If you run a club or pub with gaming machines, 31 March 2026 is a date you need to have firmly on your radar. The AUSTRAC AML/CTF 2026 reforms begin from this date, introducing a fundamental change in how compliance is structured, managed and enforced.
This isn’t a minor update. It marks a shift from static, checklist-style compliance toward a more active, risk-based operating model, and places greater responsibility on venues to demonstrate how they identify, manage and respond to financial crime risks.
This guide breaks down the key AML/CTF changes for clubs and pubs, explains what they mean in practice and helps you understand how to prepare ahead of the deadline.
Note: This guide offers a general overview of the latest reforms. For specific legal guidance and the most comprehensive details, please refer to AUSTRAC’s official AML/CTF reform updates.
What are the AUSTRAC AML/CTF 2026 reforms?
The AUSTRAC AML/CTF 2026 reforms are a major update to Australia’s anti-money laundering laws, introducing lower identification thresholds, stronger governance requirements and a more risk-based compliance approach for clubs, pubs, gaming venues and other reporting entities.
While some elements of the reforms will be phased in over a transition period of three years (up to 30 March 2029), others take effect immediately, requiring gaming clubs and pubs to make practical changes in how they manage compliance day to day.
From 31 March 2026, five key changes are particularly relevant for clubs and pubs with gaming machines:
- The Customer Due Diligence (CDD) threshold for gaming payouts reduces from $10,000 to $5,000
- AML/CTF programs move to a single, consolidated structure (removing the Part A / Part B format)
- Ongoing customer monitoring is strengthened and more explicitly enforced
- There are stronger expectations around appointing a fit and proper AML/CTF Compliance Officer
- Risk assessments must explicitly consider proliferation financing
Let’s take a closer look at each of these changes and what they mean for gaming venue compliance in Australia.
1. The new $5,000 CDD threshold for gaming venues
One of the most immediate and impactful updates is the reduction in the identification threshold for Customer Due Diligence (CDD).
What is the new AUSTRAC payout threshold for gaming?
The threshold for conducting Customer Due Diligence drops from $10,000 to $5,000.
This applies to:
- Single cash payouts of $5,000 or more
- Multiple linked payouts or transactions that total $5,000
Importantly, this obligation cannot be deferred and applies immediately on 31 March 2026 with no exceptions. For full details on the transitional rules, see AUSTRAC’s transitional rules update.
What this means for gaming venues
Lowering the threshold significantly increases the number of transactions that trigger an identification requirement.
For venues, that means:
- More frequent ID checks at the gaming floor
- Increased pressure on staff to act quickly and consistently
- Greater need to detect and respond to structuring (customers deliberately splitting transactions to avoid triggering identification thresholds)
- Higher risk of missed or inconsistent compliance if processes are manual
Without the right systems in place, this can lead to struggles with:
- Long wait times and poor customer experience
- Incomplete or inconsistent identity verification
- Increased exposure to regulatory scrutiny
💡 Many venues are already moving toward solutions like integrated KYC verification and instant ID scanning to help manage the increased demands on staff and exposure to risk. Automated incident logging means processes can be easily standardised while creating reliable, time-stamped records that support compliance for AUSTRAC review.
2. The consolidated AML/CTF program 2026
Another major change is the removal of the traditional two-part program structure.
What’s changed?
Previously, venues were required to maintain:
- Part A: Risk management
- Part B: Customer identification
From 31 March 2026, these merge into a single, consolidated AML/CTF program.
What this means in practice
Venues can now structure their compliance program in whatever way best suits their operations, as long as all required elements are addressed.
However, this flexibility comes with a clear expectation: the new framework is less prescriptive about format, but more demanding about substance.
Your program needs to:
- Be tailored to your actual risk profile
- Demonstrate how policies translate into real actions
- Ensure systems, staff and reporting are aligned
How to transition to a consolidated AML program
To move effectively, venues should focus on a few practical steps:
- Review what you already have
Look at your current policies and procedures. Identify where they don’t match what actually happens day to day. - Make it fit your venue
Your program should reflect your real risks, including how customers behave, how payouts are handled and how your gaming floor operates. - Connect your processes
ID checks, transaction monitoring and incident reporting should work together, not sit in separate systems or logs. - Digitise where possible
Paper logs and spreadsheets make compliance harder to manage and harder to prove. Where possible, move to systems that create consistent, trackable records. - Assign clear responsibility
Make sure staff know what they’re responsible for, and that your Compliance Officer has clear oversight. - Get it approved and keep it current
Your program should be signed off by senior management and reviewed regularly as your operations or risks change.
For more detail, AUSTRAC provides guidance on how to develop and maintain your AML/CTF program.
💡If you need support with this, we’ve partnered with BNDRY to build a platform that brings compliance into one place. From monitoring activity to managing risk and reporting, venues can centralise their entire compliance program, reduce manual work and confidently stay audit-ready.
3. Ongoing customer monitoring is now mandatory
Compliance is no longer something you have. It’s something you actively demonstrate, signalling a broader shift toward real-time monitoring, decision-making, and evidence-based reporting.
What’s changed?
The key shift here is that AUSTRAC expects venues to demonstrate that they are actively monitoring customers on an ongoing basis, particularly looking for unusual patterns or behaviour that may indicate risk.
That means:
- Keeping an eye on customers who visit frequently or make large transactions
- Reviewing flagged alerts and acting on them
- Knowing when to file a Suspicious Matter Report (SMR) with AUSTRAC
- Making sure staff are aware of the tipping-off prohibition (informing a customer that an SMR has been filed is a criminal offence)
This is where many venues will feel the strain, especially those relying on manual registers, disconnected systems and reactive processes.
What about higher-risk customers?
If a customer’s risk profile is elevated (for example, they’re a high-frequency player, a politically exposed person, or a suspicious matter report has been raised) enhanced checks are required. This is assessed case by case based on the risk your venue identifies.
💡Automated AML/CTF incident logging and real-time digital incident registers gives venues a manageable way to demonstrate ongoing compliance and due diligence with auditable, time-stamped records of everything that’s been reviewed and acted on.
4. Appointing a ‘fit and proper’ Compliance Officer
The AUSTRAC AML/CTF 2026 reforms introduce a stronger, more explicit requirement for venues to appoint a fit and proper AML/CTF Compliance Officer.
What is a ‘fit and proper’ AML/CTF Compliance Officer?
The term carries legal weight. While venues have always needed someone responsible for AML/CTF compliance, the 2026 reforms formalise this with a clear expectation that the appointed officer must have the relevant skills, knowledge, and personal integrity to perform the compliance function effectively.
This isn’t just a nominal title, but a substantive role with genuine authority and accountability. The role comes with real responsibility, including:
- Overseeing the venue’s day-to-day compliance performance
- Maintaining and updating the AML/CTF program
- Escalating concerns to senior management and the board, who are now expected to actively oversee compliance
- Documenting oversight activities which will be expected during any audit or enforcement review
What this means in practice
For venues, this is a prompt to review whether the current compliance function is appropriately resourced. Review:
- Does the person responsible have current AML/CTF knowledge?
- Do they have the authority to act independently when needed?
- Is their appointment to the role formally documented?
💡 The Cherryhub products support Compliance Officers with the tools they need to do their job effectively, from automated incident logging to built in escalations, alerts and KYC support.
5. Proliferation financing needs to be in your risk assessment
For the first time, venues are required to consider proliferation financing in their risk assessments.
What is proliferation financing?
Proliferation financing refers to financial activities linked to the development or spread of weapons of mass destruction.
What venues need to do
- Include this risk in their AML/CTF program
- Assess exposure based on venue profile
- Address it within existing controls
For most clubs and pubs, this will be a low-risk inclusion, but it must still be explicitly documented.
Important: Document your compliance plan
AUSTRAC has made it clear that venues are expected to be actively preparing for the reforms, including identifying gaps and taking steps to address them. While they don’t expect perfection, they do expect effort.
Venues that are genuinely working toward compliance, with a credible plan endorsed by management or the board, are in a much better position than those who haven’t started.
For full detail on what AUSTRAC expects, see their statement on regulatory expectations.
How Cherryhub supports compliance under the AUSTRAC AML/CTF 2026 reforms
Getting ready for the March 31 AML/CTF deadline is about more than updating a document. It’s about making sure the right processes are in place and that your team can actually follow them consistently.
Cherryhub is designed to support venues navigating this environment. We provide:
- Digital compliance solutions for clubs and pubs that centralise AML/CTF processes
- Automated AML/CTF incident logging to ensure nothing is missed
- Integrated KYC verification and instant ID scanning for fast, compliant customer checks
- Real-time digital incident registers for full operational visibility
If you’d like to see how our products can support your venue in meeting its compliance obligations, get in touch.
Frequently Asked Questions : AUSTRAC AML/CTF 2026 Reforms
Do the AUSTRAC AML/CTF 2026 reforms apply to my venue?
If your venue operates gaming machines and is enrolled with AUSTRAC as a reporting entity, then these changes apply to you. If you’re unsure whether you’re enrolled, check with AUSTRAC directly.
What is the new AUSTRAC payout threshold for gaming?
The threshold for Customer Due Diligence is reduced to $5,000, applying to single or linked transactions.
What is the penalty for not having a consolidated program by March 31?
Penalties can include financial fines, regulatory action, and increased oversight, depending on the severity of non-compliance. It’s worth noting that AUSTRAC has pursued enforcement action against gaming venues of all sizes, not just large casino operators. Clubs and pubs are within scope.
You can review AUSTRAC’s published enforcement actions for examples of the kinds of cases that have been taken.
Do small venues need to worry about proliferation financing?
Yes. While risk may be low, it must still be explicitly included and documented in your AML/CTF program.
Do I need a dedicated compliance officer?
Yes. The reforms require a fit and proper AML/CTF Compliance Officer with clear responsibility and authority. You should ensure a Compliance Officer is appointed ahead of 31 March 2026, while existing reporting entities have until 30 May 2026 to formally notify AUSTRAC.
.png){kind=logo}
