If you are running gaming operations at a pub, club, or RSL, there is a good chance your payout process still looks like this: a staff member fills out a paper form, photocopies an ID, drops it in a folder, and moves on.

It worked before. But it will not protect you now.

AUSTRAC is actively tightening its expectations for venues that operate electronic gaming machines (EGMs). The new Anti-Money Laundering and Counter-Terrorism Financing Rules 2025 came into effect on 31 March 2026, shifting the benchmark from “do you have a program?” to “is your program actually effective?” For many venues, the honest answer to that second question is buried somewhere in a manila folder.

That is a problem. And Checkd by iDU was built to solve it.

Here is a clear look at why manual payout processes are leaving Australian gaming venues exposed, and what the shift to a structured digital workflow actually means in practice.

Table of Contents

  • The AUSTRAC Enforcement Reality
  • The Paper Payout Problem
  • Where Human Error Becomes Regulatory Risk
  • The Structuring Trap
  • What “Audit-Ready” Actually Means
  • Frequently Asked Questions

The AUSTRAC Enforcement Reality

This is not a theoretical risk. It is happening to venues right now.

In 2023, Crown Melbourne and Crown Perth were ordered by the Federal Court to pay $450 million in penalties for systemic failures in their AML/CTF programs. In 2024, SkyCity Adelaide was ordered to pay $67 million for similar non-compliance. And in the same year, AUSTRAC issued an infringement notice to Katoomba RSL in regional NSW simply for failing to lodge an annual compliance report.

The message from the regulator is consistent: size is not a defence. Whether you operate 15 EGMs in a regional pub or run a large urban club, the obligation to identify, verify, and record your high-value patrons exists regardless of your floor capacity.

AUSTRAC’s regulatory expectations for 2025–26 make this shift explicit. The regulator is now focused on outcomes over paperwork, which means a thick file of paper forms is no longer evidence of compliance, it is evidence of a process that cannot be reliably monitored, audited, or improved.

The Paper Payout Problem

The payout counter is one of the most compliance-critical touchpoints in any gaming venue. When a patron wins a large amount, the law requires your staff to collect and verify their identity before paying out. That requirement exists because gaming machines are a known vehicle for money laundering.

The method criminals use is straightforward: deposit dirty cash, gamble minimally, then cash out to receive a seemingly legitimate receipt of winnings. Without strong, consistent verification at the payout counter, your venue can be unknowingly used as part of that process.

Paper forms and manual ID photographs introduce three compounding problems:

No consistency. Each staff member handles the process slightly differently. One staffer collects a driver’s licence. Another collects a Medicare card. A third, under pressure during a busy Saturday night, skips a step and writes “verified” anyway.

No visibility. Management cannot see in real time what is happening at the payout counter. If a discrepancy exists, you will only discover it during an audit, which is already too late.

No searchability. When AUSTRAC requests records relating to a specific patron or transaction window, staff are physically searching through boxes of forms rather than running a query in a system.

For RSL clubs and licensed venues that handle significant weekly payout volumes, this compounds quickly. What starts as a manageable filing system becomes an audit liability at scale.

Where Human Error Becomes Regulatory Risk

AUSTRAC’s guidance on pubs and clubs with gaming machines is clear: your front-line staff must be trained to recognise indicators of suspicious activity and follow a documented escalation process. The obligation is not just on your compliance officer, it sits at the payout counter, with staff who are also managing queues, answering questions, and handling cash.

Human error in this context is not negligence. It is inevitable at volume.

The risk is not just a missed form. It is a missed PEP flag. Politically Exposed Persons (PEPs), individuals who hold or have held prominent public positions, are subject to enhanced due diligence obligations. Their immediate family members and close associates carry the same classification.

In a manual process, identifying whether a patron is a PEP depends on a staff member recognising a name or recalling a flagged record. That is not a system. That is luck.

The Structuring Trap

One of the most common patterns AUSTRAC watches for in gaming venues is structuring: deliberately breaking up transactions to stay below the $10,000 threshold for a Threshold Transaction Report (TTR).

A patron who consistently redeems payouts at $9,500, or who collects multiple TITO tickets across a session to avoid triggering a single high-value payout, may be engaged in structuring. Structuring is a criminal offence, and if your staff are not recording payout patterns in a way that makes this visible, you may be facilitating it without knowing.

A paper-based system captures single transactions in isolation. It cannot surface patterns. It cannot alert management to a patron who has made six separate payouts across three different staff over a four-hour session.

A digital payout system does.

What “Audit-Ready” Actually Means

AUSTRAC does not ask for your paperwork when everything is going well. It asks for your records when something has gone wrong, or when a patron has attracted the attention of law enforcement.

“Audit-ready” does not mean having a filing cabinet. It means being able to produce, in minutes, a complete, time-stamped record of every payout made to a specific individual, including the verification steps taken, the outcome of any PEP screening, and the identity of the staff member who authorised the transaction.

That level of documentation is structurally impossible with paper. It is the baseline expectation with a digital system like Checkd.

The shift from paper to digital is not just an operational upgrade. In the current regulatory environment, for venues operating hospitality gaming across multiple locations, it is a compliance obligation dressed in practical clothing.

Frequently Asked Questions

When are venues required to collect ID for a gaming payout? 

AUSTRAC requires reporting entities, including pubs and clubs with EGMs, to apply KYC (Know Your Customer) procedures for certain transactions, including cash transactions of $10,000 or more. Your AML/CTF program should also document the circumstances under which additional identification is required below that threshold, based on your venue’s risk assessment.

What is a Politically Exposed Person (PEP) and why does it matter for my venue?

A PEP is an individual who holds or has held a prominent public position in a government body or international organisation. AUSTRAC requires enhanced due diligence for PEPs and their close associates when they are identified as high-risk customers. Venues that rely on manual processes have no reliable way to screen for this in real time at the payout counter.

Does AUSTRAC actually audit small venues? 

Yes. AUSTRAC has issued infringement notices to regional clubs and small venues for specific compliance failures such as missing annual compliance reports. The regulator is clear that venue size is not a factor in its expectations, obligations apply equally across the sector.

What should my payout records include to be considered compliant? 

Your records should include verified patron identity, the method of verification used, the date and time of the transaction, the amount paid, the staff member who approved the payout, and the outcome of any AML screening conducted. Records must be stored securely and be retrievable on request.