive AML/CTF program that sets out how the organisation will identify, mitigate, and manage ML/TF risks. Furthermore, the program must be approved by the governing body (board) and tailored to the specific risks of the business.
What AUSTRAC has found: During venue assessments, operators frequently did not understand or agree with risks outlined in template-based assessments. Some programs referenced controls not in use or ineffective in practice .
- Is my AML/CTF program tailored to my venue’s specific operations and risk profile?
- Does the development process include site visits or detailed operational inquiry?
- To what extent does the program rely on templates versus customised analysis?
2. ML/TF Risk Assessment
The risk assessment is now the cornerstone of compliance. To comply, operators must identify, assess, and document the risks that their gambling services may be exploited for money laundering or terrorism financing.
In determining compliance obligations, what must be considered includes the types of services provided, the types of customers, how services are delivered, and the countries the operator does business with. In addition, proliferation financing risks now form a new requirement that must also be taken into account.
What AUSTRAC has found: Cases where all risks were uniformly labelled “low” without supporting justification or data analysis.
3. Customer Due Diligence (CDD)
The reforms separate CDD into two types :
| CDD Type | Requirement |
|---|---|
| Initial CDD | Identify customer risk before providing service; screen for PEPs and sanctions |
| Ongoing CDD | Monitor customers throughout the relationship; apply appropriate measures |
New threshold for gaming venues: The transaction value threshold for certain CDD exemptions is reduced from $10,000 to $5,000, aligned with FATF standards .
4. Governance Requirements
Under governance requirements, the governing body (board) is now legally responsible for approving the AML/CTF program and the risk assessment. Additionally, it must receive sufficient information to discharge oversight responsibilities, along with receiving independent evaluations.
5. AML/CTF Compliance Officer
The role of the Compliance Officer has been significantly elevated :
| Requirement | Detail |
|---|---|
| Eligibility | Must be Australian resident, fit and proper person |
| Authority | Must have sufficient management authority, independence, and resources |
| Responsibilities | Oversight of day-to-day compliance, risk assessment, suspicious matter reporting |
| Reporting | Must report directly to the board |
6. Independent Reviews
Independent reviews of AML/CTF programs and ML/TF risk assessments must be conducted at regular intervals as required under the Act .
However, what AUSTRAC has found raises concerns: advisors relying on generic, template-based approaches that fail to reflect actual risks or controls.
[Source: AUSTRAC – Core guidance]
Enforcement, Penalties, and Recent AUSTRAC Actions
AUSTRAC has signalled that enforcement activity will increase under the new rules, with particular emphasis on proactive compliance and demonstrable risk management.
Penalties under the AML/CTF Act :
| Penalty Type | Maximum for Body Corporate | Maximum for Individual |
|---|---|---|
| Civil penalty | $33 million | $6.6 million |
Recent AUSTRAC enforcement actions in the gambling sector:
| Operator | Action | Status |
|---|---|---|
| Crown Resorts | Enforcement investigation for breaches of background check rules | Ongoing (as of 2026) |
| Star Entertainment Group | Investigation expanded to multiple entities under the company | Ongoing (as of 2026) |
| SkyCity Entertainment Group | Investigation into management of high-risk customers | Ongoing (as of 2026) |
“We have an enforcement investigation under way at Crown casino that demonstrates the seriousness of our concerns. And we also have significant compliance work under way on the casino sector.”
— Nicole Rose, former AUSTRAC CEO
What AUSTRAC has observed following compliance assessments :
- Quality and depth of AML/CTF programs need improvement
- Substantiveness of ML/TF risk assessments is lacking
- Depth of analysis in independent reviews is insufficient
- Training programs often outline risks inconsistent with venues’ own assessments
The cost of non-compliance:
Beyond financial penalties, non-compliance can result in severe consequences, including license suspension or revocation, significant reputational damage, increased regulatory scrutiny, the appointment of external monitors, and restrictions on business operations.
[Source: AUSTRAC official website]“Reporting entities remain legally liable regardless of advisor involvement. When non-compliance is identified, enforcement actions and penalties apply to the venue itself.”
Final Note
Australia’s AML/CTF reforms represent the most significant regulatory change for the gambling sector in over a decade. Crucially, the shift from a compliance-based to a risk-based approach requires operators to move beyond generic, template-driven programs. As a result, they must develop genuinely tailored compliance frameworks that address their specific risks—not just check a box.
Key takeaways for gambling operators:
- Deadline: March 31, 2026
- Core changes: Risk-based approach, enhanced governance, elevated Compliance Officer role, ongoing CDD
- Penalties: Up to $33 million for non-compliance
- Regulator: AUSTRAC is signalling increased enforcement
- Recent actions: Crown, Star, and SkyCity are all under investigation
Operators yet to update their AML/CTF programs should act urgently. That is because template-based approaches are increasingly failing to meet AUSTRAC’s expectations, and furthermore, the regulator has made clear that enforcement activity will increase under the new rules.
Sources:
- AUSTRAC – Who and what we regulate
- AUSTRAC – Core guidance
- AML/CTF Amendment Act 2024
- Lexology – AML/CTF compliance for gaming venues
- Lexology – AML/CTF Amendment Act changes
- Sparke Helmore – March 31, 2026 deadline
- MinterEllison – Navigate your compliance journey
- Special Investigation Commission – Casino probes
What Are the AML Requirements for Gambling Operators in Australia?
Q1: What gambling businesses are regulated under AML/CTF laws? ▼
Casinos, betting agencies, bookmakers, pubs and clubs with 16+ gaming machines, wagering operators (Sportsbet, TAB, Bet365), and racing totalisators are all regulated as “reporting entities” under the AML/CTF Act [citation:1][citation:2].
Q2: What is the March 31, 2026 deadline? ▼
March 31, 2026 is the compliance deadline for existing reporting entities (Tranche 1) under the AML/CTF Amendment Act. By this date, gambling operators must have updated their AML/CTF programs, risk assessments, and governance structures to meet the new requirements [citation:4][citation:7].
Q3: What is the new customer due diligence threshold for gaming venues? ▼
The threshold for certain CDD exemptions has been reduced from $10,000 to $5,000, aligned with FATF international standards. Gaming venues must conduct customer due diligence at this lower threshold [citation:4].
Q4: What are the penalties for AML/CTF non-compliance? ▼
Maximum civil penalties are $33 million for body corporates and $6.6 million for individuals. Non-compliance can also result in license suspension, reputational damage, and increased regulatory scrutiny [citation:2][citation:3].
Q5: What is the role of the AML/CTF Compliance Officer under the new laws? ▼
The Compliance Officer role has been elevated to a senior position reporting directly to the board. They must be an Australian resident, have sufficient authority and resources, and be responsible for oversight of day-to-day compliance, risk assessment, and suspicious matter reporting [citation:7].
