Bet365 fails to placate anti-money laundering regulator – Does AUSTRAC’s post-audit enforcement signal a tougher approach by its new CEO?

On 7 March 2024, Australia’s anti-money laundering (AML) regulator, AUSTRAC, announced the commencement of an enforcement investigation into whether Hillside (Australia New Media) Pty Limited, which trades in Australia as Bet365, has complied with its obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act).

While AUSTRAC has engaged in several enforcement investigations in recent years, this one is notable for two reasons. It is the first enforcement investigation to be publicly announced since the commencement of AUSTRAC’s new CEO, Brendan Thomas, in January this year. It is also the first time that AUSTRAC has announced an intention to commence an enforcement investigation into a reporting entity at the conclusion of a compulsory external audit process.

Since 2019, AUSTRAC has ordered external AML audits of five other organisations. Of these, two enforcement investigations were closed upon receipt of the completed AML audit report and two resulted in the acceptance by AUSTRAC of an Enforceable Undertaking (EU). It remains to be seen how the fifth external AML audit (imposed on Sportsbet on the same day as the one for Bet365) concludes.

The Bet365 audit

AUSTRAC issued a notice to Bet365 to appoint an external auditor to conduct an AML compliance audit, on 2 November 2022. That notice stated AUSTRAC’s suspicion that Bet365 had contravened sections 36 (the obligation to conduct ongoing customer due diligence) and 81 (the obligation to have an AML and counter-terrorism financing program) of the AML/CTF Act and consequently required Bet365 to:

  • Within 28 days of the notice, short-list three nominated auditors, receive from each of them a scope of work and related documents, and submit those details to AUSTRAC for consideration;
  • Subsequently engage the auditor chosen by AUSTRAC; and
  • Within 180 days of that auditor’s engagement, have produced and submitted to AUSTRAC an audit report that included details of:
    • Any provisions of the AML/CTF Act and/or the AML/CTF Rules which the auditor concludes Bet365 has not complied with or is not complying with;
    • The facts on which the auditor has relied to conclude the above;
    • Any measures which the auditor believes Bet365 should implement to ensure that it complies with the AML/CTF Act and the AML/CTF Rules; and
    • The auditor’s view of the capacity of Bet365 to implement these measures.

AUSTRAC’s announcement of its subsequent enforcement investigation into Bet365 is silent as to the reason for its decision, save for confirming that AUSTRAC had considered the external audit report.

The two post-audit enforceable undertakings

Some observations can be drawn from the two instances where post-audit EUs were accepted by AUSTRAC, which suggest that the absence of one for Bet365 may warrant particular attention.

In both previous instances, AUSTRAC was prepared to accept EUs even in circumstances where it had expressed concerns with potential future non-compliance by each of the organisations. Similarly, in one of those matters, the external auditor agreed in their report with many of AUSTRAC’s concerns, but this was no bar to that organisation securing an EU. It is also noteworthy that in one of those matters, the organisation had previously commenced a remediation program, the scope of which had to be substantially broadened and the date for completion extended upon further issues coming to light.

The EUs themselves provide some indication of the types of concessions that AUSTRAC tends to expect from these arrangements. In both instances, the EUs:

  • Note the organisations’ cooperation with AUSTRAC throughout the process;
  • Include an express acknowledgment by the organisations of AUSTRAC’s concerns;
  • Reflect demonstrable and ongoing work by the organisations on uplifting their compliance programs;
  • Record the organisations’ agreement to the continued supply of documents and information to AUSTRAC for monitoring their compliance with the EUs; and
  • Include a commitment to completing the remediation or appointing another external auditor to confirm implementation of the remediation by an agreed date.


There is currently insufficient public information on which to conclude why Bet365 was unable to convince AUSTRAC to take no further action against it following the auditor’s report, or to at least accept an EU as a measure of reassurance of Bet365’s continuing remediation efforts.

It is clear, however, that close attention should be given to both this matter as it continues to unfold and the position AUSTRAC takes following its receipt of Sportsbet’s external AML audit report. Further clarity may then be gleaned on whether Mr Thomas is taking the regulator in a different direction or whether the position adopted in the context of Bet365 says more about that reporting entity than it does about AUSTRAC’s general approach.

Bryony Adams
Bryony Adams
Partner, Sydney
+61 2 9225 5288
Daniel Hyde
Daniel Hyde
Senior Associate, Sydney
+61 2 9225 5480