Capturing the same floor observation for both AML and welfare is the defensible architecture. It also creates a confidentiality problem the moment you build it, because the two frames do not get to be seen by the same people.
Working reference, not legal advice
This article is written for clubs and venues that carry both an AML/CTF monitoring obligation, as reporting entities for EGM-related designated services, and gambling harm-minimisation obligations under applicable state or territory laws. It describes a practical access-control pattern for a shared observation record, and how the reformed tipping-off offence bears on that pattern. The tipping-off offence is a serious criminal provision. This is a navigation aid, not legal advice, and it does not determine whether any specific disclosure would or would not breach s.123. For a definitive view, talk to an AML lawyer or your external AML consultant.
TL;DR
A welfare interaction is meant to be visible and supportive: you talk to the patron. An AML suspicion is meant to be invisible to the patron. The same neutral observation can feed both, but the two interpretations carry opposite confidentiality postures. Disclosing SMR-related information (that a matter has moved into the reporting pathway, or that an SMR is being considered or has been made) can run into the tipping-off offence where it could prejudice an investigation.
So “capture once, interpret twice” only holds up if access is role-based: open to capture neutral facts, gated on the AML characterisation, the SMR consideration, and the escalation outcome. Capture once. Interpret twice. Show the AML thread to very few.
The case for one neutral observation layer feeding two assessment pathways is set out in a companion reference: the same floor behaviour can engage an AML obligation and a harm-minimisation obligation at once, so capturing it twice wastes effort and risks an observation being filed under one frame and never read by the other. That piece ended on a single line: access has to be role-based. This is where that line gets unpacked, and where the tipping-off rules start to matter.
But a single shared record introduces a risk that two genuinely separate systems did not have. The moment AML interpretation lives in the same place staff capture welfare notes, the AML thread becomes visible to people who should not see it, and a venue can create a confidentiality exposure simply by being tidy about its data.
The fix is not to abandon the shared layer. It is to recognise that sharing the capture step does not mean sharing the interpretation step. Who can write a neutral observation and who can see that an observation is under AML scrutiny are two different access questions, and they should be answered differently.
The two frameworks assess the same observation differently, and they want opposite things from confidentiality.
Harm-minimisation is outward-facing. A welfare interaction is supposed to happen in the open: a staff member approaches the patron, offers support information, records what was observed and what was done. The patron is meant to know they were engaged with. Visibility is the point.
AML suspicion is inward-facing. An AML assessment, the consideration of a suspicious matter report, and any decision to file one are supposed to be invisible to the patron. The whole value of a suspicious matter report depends on the subject not being alerted to the suspicion or the reporting pathway. Confidentiality is the point.
That asymmetry is why a single merged “compliance record” that everyone on the floor can read is the wrong design. The welfare half can be visible to the people involved in patron support; the AML half should be held behind a tighter need-to-know boundary. A shared capture layer is workable. A shared interpretation layer, visible floor-wide, creates unnecessary tipping-off and welfare-contamination risk.
The tipping-off offence sits at section 123 of the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth). It is worth being precise about it, because the provision most people remember is no longer the one in force.
The previous s.123 was much broader: it was an offence to disclose that a suspicious matter report had been, or was required to be, submitted, or to disclose information from which that could reasonably be inferred. The AML/CTF Amendment Act 2024 repealed that section and substituted a new, harms-based offence, which has been in force since 31 March 2025, a full year before most of the broader AML/CTF reform commenced on 31 March 2026. The core harms-based test has already been live for over a year, and a lot of older club guidance still describes the repealed version.
Under the reformed s.123, the offence is no longer the mere fact of disclosure. The offence now is disclosing information about a suspicious matter report, or about related AUSTRAC notices, where that disclosure would, or could reasonably be expected to, prejudice an investigation. The test shifted from “did you reveal it” to “could revealing it prejudice an investigation.” The maximum penalty is two years imprisonment, 120 penalty units, or both.
For a venue, the practical implication is unchanged in spirit and sharper in detail: a floor staff member who can see that a suspicion has been formed, an SMR is under consideration, or a matter has moved into the reporting pathway, and who then behaves differently towards the patron, or mentions it, can become a tipping-off pathway. A cleaner design response is to keep the AML characterisation behind a need-to-know boundary, so the floor can act on observable facts without holding the suspicion thread.
Role-based access is the mechanism that lets a shared observation layer carry both obligations without leaking the sensitive one. The split runs along the capture/interpretation line, not along the AML/welfare line.
Open at capture. Floor staff should be able to record neutral, observable facts freely: session length, cash access, play intensity, payout behaviour, visible distress, an interaction note. Those facts may still need ordinary privacy and records controls, but they are not the same thing as exposing the SMR assessment. Locking capture down would defeat the purpose of a shared layer and discourage the recording the venue actually wants.
Gated at interpretation. The AML characterisation of an observation (that it is being treated as potentially suspicious, that an SMR is being considered, that a matter has been escalated or reported) should sit behind a role boundary. It belongs to the AMLCO and the small set of people whose role is to make that assessment, not to the floor, and not in a field every staff member can read.
The welfare characterisation can be more visible to the people involved in patron support, because the response is meant to be outward-facing. A welfare interaction is a normal, visible part of floor operations. The access design is asymmetric on purpose: the same observation, one capture, two interpretations, and only one of those interpretations needs the tighter access controls normally associated with the suspicion and reporting pathway.
Access control does not replace training. AUSTRAC also expects staff with access to protected information to understand tipping-off risk, with specific training for customer-facing roles.
A workable boundary, stated plainly:
Floor staff should see: the observation they recorded; routine patron context needed to do their job; welfare flags and the support-and-interaction workflow; self-exclusion status and entry-refusal obligations. These are operational and, in the welfare case, meant to be acted on visibly.
Floor staff should not see: that an observation has been escalated as potentially suspicious; that an SMR is under consideration or has been filed; the content of an AML assessment; the identity of patrons subject to AML scrutiny as a list they could browse. Exposure here serves no floor-operational purpose and creates tipping-off risk for no benefit.
Where further patron enquiries are needed, the floor should be given a neutral, operational reason, not the AML suspicion thread. AUSTRAC notes that making reasonable enquiries into customer activity is not, in itself, tipping off.
There is a second reason for the gate beyond tipping off: keeping the AML thread off the floor stops it from contaminating the welfare interaction. A staff member who can see the suspicion thread on a patron may find it harder to have a clean welfare conversation with them. The two pathways stay honest precisely because the floor only carries the half that belongs there.
Role-based access is about keeping the AML characterisation away from people with no role in it, principally the floor and the patron. It is not a rule that the information can never leave the AMLCO’s desk. The reformed offence turns on whether a disclosure could reasonably be expected to prejudice an investigation, and AUSTRAC’s guidance describes disclosures that will not generally breach it on that footing.
AUSTRAC indicates these generally include: disclosure to comply with another law; disclosure to manage ML/TF risk within the business or reporting group; disclosure to external advisers or lawyers for AML/CTF purposes; and disclosure to Australian law enforcement, intelligence, or regulatory agencies. Two cautions matter. AUSTRAC stresses that the tipping-off offence does not itself authorise any of these disclosures, and other legal restrictions can still apply. The specific reporting-entity information-sharing exception at s.123(5) is not yet in operation, pending regulations, so a venue should not build a process that relies on it.
So treat these as situations that will not generally breach the offence, not as blanket permissions, and not as “safe” or “authorised.” The governing test in every case is still whether the disclosure could prejudice an investigation, and the exact wording matters. The design point for a venue is narrower: build the access model so the proper channels can be used when they are needed, while the floor and the patron stay outside the loop.
The operational shape that follows is a single observation record with role-scoped views over it. Capture is one act. What a given person sees of that record (the raw observation, the welfare interpretation, or the AML interpretation) depends on their role.
That arrangement also produces a cleaner evidentiary position than two parallel systems do. The neutral observation is captured once and is not duplicated or re-keyed. The AML and welfare assessments each attach to it under their own controls, with their own retention and their own access log. If anyone later needs to establish who saw what and when, the access log answers it, because access was a designed control, not an afterthought.
Capture once. Interpret twice. Show the AML thread to very few. The shared layer is what makes the venue see the whole behaviour; the role-based gate is what keeps the sensitive half of that picture where it belongs.
The companion piece on why the same floor behaviour reads differently under AML and harm-minimisation, and why one neutral observation layer beats two parallel systems.
A closer look at s.123: where the line sits, what staff training has to cover, and how routine CDD operates without revealing scrutiny.
What the access-controlled AML pathway produces at the end: threshold rationale, evidence standards, and the questions AUSTRAC asks.
Venue Axis is built around that separation: neutral floor observations captured once, with AML and welfare interpretations held in role-scoped views. The floor sees what it needs to act; the AML thread stays in the controlled surface.