AUSTRAC has filed its first-ever civil penalty proceedings against a registered licensed club.
Not a casino. Not a bank. A community club in Sydney’s west with 1,400 poker machines and $4.17 billion in customer deposits over four years.
Mount Pritchard District and Community Club — better known as Mounties — is one of the largest and most profitable club groups in NSW. Ten venues. Eight with gaming machines. $459 million in EGM revenue between 2019 and 2023. Its flagship venue in Mount Pritchard ranks first in the state for net profit per machine.
AUSTRAC alleges serious and systemic non-compliance with Australia’s AML/CTF laws. The case is now before the Federal Court.
What makes this case worth paying attention to is not just the scale of the alleged failures. It is how those failures happened — and what they tell us about a problem that is about to get much bigger.
What AUSTRAC found
AUSTRAC’s allegations paint a picture of a business that was processing billions of dollars in cash through its venues without the controls to understand what was moving through them.
The AML/CTF program was described by AUSTRAC as “general and lacking in detail.” It did not explain how Mounties could identify or assess the money laundering risks relevant to its business. It did not describe the measures to be deployed to manage those risks. The risk assessment tables listed risks and responses without explaining how they were identified, rated, or meant to be acted on in practice.
Staff training did not cover the specific ML/TF risks relevant to the venues, the procedures employees were expected to follow, or the consequences of non-compliance. Board members and executives often failed to complete AML/CTF training themselves — weakening leadership accountability from the top.
Transaction monitoring existed on paper but lacked the risk-based systems and controls to work in practice. AUSTRAC alleges that Mounties failed to appropriately monitor a number of specific customers despite the money laundering risks they presented.
And what did those risks actually look like? MinterEllison’s analysis of the case identified specific typologies observed at Mounties venues: customers inserting large amounts of cash into poker machines with little or no gameplay before cashing out — known as bill stuffing. Large cash inserts into multi-terminal gaming machines with minimal play. Customers buying winning vouchers from other patrons and redeeming them. Third parties claiming winnings or betting on behalf of others. Customers using multiple cashiers or terminals to avoid being observed by staff.
These are not exotic or hard-to-spot behaviours. As AUSTRAC CEO Brendan Thomas has described them, they are “visible, repeatable and highly indicative of money laundering risk.” They happened in a venue processing hundreds of millions of dollars a year. And they were not being caught.
For context, the NSW Crime Commission’s Operation Islington report in 2022 determined that billions of the approximately $95 billion gambled in NSW poker machines that year was likely to be dirty money. Mounties sits at the centre of that landscape — the most profitable club in the most profitable local government area for club pokies in the state.
The independent reviews of Mounties’ program were supposed to catch these gaps. Five reviews were conducted between 2019 and 2023. AUSTRAC says they were “desktop in nature” — limited interviews, limited document review, no engagement with senior management, no examination of how designated services were actually delivered on the ground. They did not test or verify whether the program was working. They did not satisfy the requirements of Rule 8.6.5 of the AML/CTF Rules.
In other words, the safety net had holes, and the process that was supposed to find the holes never actually looked.
The outsourcing trap
This is where the Mounties case stops being a gambling story and starts being a story that every reporting entity needs to hear.
Mounties outsourced the development of its AML/CTF program and key compliance functions to a third-party provider called Betsafe Pty Ltd. Betsafe was responsible for creating and maintaining the program, conducting risk assessments, advising on suspicious matters, designing risk awareness training, and carrying out independent reviews.
Betsafe started life in the 1990s as a consultant-devised problem gambling program used by pubs and clubs. It evolved over time into a provider of AML/CTF compliance services — and it provides those services to a number of other pubs and clubs across the sector. That means the same approach AUSTRAC found inadequate at Mounties may be in use at other venues right now.
The problem was not that Mounties outsourced. Outsourcing compliance functions is common and, when done properly, can be efficient and effective. The problem was that Mounties appears to have treated the outsourcing arrangement as the end of its responsibility rather than the beginning.
AUSTRAC CEO Thomas was direct about this:
“Mounties outsources aspects of its AML/CTF program but what it can’t outsource is its AML/CTF obligations.”
“Relying on third party providers doesn’t absolve a business of its obligations under the AML/CTF Act. If a reporting entity outsources key parts of its program to a service that is not fit for purpose — especially without proper oversight or resourcing — they run a real risk of non-compliance.”
And then the line that should be read carefully by every business about to enter the AML/CTF regime:
“All reporting entities, regardless of size, must stay actively involved in how their AML/CTF program is designed, implemented and monitored and I would say the same thing to other pubs and clubs who think bringing in a provider is a set and forget solution.”
That last quote is not just about pubs and clubs.
MinterEllison’s analysis of the case put it plainly: “Passive reliance on third parties will not be sufficient and tailored, actively managed AML/CTF risk frameworks are now essential.”
The Mounties case crystallises a failure mode that compliance professionals see everywhere: an entity purchases a compliance product, puts it on a shelf, assumes the obligation is met, and never checks whether the product actually works for their specific business. The program looks like a program. The reviews look like reviews. But nothing underneath is actually functioning. When AUSTRAC comes looking — and it does come looking — the gap between what the program says and what the business does is where the penalty lives.
What this means for Tranche 2
From 1 July 2026, AML/CTF obligations extend to an estimated 80,000 to 100,000 new reporting entities — lawyers, accountants, real estate agents, conveyancers, and dealers in precious metals. Most of these businesses have no compliance history, no existing AML/CTF technology, and no trained staff.
They will face exactly the same temptation Mounties faced.
When an obligation is new, unfamiliar, and complex, the instinct is to find someone else to handle it. A vendor appears, offers a package — risk assessment template, policies, training materials, maybe even independent reviews — and the business signs up. The relief is immediate. The box is ticked. The obligation feels managed.
The Mounties case shows what happens when that is where the effort stops.
A law firm that buys a compliance template from a provider but never tailors it to its actual client base and service profile has a program that does not reflect its risks. An accounting practice that outsources transaction monitoring but never reviews the output has oversight that exists in theory but not in practice. A real estate agent that completes a generic training module but cannot explain what a suspicious matter looks like in a property transaction has trained in form but not in substance.
AUSTRAC has been clear that it does not expect perfection on day one for Tranche 2 entities. Thomas has acknowledged that “AML is a practice” and that the regulator will support and educate newly regulated businesses. AUSTRAC has released starter program kits specifically designed for small, low-complexity businesses in these sectors.
But the tolerance has limits. Thomas has also warned: “If a business is wilfully ignoring the obligation to enrol, or we suspect a business is complicit with or wilfully blind to money laundering, they will be the focus of our enforcement efforts.”
And at last week’s Regulating the Game conference, he was even more direct: “If you think your business is too small to take responsibility for regulatory compliance, you’re also mistaken.”
The starter kits are a starting point, not a finished product. A template needs to be tailored. Training needs to be specific. Monitoring needs to be active. Reviews need to actually test whether the program works. And the business — not the vendor — owns the outcome.
Mounties generated $459 million in revenue over four years and still ended up with a program AUSTRAC described as “general and lacking in detail.” A small law firm or accounting practice with a fraction of that revenue and none of that compliance experience is not going to get a pass for doing less.
What this means for you
The Mounties case is the clearest example yet of a principle that applies well beyond gambling: compliance is not a product you buy. It is a practice you maintain.
If you are in a sector already regulated by AUSTRAC, the case is a reminder to look at your own third-party arrangements. Is your provider delivering a program tailored to your specific risks, or a generic template with your name on it? Are your independent reviews actually testing your controls, or are they desktop exercises that confirm what you already assumed? Do your board and senior management understand what the program says — and could they explain it to a regulator?
If you are about to enter the regime for the first time, the Mounties case is the warning you should read before you sign a vendor contract. Use the starter kits. Engage a provider if you need to. But understand that when AUSTRAC comes looking, they will not ask who built your program. They will ask whether it works. And if it does not, the obligation — and the consequence — sits with you.
You can outsource the work. You cannot outsource the obligation.
Viktor Ha is a Senior Financial Crime Analyst based in Melbourne. He writes about AML enforcement, Australian regulatory developments, and financial crime career strategy at amlcams.info. Connect with him on LinkedIn.