If your club or pub operates gaming machines in NSW, the compliance landscape has shifted materially. The mandatory Digital Incident Register (DIR), reinforced Gaming Plan of Management requirements, and the intersection of state and federal obligations under AML/CTF mean that venues face more documentation scrutiny today than at any point in the past decade. Here is what facilities and operations managers need to know — and where electronic security systems fit in.
The Regulatory Framework: Who Is Watching
NSW gaming venues answer to multiple authorities simultaneously. Liquor & Gaming NSW (L&GNSW) administers the Gaming Machines Act 2001 and the Liquor Act 2007, sets compliance standards, and conducts inspections — both scheduled and unannounced. The Independent Liquor & Gaming Authority (ILGA) handles significant licensing decisions and disciplinary matters. NSW Police maintains an operational interest in venues as a potential vector for organised crime and coordinates with L&GNSW on joint inspections, with findings capable of flowing to AUSTRAC under AML/CTF obligations.
The NSW Crime Commission’s inquiry into cash use at pubs and clubs has accelerated these reforms. The result is a regime that is more prescriptive, more document-heavy, and more actively enforced than before. Venues that managed compliance informally — relying on paper registers and loosely maintained plans — are now directly exposed.
The Digital Incident Register: Mandatory Since July 2024
The most significant recent change is the mandatory Digital Incident Register (DIR), which has been a requirement for all NSW gaming venues since July 2024. The paper-based incident register is no longer compliant. Any venue that has not transitioned to a purpose-built digital system is in breach of its current obligations.
The DIR must record a defined set of incident categories, including:
- Patron refusals and removals
- Self-exclusion actions and enforcement
- Responsible gambling interactions and interventions
- Gaming machine malfunctions and large payouts
- Disturbances, altercations, or violence
- Minors attempting to access gaming areas
- Police or regulator attendance
- Any other incident the venue considers significant
Critically, the DIR must meet specific technical standards. Entries must be made contemporaneously — at or near the time of the incident — and must be time-stamped and attributable to the staff member making the record. Records must be retained for at least three years and made available on demand to L&GNSW inspectors and police. The system must be tamper-evident, meaning editing history must be visible and auditable.
A spreadsheet is not a compliant Digital Incident Register. Spreadsheets allow silent editing and do not meet the tamper-evident standard. L&GNSW expects a purpose-built system — whether a dedicated DIR tool or an integrated compliance platform — that produces an auditable record.
For security operators and facilities managers, the DIR requirement has a direct bearing on how incidents captured on CCTV or by access control systems are documented. Where a camera records a disturbance or a door controller logs an attempted entry by a self-excluded patron, that event needs to make it into the DIR in a timely, attributable, and tamper-evident way. CCTV and video analytics systems that integrate with or export timestamps to compliance workflows become operationally relevant here — the footage supports the record, and the record must meet the DIR standard independently.
Gaming Plan of Management, Self-Exclusion, and Staff Training
Beyond the DIR, gaming venues carry a suite of ongoing obligations that touch day-to-day operations:
Gaming Plan of Management (GPoM): Every venue must maintain an L&GNSW-approved GPoM — a ten-section document covering everything from gaming area layout and ATM arrangements to self-exclusion procedures and complaints handling. The GPoM must be reviewed annually, updated when material changes occur, and be available to inspectors on request. Critically, a GPoM that describes procedures the venue does not actually follow is worse than having none at all: it is documented evidence that the venue is non-compliant with its own approved plan.
Self-Exclusion Program: Venues must operate a formal self-exclusion program. Self-excluded patrons must be flagged in venue systems, and any breach — a self-excluded patron entering or gaming — must be recorded in the DIR. Multi-venue exclusion schemes extend these obligations across linked premises. Venues should be clear on the distinction between their gaming machine self-exclusion program and BetStop, the national online wagering register: different systems, different scopes, and staff confusion between the two creates compliance exposure.
Responsible Conduct of Gambling (RCG) Training: All staff rostered in gaming areas must hold a current RCG competency certificate from a registered training organisation. Certificates have defined validity periods and records must be produced on request. RCG training runs alongside — not instead of — AML/CTF training, which AUSTRAC expects to be specific to each venue’s procedures and risk profile. A coordinated training schedule that produces a single attestation record per staff member per period is the practical solution.
Responsible Gambling Obligations: NSW operates one of Australia’s most prescriptive responsible gambling frameworks. Staff must observe patrons for signs of problem gambling and intervene in accordance with documented procedures. Interventions go in the DIR. Prescribed signage must be correctly placed. ATM withdrawal limits, EFTPOS cash-out prohibitions, and restrictions on gaming-linked inducements all carry specific requirements.
What This Means for Venue Operations Managers
L&GNSW inspections — including unannounced visits — focus on exactly the areas where documentation gaps are most likely: DIR completeness and contemporaneity, GPoM alignment with actual practice, self-exclusion record accuracy, and RCG currency. Joint inspections with NSW Police add AML/CTF scrutiny to the mix. A venue that is well-organised on gaming compliance but has not reviewed its physical security documentation — floor layouts, camera coverage of gaming areas, access logs for restricted zones — may find those gaps raised during an inspection that started as a gaming audit.
For access control and visitor management systems in clubs and pubs, the self-exclusion enforcement obligation is a direct operational requirement. A patron who is self-excluded should not be able to access the gaming floor. Whether that is enforced by staff recognition, card-based access, or a combination of both, the system needs to be documented and staff need to understand it. If an excluded patron is admitted, the incident must be recorded — and the failure to record it is a second breach on top of the first.
Venues that have not yet transitioned to a compliant DIR, or whose GPoM has not been reviewed since the DIR requirement came into force in July 2024, should treat that as a near-term priority. L&GNSW has made clear through its inspection focus areas that the DIR is a live compliance requirement, not a transitional one.
Original source: https://complyiq.au/nsw-gaming-compliance/