Legislative Assembly for the ACT: 2018 Week 03 Hansard (Thursday, 22 March 2018) . . Page.. 1035 ..
Mr Ramsay: The answer to the member’s question is as follows:
(1) Clubs are required to verify identity and membership to meet their obligations under gaming and alcohol regulatory frameworks in the ACT. Only members, temporary members, and signed-in guests may play gaming machines or purchase alcohol at clubs.
Clubs must comply with any applicable requirements of the Australian Privacy Principles (APPs) under the Privacy Act 1988 (the Privacy Act) when collecting, using, disclosing and storing personal information.
The Privacy Act applies only to entities with a gross turnover of more than $3 million per annum.
However, smaller clubs with gaming machines that are otherwise exempt from the Privacy Act have obligations under the APPs because they are handling personal information as reporting entities under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and its Regulations and Rules (AML/CTF obligations).
Under the AML/CTF obligations, clubs with 16 or more electronic gaming machines are required to:
• enrol with AUSTRAC
• adopt and maintain an AML/CTF program
• report suspicious matters to AUSTRAC
• keep transaction records.
Clubs with 15 or fewer electronic gaming machines are exempt from the requirement to have an AML/CTF program, however, they are still required to enrol with AUSTRAC, report suspicious matters and keep transaction records.
Clubs must collect and verify the identity of customers:
• who are paid out prize winnings of $10,000 or more; or
• about whom the club’s enhanced customer due diligence program requires the club to obtain and verify customer information (such as where a customer is high risk or the club has formed a suspicion about certain behaviour or activities).
For AUSTRAC guidance material for pubs and clubs, see http://www.austrac.gov.au/pubs-and-clubs%C2%A0-gaming-machines. This guidance material specifically includes scanning and saving government-issued identification documents as an example of compliance with AML/CTF ‘Know Your Customer’ requirements (pages 26 and 27, Preparing and implementing an anti-money laundering and counter-terrorism financing (AML/CTF) program: Pubs & clubs).
(2) Clubs must comply with any applicable laws about the retention of data but the applicable laws vary. Clubs with gaming machines must retain customer identification records for at least seven years to comply with AML/CTF obligations.