AML/CTF compliance in hospitality is entering a new phase.
For pub and club operators, AML obligations aren’t new. Gaming venues have long been subject to AUSTRAC requirements — monitoring activity, reporting suspicious matters, and maintaining records.
But the 2026 reforms change how compliance is judged.
It’s no longer just about having the right policies. It’s about whether compliance holds up in real operating conditions — across venues, teams, and shifts.
The shift: from compliance to culture
AUSTRAC is placing increasing emphasis on what it calls a “strong AML/CTF culture.”
This isn’t a formal legal requirement, but it is how regulators assess whether your business is genuinely managing risk.
In practice, compliance needs to show up in how your business operates day to day — in decisions, behaviours, and accountability.
A strong AML/CTF culture is reflected in four things:
- risk is actively understood and managed
- compliance is embedded into everyday decisions
- teams are trained and supported
- accountability is clear at every level
Regulators are no longer looking at policies alone. They want evidence that compliance is applied consistently — not just documented centrally.
What strong AML/CTF culture looks like in practice
Strong operators don’t rely on static systems. They actively manage risk and ensure it influences real decisions.
They update their understanding of ML/TF risks over time, assess high-risk situations independently of commercial pressure, and train teams regularly across all levels. Just as importantly, they integrate AML risk into operational decision-making and maintain clear accountability from senior leadership.
Supporting this is a structure that works — engaged leadership, a credible compliance function, and clear escalation pathways that staff feel confident using.
The difference is consistency. Not just intent.
What weak AML compliance looks like
Most compliance failures don’t come from missing policies. They come from inconsistent execution — especially under pressure.
Common warning signs include:
- disengaged leadership
- a box-ticking approach to compliance
- generic or inconsistent training
- concerns raised but not acted on
- risk ignored in day-to-day decisions
These issues tend to surface during busy service periods, across different shifts or venues, or when onboarding is informal and accountability is unclear.
This is where compliance breaks down — in real-world conditions.
What’s changing in 2026
The reforms reinforce a move towards active, risk-based compliance.
Key changes include:
- stronger risk-based requirements
- enhanced customer due diligence
- increased accountability for senior management
- expanded regulatory scope (Tranche 2)
- stricter reporting and record-keeping expectations
The direction is clear: compliance needs to work in practice, not just on paper.
What’s at stake
AML/CTF breaches don’t just result in fines.
Regulators can impose civil penalties, infringement notices, enforceable undertakings, and formal directions that require operational change. For serious breaches, penalties can reach tens of millions of dollars — and enforcement action is often made public.
That means the impact extends beyond cost to reputation and ongoing scrutiny.
What this means for hospitality operators
For venues, particularly those with gaming operations, three challenges stand out.
1. You need to prove compliance — not just document it
Policies and certificates aren’t enough.
You need to demonstrate that:
- teams understand their responsibilities
- risks are managed in real time
- training is applied consistently
This is where many businesses fall down — the gap between head office expectations and what happens on the floor.
2. Leadership accountability is increasing
Responsibility now sits clearly with owners, operators, and senior management.
They are expected to oversee systems across venues, ensure training is effective, and respond to risks proactively. Accountability is no longer theoretical — it’s measured by how well compliance performs in day-to-day operations.
3. Training becomes central to compliance
Training is no longer a supporting activity. It becomes a core mechanism for maintaining awareness, consistency, and operational control.
Where training is inconsistent, compliance becomes inconsistent — increasing both regulatory and commercial risk.
What AUSTRAC expects from AML training
AUSTRAC is clear that training must begin at onboarding and continue throughout employment. It must also evolve as risks and regulations change.
Training must be role-specific
Generic training doesn’t hold up in operational environments.
Frontline staff need to recognise suspicious behaviour and act appropriately. Supervisors must manage escalation and oversight. Compliance roles require deeper technical understanding.
Without this level of alignment, training quickly becomes ineffective.
Training must be kept current and demonstrable
Training isn’t static. It needs to evolve alongside your risk profile and regulatory environment.
In practice, this means updating training in response to:
- changes to AML/CTF laws
- emerging risks
- internal policy updates
- audit findings or identified gaps
Updates need to reach teams quickly — not months later — to avoid gaps between policy and practice.
Just as importantly, you need to show that training is happening and being applied. At a minimum, this means:
- maintaining a training register
- tracking completion and timing
- recording what was delivered
- having visibility of understanding and application
Training also needs to be reinforced over time through assessments, incident reviews, staff feedback, and internal audits.
Outsourcing delivery doesn’t remove responsibility — regulators will still hold your business accountable.
Why traditional training approaches fall short
Many venues still rely on one-off sessions, informal knowledge transfer, or static materials.
These approaches struggle to scale, stay current, provide audit-ready evidence, or ensure consistent understanding across teams. Over time, this leads to uneven standards — one of the biggest drivers of compliance risk.
Why structured, online training is becoming essential
To meet evolving expectations, training needs to support both compliance and operational consistency.
Effective approaches allow you to:
- scale training across teams and locations
- deliver role-specific content
- stay up to date with changing regulation
- maintain a clear audit trail
- reinforce behaviour over time
In this context, online training becomes a system for maintaining control — not just a delivery method.
AML risk in pubs and clubs: what teams need to spot
Gaming venues are actively targeted for money laundering.
Common indicators include:
- unusually large or frequent cash activity
- behaviour that doesn’t match typical patterns
- unclear or shared funding sources
- attempts to structure transactions
Teams need to recognise these behaviours in real time, monitor activity during service, and escalate concerns clearly.
Risk often emerges during busy periods — when consistency matters most.
The real question operators need to answer
AML/CTF compliance is becoming more visible, more accountable, and more dependent on behaviour and systems.
The 2026 reforms accelerate this shift.
The question is no longer:
“Do we have training?”
It’s:
“Can we prove our teams apply it — consistently, in real conditions?”
Final thought
A strong AML/CTF culture isn’t built through policies alone.
It comes from leadership, systems that support real operations, and training that reflects how teams actually work. When these aren’t aligned, compliance breaks down — increasing risk, cost, and exposure.
How Allara Global supports AML compliance
Allara Global helps hospitality businesses embed compliance into everyday practice — with structured, scalable training designed to stand up to real-world conditions and regulatory scrutiny.
Note
This article provides general guidance on AML/CTF obligations in hospitality and reflects current regulatory direction. It is not legal advice. Requirements may vary depending on your specific circumstances, and you should seek professional advice where needed.