top of page
fnlogo.png

AUSTRAC Forces bet365 to Overhaul AML Controls as Gambling Enforcement Tightens in Australia

  • 7 hours ago
  • 5 min read

Australia’s financial crime regulator has escalated its scrutiny of the online wagering sector again, requiring bet365 to overhaul its anti-money laundering and counter-terrorism financing controls under a legally binding enforceable undertaking.



The action, announced by AUSTRAC on 6 July 2026, follows an investigation into Hillside (Australia New Media) Pty Ltd, trading as bet365, after the regulator identified serious weaknesses in the company’s approach to money laundering risk management and suspicious activity reporting. Rather than immediately launching Federal Court proceedings against bet365, AUSTRAC has accepted a binding remediation package requiring the bookmaker to strengthen its AML/CTF systems, risk assessment methodology and suspicious transaction detection processes.


The case is important because it shows how AUSTRAC is moving through the online betting sector operator by operator, using a mix of audits, enforceable undertakings and court action to force structural changes in compliance systems. It also confirms that wagering firms are no longer being treated as peripheral AML risks. They are now central to Australia’s financial crime enforcement agenda.


From Investigation to Binding Remediation

AUSTRAC first announced its investigation into bet365 in March 2024. At that stage, the regulator said the inquiry would examine whether the bookmaker had complied with obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.


The investigation followed an earlier supervisory campaign across the corporate bookmaker sector and AUSTRAC’s consideration of an external audit report on bet365’s operations.


That sequence matters. The bet365 action was not a sudden enforcement surprise. It came after sector-wide monitoring, an external audit process and a formal investigation. For compliance teams, this is the key lesson: once a regulator has ordered an audit or supervisory review, the matter is already far beyond routine engagement. If the audit identifies systemic weaknesses, the entity may quickly move into enforceable undertaking or litigation territory.


The enforceable undertaking now requires bet365 to adopt a more robust and ongoing approach to AML/CTF risk assessment. AUSTRAC specifically referred to the need for clear methodology and processes, as well as improved systems for detecting and reporting suspicious transactions as risks evolve.


This is not just about updating a policy document. It is about whether the operator can demonstrate that its risk model, monitoring rules, escalation procedures, customer due diligence controls and suspicious matter reporting framework operate effectively in practice.


Why Online Betting Is an AML Priority

AUSTRAC’s language around gambling risk has become increasingly direct. In the bet365 announcement, AUSTRAC CEO Brendan Thomas stated that gambling businesses pose an inherent money laundering risk and that the regulator is focusing on the risks posed to the Australian economy through the sector.


Online wagering presents specific vulnerabilities. Customers can deposit funds, move value through accounts, withdraw after limited or no genuine gambling activity, use third-party payment channels, or attempt to disguise the source and destination of funds. AUSTRAC’s own online wagering guidance gives examples of customers depositing funds and requesting withdrawals after minimal or no wagering turnover, a scenario that can indicate potential misuse of betting accounts as a value-transfer mechanism.


The risk is not only classic money laundering. Online betting platforms also face identity fraud, payment fraud, mule account risks, use of third-party accounts, and possible attempts to layer funds through gambling transactions. These risks are amplified by the speed and remote nature of online gambling, where large volumes of transactions can occur without face-to-face interaction.


A Sector-Wide Crackdown, Not an Isolated Case

The bet365 undertaking sits within a broader enforcement pattern. AUSTRAC has already taken action against Sportsbet, and in July 2026 said it had finalised Sportsbet’s enforceable undertaking after the company completed required remediation across key AML/CTF areas.


Those issues included risk assessment, customer monitoring and suspicious matter reporting.


AUSTRAC also noted in the bet365 announcement that it is currently pursuing Federal Court action against Entain Group. Entain operates Ladbrokes and Neds in Australia, making the matter another major test of AML standards in online wagering.


The enforcement direction is therefore clear. AUSTRAC is not focused only on casinos or traditional cash-heavy gaming venues. Corporate bookmakers and digital betting platforms are now receiving the same kind of supervisory pressure that previously reshaped Australia’s casino compliance environment.


For the industry, the message is uncomfortable but simple: online does not mean lower-risk. In some respects, online gambling may create greater monitoring challenges because customer behaviour, payment flows and account activity need to be understood through data, rules and alerts rather than physical interaction.


The Penalty Risk Remains Significant

Although the bet365 outcome is an enforceable undertaking rather than an immediate civil penalty proceeding, the penalty backdrop remains serious. AUSTRAC can apply to the Federal Court for civil penalty orders where AML/CTF obligations are breached. For a body corporate, civil penalties can reach up to 100,000 penalty units.


That explains why enforceable undertakings should not be seen as light-touch outcomes. They are legally binding and usually require extensive remediation, independent assurance, governance uplift, ongoing reporting and regulator monitoring. If an entity fails to comply, the regulatory consequences can become more severe.


The commercial cost can also be significant. A bookmaker subject to this kind of undertaking may need to invest in new transaction monitoring systems, improve customer risk scoring, review historical alerts, strengthen suspicious matter reporting procedures, upgrade board reporting and appoint external reviewers. These costs can be substantial even where no fine is imposed.



What Compliance Teams Should Take From the bet365 Case

The first lesson is that risk assessments must be dynamic. AUSTRAC’s criticism focused on how bet365 manages risk as threats evolve. A static risk assessment completed once a year will not be enough if the customer base, product design, payment methods or typologies are changing faster than the control framework.


The second lesson is that suspicious matter reporting remains a core enforcement trigger.


Regulators often tolerate minor procedural weaknesses more than they tolerate failures to identify and report suspicious conduct. In gambling, where account activity can move quickly, delayed or missed suspicious matter reporting can suggest deeper weaknesses in monitoring design.


The third lesson is that governance must be able to prove control effectiveness. It is not enough for a board or senior management team to receive generic compliance updates.


They need meaningful MI on high-risk customers, alert backlogs, closure decisions, enhanced due diligence outcomes, suspicious matter reporting, independent assurance findings and remediation progress.


Finally, the case shows that regulators increasingly compare firms within the same sector.


Once AUSTRAC has reviewed Sportsbet, bet365 and Entain, the benchmark for the rest of the market becomes clearer. Operators that lag behind that benchmark may find it difficult to argue that they did not understand the regulator’s expectations.


The Bigger Picture

The bet365 undertaking is not just an Australian gambling story. It is part of a wider global shift in which gambling operators are being treated as financial crime gatekeepers. The sector handles customer funds, processes payments, provides rapid digital account activity and can be exposed to customers seeking to obscure the origin or movement of money.


For online betting companies, the compliance question is no longer whether they have AML policies. It is whether their systems can detect suspicious behaviour in real time, whether their risk assessments reflect the actual business model, and whether senior management can prove that financial crime controls are embedded into operations.


AUSTRAC’s action against bet365 confirms that the regulator is prepared to use binding legal tools where online bookmakers fall short. For the rest of the sector, the warning is direct: remediation should begin before the audit, not after the undertaking.

By fLEXI tEAM


Comments


bottom of page