Introduction
Independent reviews for registered clubs are essential for enhancing trust and transparency within the community. These reviews allow members and potential members to make informed decisions based on real feedback, which ultimately strengthens the reputation of the club.
Over the last six months, we have either conducted or assisted in providing evidence to over fifty registered clubs to complete an independent review of their Anti-Money Laundering and Counter-Terrorism Financing (AMLCTF) program.
I can honestly say that every club review we’ve been involved in shows that clubs are committed to reducing the opportunities for money laundering in their venues.
The main issue for some small clubs is being under-resourced or unaware of their responsibilities for implementing a program.
Some gaps remain in the Club’s transaction monitoring program and training implementation.
We will continue to try to make them easier throughout the year.
The Problem for Small to Medium Clubs
Chief Executive Officers, Secretaries, or General Managers in small to medium clubs wear many hats and generally have fewer resources than larger clubs. They must understand many compliance requirements, such as the Liquor Act, Gaming Machines Act, Food Act, and Work Health and Safety Act.
No wonder it seems overwhelming and challenging.
This is combined with a misunderstanding that the TAB program and training you have to undertake do not fulfil your Club’s AMLCTF obligations.
The TAB program covers wagering, for which you are an Agent and provide a service on their behalf.
The Club’s responsibility is to provide Electronic Gaming Machines (EGMs).
Copying the TAB program and putting the Club’s name on the header and footer does not produce a program that complies with the legislation.
This, combined with the attitude of some in the Club industry that money laundering doesn’t occur, has resulted in some putting their heads in the sand.
Management responsible for managing the Club and supporting the board in implementing their AMLCTF compliance requirements needs to stop and ask for help.
Don’t assume you know.
Your general gaming requirements are not the same as your AMLCTF requirements.
Don’t just go and grab another program from another club and assume it is correct.
Setting Scene
This report provides insight into Clubs’ responsibilities to have and implement an AMLCTF program.
A simple document with some headings on a page or copying in the TAB program is not good enough. There are specific program requirements, some of which are industry-specific, but this report will focus on the requirements of Clubs only.
The Anti Money Laundering and Counter Terrorism Financing Act and rules replaced the old Financial Transaction Report Act in 2006.
Around this time, the Australian Transaction Reports and Analysis Centre (AUSTRAC), Australia’s financial intelligence unit and anti-money laundering and counter-terrorism financing (AML/CTF) regulator, was created.
AUSTRAC regulates businesses to prevent criminal financial system abuse and works with partners to protect the community from serious and organised crime.
In 2010, AUSTRAC conducted a series of desktop reviews of the Club’s AMLCTF programs to gauge compliance with the legislation.
In 2014, AUSTRAC commenced conducting on-site face-to-face audits with larger Clubs.
In 2018, AUSTRAC published the Preparing and implementing an anti-money laundering and counter-terrorism financing (AML/CTF) program – Pubs & clubs sector guide.
If you don’t meet your obligations under AML/CTF law, AUSTRAC can take steps to enforce your compliance and seek a penalty.
‘Enforcement actions’ are specific legal actions we can take to ensure reporting entities comply with the law. Enforcement actions available to AUSTRAC are:
- civil penalty orders
- enforceable undertakings
- infringement notices
- remedial directions.
Current Research
In the year ending June 30, 2021, electronic gaming machines (EGMs) in pubs and clubs across New South Wales saw a turnover of $95 billion. With nearly 100,000 EGMs licensed in the state and 86,747 actively in use, these machines are widely accessible, from regional pubs to large club conglomerates.
The NSW Crime Commission (NSWCC) led an inquiry revealing that a substantial portion of the money gambled in these machines is derived from criminal activities, often called “dirty money.” It is estimated that billions of dollars of this dirty money were gambled in NSW during the reported period.
The inquiry determined that most dirty cash is being gambled rather than laundered into clean money. Both activities are criminalised under Part 4AC of the Crimes Act 1900 (NSW) and are considered serious offences.
Due to their cash-based operation, EGMs are particularly vulnerable to money laundering, as cash remains the primary method for criminals to convert illicit commodities into wealth. Although the extent of money laundering through EGMs cannot be precisely determined, it is assessed to be significant and widespread.
The inquiry faced challenges in obtaining a complete picture of the criminal activities due to a lack of comprehensive data, which hinders law enforcement’s ability to detect, investigate, and prosecute such crimes.
What did we Learn from the Reviews?
Some Clubs have implemented effective systems like CIRT to implement and monitor their AMLCTF responsibilities. Some Clubs have purchased other online systems but are unaware of how to use them. Other Clubs have copied programs from others or copied information from Compliance Guides without contextualising or updating the information. Some still believe the TAB covers their requirements.
The following overview of the results of several independent reviews’ recommendations and explains why they were made.
Customer Due Diligence
What has become confusing for Clubs is the exemption of the initial customer identification process.
As an eligible gaming machine venue, the Club is not required to undertake initial customer identification procedures referred to in the AML/CTF legislation as Know Your Customer (KYC) until a customer collects $10,000 in cash or cheque (this is different from the Gaming Machine Act legislation). This differs from many other businesses, where the KYC must be completed before providing a service to the customer.
However, when staff identify that KYC information is required due to suspicious activity in compliance with the Club’s enhanced customer, due diligence program staff may be required to do so regardless of the value of the winnings.
Example:
A customer starts to play a machine, and you observe them winning. You then observe another customer approach them, and there appears to be a money transaction. The person who won initially then leaves the machine with an apparent amount of cash in their hand, and the second person stays at the machine and calls the attendant to process the winnings. It may be possible that the second person has purchased the winning ticket from the original player for extra money so that they can legitimise illegal money. In this case, you would inform the supervisor to obtain the appropriate KYC information during the payout process. This information may then be used to submit a suspect matter report.
Enhanced Customer Due Diligence
Enhanced Customer due diligence is the process of reviewing or confirming customers’ sources of wealth or funds. Staff may observe and report a change in the behaviour of an existing Customer or new customer. People change, and you become more aware of someone’s background as you get to know them. Customers may be observed mixing with others in or outside the club.
People talk, and when this intelligence or information raises concerns, you would be required to make further enquiries regarding employment or social associations. This may change the risk related to the individual.
Review and Update Transactional Monitoring Program
A transaction monitoring program is required.
In simple terms, this means monitoring transactions for suspicious behaviour. The easiest way to do this is to monitor machine play.
Cancelled credits are an excellent start to check out suspicious play.
A sure sign of money laundering is when someone places a significant amount of cash in a machine without or with very little play, cancels, and redeems their cash.
Now, the cynics out there will justify that with the following:
These are valid reasons, but how do you know if you don’t check?
- They changed their minds
- Their favourite machine wasn’t available when they started playing
- They got a bad feeling
- Their partner called and had to go home
Depending on the type of system you run in your venue, such as E-bet or Aristocrat, will determine how much detail you can obtain from it. Small clubs using less complicated systems will have to rely on staff and monitor suspected transactions using CCTV.
Case Study
The following will reinforce to those in the hospitality space how important it is to have an effective Anti-Money laundering and counter-terrorism financing program and teach staff about the signs of cleaning money through gaming machines.
I discussed with a client today the suspicious behaviour of a male attending the club, spending limited time at a gaming machine, and walking directly to the cash redemption terminal (CRT).
A very observant gaming attendant reported the behaviour, and the compliance officer reviewed the CCTV. The review revealed that the male approached the machine and inserted $776. The male immediately cancelled the credit and took a ticket from the machine. The male then went to the CRM and cashed in his ticket. He is a member of the Club.
Because of the staff members’ awareness, evidence was gathered, and a suspicious matter report was submitted.
The moral of the story is if you think money laundering is bullshit. Think again.
Employee Due Diligence
You must have an employee due diligence (EDD) program that documents how you will screen and rescreen your employees and contractors for money laundering or terrorism financing (ML/TF) risks to protect your business.
Screening your employees can include checking their background to determine their suitability for the role, making sure they are who they say they are, and confirming with previous employers and, yes, confirming with previous employers.
Occasionally, employees are caught stealing or engaging in other poor behaviour and are offered the opportunity to leave, or the police will be contacted.
Part of your employment process is conducting due diligence on what the new staff member states in their resume. Be clear that previous employers will be contacted to validate experience. This must then be documented on the employee file.
Staff Require Review of AMLCTF Training
You are required to provide training to all new staff on your AMLCTF program. That’s right about your program, not just general information.
The training needs to be related to your program and not the TAB.
You need to be able to provide evidence of the training.
Board Approve the Program
The board of directors must approve your program whenever it is implemented or updated.
Remember, the board is responsible and accountable for having a compliant program in place. In small clubs, the CEO/SM implements a system for the Club.
This process is as simple as presenting the program, online or on paper, to the board for them to review and acknowledge.
This then needs to be minuted for evidence.
Remember, board members change.
The Board is to Acknowledge the Independent Review
Like approval, it is good practice for the board to acknowledge and minute the independent review. This shows that the board is aware of gaps or confirms that their program is compliant.
There is a President’s Due Diligence form for CIRT users. We suggest you consider using it before accepting independent review and accept both reports and forms together.
The program Must Have a Part A and Part B
The AMLCTF program must be divided into two parts. I know some of you will ask if it matters. In short, the answer is yes. The following outlines the inclusions:
- Part A must include the processes and procedures to help your business identify, mitigate and manage the ML/TF risks it may reasonably face.
- Part B outlines your procedures for identifying and verifying your customers’ identity.
Membership / Customer Types
The AUSTRAC compliance report asks for the customer type, such as individual, partnership, company, etc. Most Clubs only have individual membership.
A person becomes a member and obtains a membership card. In some Clubs, there will be different levels or lengths of membership, but they are all individual memberships.
Conduct Risk Assessments
This means that Clubs must understand their risk regarding customers, staff, and the venue.
You are asked to confirm this when you complete your annual AUSTRAC Compliance report in March.
This is not a security risk assessment of access control, cash handling, etc, but a specific risk assessment regarding:
- Types of customers
- Staff
- Venue
Politically Exposed Person
A politically exposed person (PEP) is a member of parliament, state, or commonwealth.
A PEP is an individual who holds a prominent public position or role in a government body or international organisation in Australia or overseas. Immediate family members and close associates of these individuals are also considered PEPs.
PEPs often have power over government spending, budgets, procurement processes, development approvals, and grants. Examples of PEPs include heads of state, government ministers or equivalent politicians, senior government executives, high-ranking judges, high-ranking military officers, central bank governors, or board members or executives of an international organisation.
Because PEPs hold positions of power and influence, they can be targets for corruption and bribery attempts and, ultimately, for money laundering or terrorism financing activities. This is why it’s essential to use AML/CTF measures to identify, mitigate, and manage any such potential risks.
It is important to note that being a PEP doesn’t automatically mean someone is involved in criminal activities.
Independent Reviews
An independent review is precisely what the name suggests—a review conducted by someone who wasn’t responsible for writing or developing your program.
It is not a risk assessment conducted by the organisation that developed your program.
The independent review aims to provide the board with evidence that the Clubs’ program is being implemented according to the legislation.
The AUSTRAC website suggests that Independent Reviews should be conducted every two to three years for high-risk organisations.
In 2024, the banks required independent reviews to be conducted and provided to them as part of their due diligence requirements for loan renewals.
Suspicious Matter Report
Suspicious matter reports (SMRs) are submitted to AUSTRAC online when you have identified a Suspicious transaction. Your annual compliance report asks how many SMRs you have submitted and, if none, why.
Don’t be worried about submitting a report and being investigated the next day. Remember that money launders are mobile. The information you provide today on a Suspicious transaction may be just the piece of the missing puzzle required to confirm the identity of someone attending multiple venues.
Conclusion
While all clubs were committed to implementing a program, several gaps still allow clubs to be breached if audited by AUSTRAC.
The good news is they are not hard to fix.
Reach out and discuss you’re your program with Mick Huggett on 0417 448507 or email [email protected]
