What Does a Good AML/CTF Program Actually Look Like for a Pub or Club?
If you've been following along, you already know that the 31 March 2026 deadline wasn't a finish line, it was a starting point. AUSTRAC is now focused less on whether your program exists and more on whether it actually reflects how your gaming floor operates.
That raises a very practical question most operators are quietly asking: what does a good one actually look like?
Here's the plain-English answer.
It's one document, not a filing cabinet
Under the old framework, venues maintained a "Part A" risk program and a "Part B" identification program as separate documents. That's gone.
Your AML/CTF Program is now a single, integrated document. It should cover your risk environment, your controls, your staff procedures, your governance, and how you'll keep it up to date, all in one place.
That doesn't mean it has to be long. It means it has to be coherent, real and usable.
It has to describe your venue, not ‘A’ venue
This is where a lot of programs fall short, and where AUSTRAC is paying close attention.
A template pulled from the internet or handed down from a peak body is a starting point, not a finished product. If your program reads like it could belong to any gaming venue in Australia, it probably won't hold up to scrutiny.
A tailored program reflects:
The specific machines and gaming product you operate
Your physical layout and how staff interact with patrons
Your customer mix - regulars, transient visitors, high-frequency players
Your location and the risk profile that comes with it
The controls you've actually put in place, not just the ones someone suggested
It names real people and real roles
Generic references to "the Compliance Officer" aren't enough. Your program should name the person responsible, confirm they've been notified to AUSTRAC (required by 30 May 2026), and be clear about who does what / when something needs to be escalated.
For small venues, this often means the owner or licensee is both the governing body and the compliance officer. That's ok, but the program needs to say so explicitly, and that person needs to understand what their obligations actually are.
It shows how decisions get made
A good program doesn't just list your controls, it explains the thinking behind them.
Why did you categorise a particular risk as low? What monitoring are you doing on high-frequency players? How did you decide that your regional location means your proliferation financing risk is lower than a CBD venue?
These aren't trick questions. AUSTRAC uses a risk-based approach, which means they accept that different venues will reach different conclusions. What they expect is that you can show your reasoning documented, considered, and specific to your unique circumstances.
It's dated, reviewed and alive
A program written in February 2026 and never touched again is already a problem.
Your AML/CTF Program should show evidence that it's been reviewed, when and by whom, and what changed as a result. If something has happened at your venue (a staff change, a new machine configuration, an unusual transaction), that's worth noting. It's not about perfection. It's about demonstrating that the program is part of how you actually run the business, not something that lives in a drawer and is dusted off once a year.
What a weak program looks like (and why it's a risk)
To put it plainly, AUSTRAC has been clear about what they're finding in the field:
Programs that are identical across multiple venues in a group, with no differences despite very different risk profiles
Risk assessments that list every possible risk category but assign the same "low" rating across the board with no explanation
Documents that reference staff roles, training and escalation procedures that don't match what staff actually do day to day
Owners and boards who haven't yet had a chance to properly engage with what the program says, or what it requires of them personally
Any of these is a flag. Not necessarily an immediate enforcement action, but enough to prompt a closer look.
The bottom line
A good AML/CTF Program for a pub or club isn't a legal document written for lawyers. It's a practical, readable record of how your venue identifies and manages money laundering risk, tailored to your operation, understood by your staff, and overseen by the people responsible for running the business.
Getting it right isn't about having the longest document. It's about having the most honest one.
At Admyn, we're developing hospitality-specific tools to help venues build and maintain AML/CTF programs that reflect how they actually operate — not how a generic template assumes they do. We'll share more as it comes together. Follow along, or reach out if you'd like to be part of the conversation.