A working glossary of the Australian club compliance vocabulary that recurs across AML/CTF, NSW gaming & clubs, FRT and privacy. Each term is defined in plain English with a statute anchor; longer explainers live on the pillar pages linked in “See also”. Quote freely under CC-BY-4.0 (this is the seed release — we’re extending to the full 80–120 term target in a follow-up).
The individual a reporting entity designates as its AML/CTF Compliance Officer under s.26J of the AML/CTF Act 2006. Must be employed at management level, hold sufficient authority and independence, pass a fit-and-proper test, and (for venues with an Australian permanent establishment) be Australian-resident. Venues notify AUSTRAC of the designation within 14 days; failure is a civil-penalty provision.
The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Commonwealth). Primary statute governing reporting-entity obligations including the AML/CTF program (Part 1A), customer due diligence (Part 2), and reporting (Part 3). Amended materially by the AML/CTF Amendment Act 2024, operative 31 March 2026.
The two-component document required by s.26B of the AML/CTF Act 2006: an ML/TF risk assessment (ss.26C–26E) plus AML/CTF policies (s.26F). Must be documented (s.26N), approved by a senior manager (s.26P), and appropriate to the venue's nature, size, and complexity. The pre-2026 'Part A / Part B' split is retired.
The structured analysis of money-laundering, terrorism-financing and proliferation-financing risks a reporting entity faces. Required by ss.26C–26E of the AML/CTF Act 2006. Considers designated services provided, customer types, delivery channels, countries dealt with, and AUSTRAC-communicated risk information. Reviewed on material change and at least every three years.
The operational rules — required by s.26F of the AML/CTF Act 2006 — that translate a venue's risk assessment into compliance procedures. Cover CDD, transaction monitoring, SMR/TTR escalation, staff training, the AMLCO designation, and independent evaluation. Detail of mandatory content sits in Part 5 of the AML/CTF Rules 2025.
The set of procedures used to identify and verify customers, assess their ML/TF risk, and monitor the relationship over time. Required under Part 2 of the AML/CTF Act 2006 (initial CDD s.28, ongoing CDD s.30, simplified CDD s.31, enhanced CDD s.32). For gaming venues, CDD attaches to designated-service transactions per the policies, not every casual patron interaction.
The heightened verification applied where a customer's ML/TF risk is high or specific triggers apply under s.32 of the AML/CTF Act 2006 — foreign PEPs, FATF high-risk-jurisdiction customers, post-SMR continued service, or nested arrangements. AML/CTF Rules 2025 r.5-5 adds senior-manager approval requirements. Typically includes source-of-funds, source-of-wealth, and beneficial-ownership checks.
/cdd-customer-due-diligence-clubs, /pep-screening-australian-clubs
The reduced verification applied where the customer's ML/TF risk is low (AML/CTF Act 2006 s.31). The policies set out which low-risk scenarios qualify and what reduced steps are then taken. Still requires identification and a documented risk classification — simplified is not the same as exempt.
Continuous monitoring of an established customer relationship under s.30 of the AML/CTF Act 2006. Updates the customer record when transaction patterns change, when profile attributes change, when documents expire, or at policy-defined intervals appropriate to ML/TF risk. The layer that catches drift between the customer profile captured at onboarding and actual activity over time.
A report filed to AUSTRAC when a reporting entity forms a reasonable suspicion that a transaction or attempted transaction relates to money laundering, terrorism financing, tax evasion, or another serious offence. Lodgement deadline: 24 hours for terrorism financing, 3 business days for other matters (s.41 of the AML/CTF Act 2006). Disclosure of an SMR can be a tipping-off offence (s.123).
A report filed to AUSTRAC for any cash transaction of AUD 10,000 or more, regardless of suspicion — a fixed-dollar trigger, not a discretionary one. A single transaction can produce both a TTR (over threshold) and an SMR (suspicious pattern). Reporting is via AUSTRAC Online.
Breaking a transaction into multiple sub-threshold pieces to avoid the AUD 10,000 TTR trigger. An offence under s.142 of the AML/CTF Act 2006. Common gaming-venue pattern: multiple sub-$10,000 cash buy-ins by the same patron in a single session, sometimes across separate machines or staff members. A standard SMR-trigger indicator.
Disclosing information about a filed (or impending) Suspicious Matter Report where the disclosure would or could prejudice an investigation, contrary to s.123 of the AML/CTF Act 2006. Staff must not tell the subject patron, anyone outside the AML chain, or third parties. Statutory exceptions exist for AML/CTF-program-related disclosures to staff/senior management and to lawyers for advice.
An activity listed in Table 3 of s.6 of the AML/CTF Act 2006 that brings the provider into the reporting-entity regime. For gaming venues, relevant items include gaming-machine entry/play (items 5–6), chip cash-out and gaming-machine payout (items 8–10), and account holding for patrons (items 11–12). Some items have monetary thresholds; others apply at any amount.
AUSTRAC's web-based reporting portal where reporting entities submit SMRs, TTRs, IFTIs, and annual compliance reports. Access is keyed to the entity's registration and the designated AMLCO. Most gaming-venue AML/CTF reporting (s.41 SMRs, s.43 TTRs) flows through this portal rather than email or paper.
The natural persons who ultimately own or control a corporate or trust customer. CDD under the AML/CTF Act 2006 requires identifying beneficial owners when the customer is an entity rather than an individual. For gaming venues this is rare (most patrons are individuals) but applies to member-account arrangements involving trusts or company patrons.
Documentation of where the money used in a specific transaction came from — salary, sale of an asset, business income, gift, etc. Captured during enhanced CDD where the venue forms a heightened ML/TF risk view. SOF answers "where did this $50k come from?"; distinct from source of wealth, which answers the broader background question.
/cdd-customer-due-diligence-clubs, /pep-screening-australian-clubs
Documentation of how the customer accumulated their total wealth — typically a longer view than source of funds. Required during enhanced CDD for higher-risk patrons (foreign PEPs, FATF high-risk jurisdiction customers, large or unusual transaction patterns). SOW often involves business history, inheritance documentation, or investment records.
/cdd-customer-due-diligence-clubs, /pep-screening-australian-clubs
The post-31-March-2026 framework's term for a group of reporting entities that have chosen to apply the reporting-group rules (s.26F(5)–(6) and AML/CTF Rules 2025 Division 6 of Part 5). The lead entity's AML/CTF policies cover information-sharing among group members. Each member remains separately liable for its own designated services. The pre-reform "designated business group (DBG)" mechanism is retired.
The NSW statute governing approved gaming machines in hotels and registered clubs. Part 4 covers harm-minimisation obligations including the self-exclusion access duty (s.49), trading-hour shutdown (Reg 2019 cl.69), gambling incident registers, signage, and the Responsible Gambling Officer (RGO) duty.
Requires a hotelier or club authorised to keep approved gaming machines to (a) ensure patrons have access to a self-exclusion scheme and (b) publicise it. Breach: maximum 100 penalty units (s.49(3)). s.49(4) makes it lawful — not compelled — to prevent or remove a self-excluded participant; s.49(5) provides good-faith immunity. Scheme minimum requirements live in Gaming Machines Regulation 2019 cl.45.
The clause setting out the minimum requirements of a NSW self-exclusion scheme — including written and signed participant undertakings specifying the period (cl.45(b)), the venue's ability to readily identify the participant (cl.45(e)), and the floor on non-withdrawal: at least 6 months from request (cl.45(f)).
A voluntary scheme under which a patron undertakes in writing to be excluded from the gaming area of one or more venues for a specified period (minimum 6 months in NSW). Venues must ensure access to a scheme and publicise it. Identification at entry is required to make enforcement workable — historically via photograph, increasingly via facial-recognition technology.
A self-exclusion arrangement covering more than one venue. The patron's undertaking applies across all participating venues without re-signing at each one. NSW venues may run their own scheme or use a provider; L&GNSW identifies ClubSAFE (operated by ClubsNSW) as one example provider. Same 6-month minimum non-withdrawal applies.
The NSW-mandated role responsible for harm-minimisation activity on the gaming floor — welfare checks, intervention conversations, self-exclusion administration, and incident-register entries. Required at hotels and clubs with EGMs at thresholds set in the Gaming Machines Regulation 2019. The RGO's documented observations frequently underpin AML/CTF suspicion-formation and SMR drafting.
Two parallel record-keeping obligations. The gambling incident register (NSW Gaming Machines Regulation 2019) captures gaming-area welfare incidents, RGO interventions and harm-minimisation actions. The liquor incident register (Liquor Act 2007 s.72L) captures violence, anti-social behaviour and refusals on late-trade licences. Both must be produced on inspector request and retained for at least three years.
The NSW competency required of every staff member involved in the sale, service or supply of liquor on a licensed premises. Issued as a NSW Photo Card with periodic renewal. Inspectors verify staff RSA currency against the central Service NSW database. Expired RSA on rostered staff is a routine inspection finding.
The NSW competency required of staff in gaming-area roles — issued as a NSW Photo Card alongside RSA. Floor staff working both bar and gaming typically hold both. RCG underpins the RGO's harm-minimisation function; without current RCG, the staff member cannot lawfully work the gaming floor.
The 75-Part, 363-question self-audit checklist published by L&GNSW (Liquor & Gaming NSW) that registered clubs are expected to self-audit against. Inspectors typically walk through CL1002 (or the parts relevant to the inspection scope) during a club licence inspection and ask the manager to demonstrate the answer to each question with a record.
An inspector of Liquor & Gaming NSW (L&GNSW). Holds statutory powers under the Liquor Act 2007 and the Gaming Machines Act 2001 — can enter licensed premises during operating hours, examine records, interview staff, and require document production. NSW Police can attend jointly. Inspections are risk-weighted, complaint-triggered, or part of broader audit programmes.
The NSW EGM authorisation unit — each entitlement permits one approved gaming machine on a hotel or club's gaming-machine threshold. GMEs are tradeable (subject to L&GNSW approval) and are the underlying instrument that determines a venue's permitted EGM count under the Gaming Machines Act 2001 (NSW).
The NSW Schedule 1 (Gaming Machines Act 2001) classification setting a venue's maximum EGM count and the regulatory obligations that scale with it. Most NSW clubs and hotels sit in one of several GMT bands; higher GMT venues face additional harm-minimisation obligations (RGOs, plans of management, signage density).
The NSW Gaming Machines Regulation 2019 requirement that EGMs be turned off for a continuous six-hour period each day. The shutdown window is venue-elected (most clubs use 4 am–10 am) but must be consistent and publicised. Operating EGMs during the shutdown — even one machine — is a direct licensing breach.
The venue's published harm-minimisation policy. Required under the NSW Gaming Machines Regulation 2019. Typically a customer-facing document setting out the RGO's role, the welfare-check approach, the self-exclusion access, the signage in use, and how staff escalate problem-gambling concerns. Inspectors look for evidence the statement reflects what actually happens on the floor.
Standard categories an entry in the gambling incident register typically falls into: welfare check (RGO observed distress / time-of-play), intoxication (refused service or removed from EGMs), self-exclusion (refused entry or breach of undertaking), minors (suspected or confirmed underage on gaming floor), and RGO intervention (welfare conversation, signposting to support services).
L&GNSW's formal pre-decision notice giving a venue an opportunity to explain why a finding shouldn't lead to disciplinary action (fine, licence condition, suspension). Triggered when inspection findings or a complaint rise to a level the inspector escalates upward. The venue's written response is the last opportunity to influence outcome before formal action.
An on-the-spot infringement notice issued by an L&GNSW inspector or police officer for a specified breach (e.g. minor in a restricted area, intoxication-service contravention, late incident-register entry). PIN amounts are fixed per offence under the Liquor Act and Gaming Machines Act regulations. Paying the PIN closes the matter without further proceedings.
The peak industry body representing NSW registered clubs. Provides member services including compliance guidance, training programmes, the ClubSAFE self-exclusion scheme, and policy advocacy with state and federal regulators. Most NSW clubs are ClubsNSW members; non-members still operate under the same statutory framework.
The independent statutory body that makes licensing decisions in NSW under the Gaming Machines Act and Liquor Act. L&GNSW conducts inspections and recommends action; ILGA makes the formal decisions on licence grants, conditions, suspensions, and disciplinary findings. The two bodies operate as a paired regulator-and-decision-maker.
/lgnsw-club-inspection-guide, /club-director-responsibilities
An area of a licensed premises where minors are prohibited under the Liquor Act 2007 (NSW). Typically includes the gaming-machine area, dedicated bars, and sometimes function rooms during specific events. Signage at every entry point is required. Failure to keep a minor out of a restricted area is a strict-liability offence with both venue and licensee penalties.
Computer-vision systems that detect and match faces against a registered list. In NSW gaming, FRT is increasingly used to support self-exclusion participant identification at the gaming-area entry — one mechanism for satisfying the GMR cl.45(e) 'readily identify the participant' requirement. Not a regulatory requirement; one option alongside human staff identification, ID-card scanning and door-staff visual recognition.
A voluntary code approved under s.48 of the Gaming Machines Act 2001 (NSW) covering FRT deployments in gaming venues. Addresses privacy impact assessments, Australia-only data storage, signage at entry points, deletion-on-expiry of biometric data, and venue access controls. Vendor-agnostic; venues choose their own provider.
An individual in a prominent public function — and their close family and close associates. The AML/CTF Rules 2025 recognise three categories: foreign PEP (mandatory ECDD + senior-manager approval); domestic PEP (Australian equivalent); international-organisation PEP. Domestic and international-org PEPs trigger ECDD where the customer's ML/TF risk is high. A PEP match does not automatically fail a customer; response depends on category and risk score.
The automated-decision-making reform to the Privacy Act 1988 (Cth). Requires APP entities to update their privacy policies to explain certain uses of personal information in substantially-automated decisions with a legal or similarly significant effect. The APP 1 transparency obligation commences 10 December 2026. Broader contestability and human-oversight directions remain under reform.
Schedule 1, Part 1 of the Privacy Act 1988 (Cth) — open and transparent management of personal information. Requires APP entities to have a clearly expressed and up-to-date privacy policy. The ADM reform adds specific transparency content to APP 1 from 10 December 2026.
A sensitive-category personal-information class under the Privacy Act 1988 (Cth) covering facial geometry, fingerprints, voiceprints, and similar physiological identifiers. Collection requires consent (with limited exemptions) and triggers heightened APP obligations. NSW's voluntary FRT Code of Practice adds Australia-only storage, deletion-on-expiry, and signage expectations for gaming-venue FRT deployments.
A structured pre-deployment analysis of a system's privacy risks — what personal information is collected, how it's used, who can access it, how long it's retained, what controls prevent misuse. Recommended (effectively expected) under the NSW voluntary FRT Code of Practice before installing facial-recognition for self-exclusion enforcement. Acts as the venue's documented privacy-by-design artefact.
In the FRT context, the registered list of subjects the system is configured to detect — typically self-excluded participants (and sometimes barred patrons or persons of interest flagged via police liaison). Watchlists carry the highest privacy sensitivity in the FRT deployment because they store biometric templates of named individuals; access controls and retention are tightly governed.
The FRT performance metric measuring how often the system incorrectly flags a non-watchlist person as a match. High FMR creates false-positive harm (wrongful refusal of entry, embarrassment, escalation to confrontation). Vendor selection should require published FMR figures and the threshold setting that produces them; in-venue tuning of the match threshold trades FMR against FNMR.
The FRT performance metric measuring how often the system fails to detect a person who IS on the watchlist. High FNMR means self-excluded patrons walk past the door unnoticed — defeating the self-exclusion scheme's purpose. The paired counterpart to FMR; tuning the match threshold trades the two. Vendor selection should require published FNMR figures.
The statutory minimum period a record must be kept. AML/CTF records: 7 years (most classes; see ss.107–116 for class-specific start clocks). NSW incident registers: minimum 3 years from entry. RSA/RCG documentation: typically aligned to staff employment + reasonable margin. CL1002 self-audit evidence: until the next inspection cycle at minimum. Different start clocks per class — the AMLCO maintains a consolidated schedule.
Chronological record of an action's lifecycle — who did what, when, on what record, with what supporting context. Audit-trail integrity is the foundation of evidence-grade compliance: an action without a trail can't be defended to a regulator at inspection. Venue Axis's product is built around this — floor activity captured by RGOs becomes reviewable evidence with timestamps and actor-IDs by default.
A single timestamped record in the gambling incident register or the liquor incident register. Must capture the time, the staff member, the nature of the incident, and the action taken. Entries are made in chronological order — back-dating or rewriting an entry after the fact is treated by inspectors as a more serious finding than messy contemporaneous notes.
A coordinated record-pack assembled for a specific inspection, board review, or regulator response — pulling together the obligation, the evidence trail (logs, register entries, CCTV references, RGO observations), the procedure followed, and the supporting source documents into one defensible artefact. Distinct from the underlying records themselves; the bundle is the curated narrative.
Periodic regulator submission required of NSW clubs and hotels with EGMs — typically gaming-machine activity, EGM count by type, gross gaming revenue (GGR), and operational metrics. Filed via the L&GNSW reporting portal. Late or missing returns are a routine inspection finding; sustained patterns can escalate to licensing review.
The yearly filing a registered club makes — typically including the financial report, board composition, member numbers, and a statement of compliance with the constitution and the Registered Clubs Act 1976 (NSW). Filed with ILGA. The annual return is one of the documents inspectors and auditors review when assessing the club's governance posture.
A notification a venue must make to a regulator within a specified period after a triggering event — e.g. AMLCO designation (s.26M, within 14 days to AUSTRAC), change of secretary-manager (RCA notifiable event to ILGA), serious gambling incident, certain criminal-charge events involving directors. Distinct from periodic returns; statutory notifications are event-driven and one-off.
An internal periodic summary document — typically AMLCO → governing body cadence at least every 12 months (AML/CTF Rules 2025 r.5-7(2)) — summarising the AML/CTF program's operation, alerts and dispositions, SMR / TTR volumes, training coverage, and any control gaps identified. The compliance report is the AMLCO's primary upstream-communication artefact and a routine evidence item at independent evaluation.
A director-facing compliance summary — the artefact through which the AMLCO and compliance officer surface material risk, breach indicators, and program-effectiveness signals to the club's governing body. Required cadence varies by topic (AML/CTF at least 12-monthly under r.5-7(2)); content typically includes alert volumes, outcomes, identified gaps, remediation status, and upcoming regulatory changes.
A formal capture — typically a board minute or a documented executive decision — that links a regulatory or risk-significant decision to its rationale, evidence, and approver. Distinct from operational logs (which capture what happened); decision records capture why a particular choice was made. Important at inspection and at independent evaluation as evidence of considered governance.
A board member of a NSW registered club, holding statutory duties under both the Corporations Act 2001 (Cth) (companies-limited-by-guarantee duties) and the Registered Clubs Act 1976 (NSW). Directors are responsible for the club's overall compliance posture — including the AML/CTF program approval under s.26P (post-reform), the responsible-gambling framework, and the club's adherence to its constitution.
The RCA-mandated dual role combining the club secretary (statutory governance function) with the club manager (operational executive function) in NSW registered clubs. Either one person holds both, or the club separately designates a secretary and a manager. Carries primary day-to-day liability for licensing breaches; subject to training requirements under the Registered Clubs Act.
/club-director-responsibilities, /lgnsw-club-inspection-guide
The eligibility standard applied to several roles: AMLCO (AML/CTF Act 2006 s.26J(3) + Rules 2025 r.5-14), club directors (Registered Clubs Act 1976 (NSW) eligibility provisions), and licensees. Considers criminal history, financial integrity, prior regulatory action, and conflicts of interest. Failing a fit-and-proper check disqualifies the person from holding the role.
/aml-compliance-officer-club, /club-director-responsibilities
The governing body of a registered club — elected directors who collectively exercise the duties under the Corporations Act and the Registered Clubs Act 1976 (NSW). The board approves the club's AML/CTF program (s.26P, post-reform), receives compliance reports at least every 12 months (AML/CTF Rules 2025 r.5-7(2)), and approves material regulatory and strategic decisions.
The Registered Clubs Act 1976 (NSW)-mandated annual member meeting. Must be held within a prescribed period after the club's financial year-end. Standard agenda includes the annual financial report, director elections, and any constitutional changes. AGM timing failures are a routine ILGA notifiable event; persistent failures are an inspection concern.
An undisclosed or unmanaged financial or personal interest a director or senior staff member has in a club matter — e.g. a director who is also a vendor, a family relationship with a contractor, a personal benefit from a board decision. The Registered Clubs Act requires a COI register; the board's COI procedure governs how a conflicted director must declare and recuse. Routine inspection check.
A transaction between the club and a person connected to a director or senior staff member — typically a vendor relationship, an employee with a family link, or a property transaction involving a director's interest. RCA requires disclosure and board approval; the club's constitution typically sets thresholds and procedures. A standing audit item for the auditors and a routine ILGA notifiable-event category.
The RCA-mandated foundational document of a registered club — sets out the club's objects, membership rules, governance structure, meeting procedures, election rules, and amendment process. Must be made available to members. Constitutional amendments follow the prescribed process (typically special-resolution member vote) and are notifiable to ILGA. Inspectors confirm the club operates within its constitution.
An event a registered club must notify ILGA of within a specified period — e.g. change of secretary-manager, change of board composition, certain criminal-charge events involving directors, amalgamation or dissolution proceedings. Failure to notify is itself a breach. Distinct from operational incident registers; notifiable events are governance-level state changes.
The RCA's "registered objects" requirement — a registered club's activities must remain within the objects set out in its constitution. Drift into commercial activities outside the registered objects (e.g. operating as a de-facto pub for non-members, off-club commercial ventures) is a licensing concern and can trigger ILGA review. The annual financial report typically demonstrates ongoing core-activity compliance.
The Australian Transaction Reports and Analysis Centre — Australia's anti-money-laundering and counter-terrorism-financing regulator and financial-intelligence unit. Receives SMRs and TTRs, supervises reporting-entity compliance, and publishes guidance under the AML/CTF Act 2006. Gaming venues with EGMs are within scope as reporting entities.
A person or organisation that provides a designated service under the AML/CTF Act 2006 and is therefore subject to its obligations — AML/CTF program, customer due diligence, transaction monitoring, SMR/TTR reporting, record-keeping. Australian gaming venues operating EGMs above the relevant thresholds are reporting entities.
The statutory threshold that triggers an SMR. Lower than 'belief' and higher than 'mere conjecture'. The test asks whether a reasonable person, considering the facts available to the venue, would suspect the transaction may relate to a relevant offence (s.41 of the AML/CTF Act 2006). Once formed, the lodgement clock starts.
A phrase recurring across NSW liquor and gaming compliance — intoxication, minors, self-exclusion. What courts and regulators treat as reasonable depends on what evidence the venue produces of the procedures it actually followed: staff training, documented observations, refusals, escalations. The defence lives in the records, not the policy document alone.
The 2024 amendment to the AML/CTF Act 2006. Operative 31 March 2026. Restructures the AML/CTF program (a single ML/TF risk assessment + AML/CTF policies under Part 1A), tightens identity verification, formalises ongoing CDD, and brings additional sectors (real estate, legal, accounting, dealers in precious metals and stones) into the reporting-entity regime. Retires the AML/CTF Rules 2007 in favour of the AML/CTF Rules 2025.
The role responsible for the venue's overall regulatory posture — distinct from the AMLCO (which is specifically the AML/CTF Act 2006 statutory designation). Many NSW clubs combine the two responsibilities under one person. The compliance officer typically owns L&GNSW inspection prep, RSA/RCG staff currency, RGO scheduling, and the documented links between operational records and statutory obligations.
An Australian venue authorised to operate electronic gaming machines (EGMs). In NSW this is registered clubs and hotels licensed under the Gaming Machines Act 2001 with gaming-machine entitlements (GMEs). Whether a venue is also a reporting entity under the AML/CTF Act 2006 depends on which designated services it provides; most gaming venues do, given EGM play and cash-handling activity.
/nsw-schedule-1-obligations, /austrac-designated-services-clubs
The natural or legal person holding the venue's liquor or gaming-machine licence. For a registered club, this is typically the club entity itself (a company limited by guarantee). For a hotel, this is usually a natural person or trading entity. The licensee carries primary liability for breaches; the secretary-manager (clubs) or nominated manager (hotels) carries day-to-day operational liability.
/lgnsw-club-inspection-guide, /club-director-responsibilities
A supervisory visit by a regulator inspector — L&GNSW (most common for NSW clubs), AUSTRAC (for AML/CTF), or NSW Police (joint visits). Inspections may be scheduled, risk-weighted, or complaint-triggered. Inspectors hold statutory entry, examination, and document-production powers under the relevant Acts; venues are expected to produce records on demand and have staff who can explain operational procedures.
The policy frame underlying NSW gaming regulation — venues are expected to operate gaming in ways that reduce gambling-related harm, including welfare checks, self-exclusion availability, signage about support services, RGO presence, and operational decisions like the six-hour shutdown and mandatory gaming-room separation. Distinct from the AML/CTF frame, though the two overlap at the patron-interaction layer.