Cyber Incident Victim: Crown Resorts
Date:
Oct 2023
Location:
Australia
Summary
Crown Resorts faced significant regulatory penalties, including a $450 million civil penalty for historical anti-money laundering and counter-terrorism financing failures identified in federal court proceedings, following investigations into systemic compliance deficiencies. The company acknowledged past breaches, implemented sweeping reforms under its Future Crown program, bolstered financial crime teams, upgraded transaction monitoring systems, and introduced mandatory harm-prevention measures across its resorts. Concurrently, police responded to an unspecified incident at Crown Perth, with the organization supporting the investigation while maintaining operations. Other corrective actions addressed legacy payroll errors and tax practice violations, reflecting broader efforts to rebuild compliance frameworks and stakeholder trust.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 0 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Crown Resorts faced significant legal and regulatory repercussions in 2023 stemming from historical anti-money laundering (AML) and counter-terrorism financing (CTF) compliance failures at its Melbourne and Perth properties. On March 30, 2022, AUSTRAC initiated civil penalty proceedings against Crown, culminating in a Federal Court judgment on July 11, 2023, which approved a $450 million combined civil penalty for Crown Melbourne and Crown Perth. The court action addressed systemic failures in Crown’s AML/CTF programs, including inadequate customer due diligence, insufficient transaction monitoring, and weak risk assessments spanning several years. Crown publicly acknowledged these historical breaches on May 30, 2023, when it reached an agreement with AUSTRAC and filed a Statement of Agreed Facts and Admissions. The admitted violations included failures to establish and maintain an effective AML/CTF program, conduct proper customer identity verifications, and submit timely suspicious matter reports. These deficiencies occurred prior to Crown’s comprehensive reform program initiated under new ownership and leadership in late 2020. The Federal Court’s judgment formally concluded the long-running proceedings, with Crown emphasizing that the misconduct occurred under prior management structures.
The financial penalty represented one of the largest corporate fines in Australian regulatory history and directly impacted Crown’s operational finances. Beyond monetary consequences, the incident triggered extensive organizational reforms as part of Crown’s Future Crown transformation program. The company invested over $40 million in financial crime compliance enhancements since 2020, expanding its dedicated Financial Crime and Compliance team by approximately 170 professionals recruited from banking, regulatory, and law enforcement backgrounds. Operational changes included implementing automated transaction monitoring systems, electronic suspicious activity reporting tools, stricter customer risk assessments, and reduced cash transaction limits. Crown also adopted revised AML/CTF programs in 2020, 2021, 2022, and 2023, incorporating findings from enterprise-wide risk assessments. Training programs were significantly expanded for all staff levels, including board members and senior executives. CEO Ciarán Carruthers publicly acknowledged responsibility for Crown’s past failures while highlighting the company’s commitment to establishing industry-leading compliance standards under its new governance framework. The resolution required Crown to undergo regulatory supervision for three years, including independent audits confirming ongoing adherence to AML/CTF obligations, as part of its broader accountability measures. These reforms aimed to rebuild stakeholder trust and align Crown’s operations with AUSTRAC’s enforcement expectations moving forward.