Inside Star Entertainment’s $12B Junket and CUP Card Scandal

Between 2017 and 2019, a single junket operator cycled AUD $12 billion through The Star Entertainment Group’s casino floors. Over the same period, more than AUD $900 million was quietly withdrawn through ATMs at Star’s own properties using debit cards that were explicitly prohibited from gambling use. These two schemes, the Suncity junket relationship and the China UnionPay (CUP) card arrangement, now form the core of the most detailed regulatory anatomy of a casino anti-money laundering (AML) failure in Australian legal history.

The Federal Court’s 5 March 2026 liability judgment against Star’s former CEO Matthew Bekier and former Chief Legal and Risk Officer Paula Martin has brought both schemes back into sharp focus. AUSTRAC civil penalty proceedings are simultaneously moving through the courts against Star group entities. Together, the cases offer finance professionals and investors a precise account of how AML failures of this scale develop, persist, and ultimately reach a point where they threaten licence viability, executive careers, and shareholder equity.

This article explains exactly how each scheme worked, why casinos are structurally exposed to these risks, what the courts and regulators have found, and what the confirmed figures tell investors about AML risk inside a major ASX-listed company.

How the Suncity junket relationship worked, and why the numbers kept growing

A junket operator pools VIP patrons, extends credit, arranges travel, and intermediates funds between the casino and the end gambler. In doing so, the junket breaks the direct know-your-customer (KYC) relationship the casino would otherwise hold with each patron. The casino performs due diligence on the junket operator itself, but its visibility into the identity and source of funds of the ultimate gamblers is limited.

Suncity was Star’s largest junket partner. The turnover attributable to Suncity across three financial years tells a compounding story.

In AML terms, each dollar passing through an intermediary the casino does not fully control is a dollar whose provenance is harder to trace. The exposure did not just grow; it tripled in two years while remaining concentrated inside a single counterparty relationship, precisely the pattern that AML frameworks are designed to flag and constrain.

What made Suncity’s private room arrangement particularly dangerous

Suncity operated an un-banked cage within The Star Sydney, effectively functioning as a shadow banking system inside the casino’s walls. Rather than running deposits, chip issuance, and payouts through Star’s monitored cashier, Suncity handled these through its own networks. This enabled unrecorded transfers and opaque fund movements outside the casino’s own monitoring systems.

The Bell inquiry characterised this as an egregious AML breakdown. Controls were effectively delegated to Suncity, an operator linked by overseas regulators and law enforcement to organised crime networks. The arrangement meant the casino had outsourced a core compliance function to the very entity that posed the risk.

The $900 million CUP card scheme: sham transactions at Star’s own ATMs

The CUP arrangement worked as a sequence of deliberate steps, each one circumventing a specific prohibition.

1. A Star customer presented a China UnionPay debit card at a NAB EFTPOS terminal or ATM located on casino premises.
2. The transaction was coded as a hotel service, not a gambling withdrawal.
3. The funds were credited to the patron’s casino account.
4. The patron used those funds for gambling.

Two prohibitions were being simultaneously circumvented. CUP explicitly banned the use of its cards for gambling purposes. Chinese capital-export controls limited the amount of funds that could leave China. By coding withdrawals as hotel services, the arrangement bypassed both restrictions at once.

ASIC estimates that more than AUD $900 million was withdrawn via CUP cards at NAB ATMs between 2013 and 2019. The scale is striking, but the structure is what matters most to regulators.

ASIC characterised the arrangement as a “disguised or sham transaction” that “misrepresented the true nature of transactions to banks and card schemes.”

This was not a grey-area compliance question. The scheme required active misrepresentation to a major Australian bank about the nature of transactions on its own terminals, making it simultaneously an AML failure, a conduct failure, and a disclosure failure.

Why casinos are structurally vulnerable to exactly these risks

Both the Suncity junket relationship and the CUP card scheme exploited vulnerabilities that are built into casino economics, not unique to Star. Understanding those structural conditions explains why these failures were not accidental but predictable.

Casinos operate in high-volume cash and chip environments with international patronage and the ability to convert funds across multiple instruments. That combination makes them attractive for layering, the process of moving illicit money through a series of transactions to obscure its origin.

Junket intermediaries amplify the risk. They pool funds across patrons, extend credit through networks the casino cannot audit, and break the direct relationship between the casino and the end gambler. The Bell inquiry found that revenue dependence on Suncity contributed to cultural and governance failures at Star, a finding consistent with the broader tension in the industry between the commissions junkets deliver and the opacity they create.

Four structural vulnerability factors recur across Australian casino AML cases:

• Opacity of ultimate gambler identity: Junkets stand between the casino and the patron, limiting direct KYC.
• Shadow banking via junket cages: Private rooms and un-banked cages create parallel payment systems outside the casino’s monitoring infrastructure.
• High-risk jurisdiction exposure: Junkets are concentrated in jurisdictions with elevated corruption and organised crime risk, particularly mainland China, Macau, and South-East Asia.
• Revenue-versus-risk governance conflicts: VIP and junket revenue creates institutional pressure to tolerate opacity that would not survive scrutiny in a bank.

AUSTRAC’s AML/CTF (anti-money laundering and counter-terrorism financing) framework requires casinos to maintain an AML/CTF programme appropriate to the risks posed by their designated services and customers. Historically, however, junkets sat in a grey area between casino regulation and financial regulation, with responsibility split between gaming regulators and AUSTRAC. That fragmentation allowed high-risk structures to mature before regulators intervened.

How the governance structure allowed these risks to persist

ASIC’s case against Bekier and Martin centres on the failure to escalate AML concerns to the board and the alleged permitting of misleading statements to NAB about the CUP arrangement. The Federal Court’s 5 March 2026 finding that Bekier and Martin breached their duties, while non-executive directors did not, is consistent with the view that the board was not given the full picture by management.

The broader governance lesson is direct: compliance and risk functions that report through commercial management lines rather than directly to the board can absorb and neutralise red flags before they reach the level required for board action. When the people responsible for escalation are also the people whose commercial targets depend on the revenue at risk, the incentive to filter information is structural.

The Star case adds a compliance dimension to the broader debate about board-level equity alignment: directors who hold meaningful personal stakes in a company’s long-term outcome have stronger incentives to demand that management surface uncomfortable compliance findings, rather than allow risk information to be filtered through commercial reporting lines.

What the executives allegedly knew, and what the Federal Court found

ASIC commenced civil penalty proceedings on 13 December 2022 against Star, Bekier, Martin, and other current and former directors and officers. The core allegations against Bekier and Martin can be summarised in three parts:

• Failure to address Suncity risks: Both allegedly failed to adequately address the money laundering risks associated with Star’s dealings with Suncity, continuing to engage with the operator despite becoming aware of reports linking it to criminal activity.
• Misleading statements to NAB: Martin allegedly permitted the provision of misleading statements to NAB regarding the CUP card arrangement, statements that obscured the fact Star was allowing CUP cards to be used for gambling in violation of CUP’s explicit prohibition.
• Failure to escalate: Neither Bekier nor Martin reportedly brought the misleading statements issue to the board’s attention.

On 5 March 2026, Justice Michael Lee handed down the liability judgment in Australian Securities and Investments Commission v Bekier (Liability Judgment) [2026] FCA 196. The court found Bekier and Martin had breached their duties. Non-executive directors were found not to have breached theirs.

Procedural milestones: ASIC proceedings filed 13 December 2022. Liability judgment delivered 5 March 2026. Penalty hearing listed 27 May 2026 (two-day estimate). As of 8 June 2026, no final penalty orders had been made. ASIC is seeking financial penalties and disqualification orders.

The legal finding establishes that these were not compliance oversights caught only in hindsight. The Federal Court determined that specific executives had duties to act and did not, giving investors and counterparties a factual basis for how responsibility was allocated within the company.

The Federal Court’s liability finding in ASIC v Bekier is widely regarded as the first enforcement action to extend executive liability under section 180 of the Corporations Act to non-financial compliance failures, a precedent that reshapes personal risk for every ASX-listed executive responsible for AML/CTF escalation.

AUSTRAC’s separate proceedings and what systemic failure looks like in regulatory terms

AUSTRAC commenced separate civil penalty proceedings on 30 November 2022 against The Star Pty Limited and several Star group entities, alleging serious and systemic breaches of Australia’s AML/CTF Act. These proceedings run parallel to ASIC’s case against individual executives but examine the corporate entity’s compliance systems rather than individual conduct.

AUSTRAC’s proceedings against Star Entertainment, filed on 30 November 2022, set out four distinct contravention categories covering customer due diligence, programme adequacy, transaction monitoring, and risk assessment, providing the clearest public statement of how regulators have characterised the systemic nature of the failures.

AUSTRAC’s allegations fall into four specific contravention categories:

1. Customer due diligence failures: Failure to carry out appropriate ongoing due diligence on high-risk customers, including junket operators and VIP patrons.
2. Programme deficiencies: Failure to maintain an AML/CTF programme appropriate to the risks posed by Star’s designated services and customers.
3. Transaction monitoring gaps: Failure to implement adequate transaction monitoring and to identify and report suspicious matters to AUSTRAC in a timely manner.
4. Risk assessment failures: Failure to adequately assess and manage money laundering and terrorism financing risks associated with high-risk junket and VIP customers.

As of 8 June 2026, the proceedings remain ongoing with no settlement finalised.

AUSTRAC’s framing of the failures as systemic rather than isolated is significant for investors. It signals that remediation cannot be achieved through personnel changes alone and that the cost and duration of compliance rebuilding will be substantial.

What the Bell and Gotterson inquiries added to the regulatory picture

The NSW Bell inquiry (headed by Adam Bell SC, 2022) found The Star Sydney unsuitable to hold a casino licence, citing serious AML/CTF failures, junket risks including Suncity, CUP misuse, and governance breakdowns. A special manager was appointed, and the NSW licence suspension remains in effect.

The Queensland Gotterson Review found Star’s Queensland casinos similarly unsuitable, with the Gold Coast licence suspension deferred to 30 September 2026 and special managers operating in Queensland. Both inquiries relied on the Suncity and CUP findings as core evidence of structural AML failure, reinforcing AUSTRAC’s systemic characterisation.

What the Star case tells investors about AML risk in listed companies

AML/CTF failures at this scale are now treated by analysts as material credit and equity risk, not compliance noise. The potential consequences include licence suspensions, large civil penalties, expensive multi-year remediation programmes, and dilutive capital transactions. Star’s experience provides a worked example of each.

Analysts now characterise AML/CTF failings as material credit and equity risk for casino operators, with the potential to drive corporate control changes, not merely operational remediation.

Star is not an isolated case. It sits within a broader enforcement arc that includes Crown Resorts and SkyCity, establishing a sector-wide pattern of escalating regulatory action.

SkyCity’s current operating position, with FY26 EBITDA guidance cut by approximately $20 million at the reported level and AUSTRAC proceedings unresolved, illustrates how the combination of regulatory overhang and macroeconomic pressure can compound simultaneously for operators carrying unresolved compliance risk.

Investors assessing gaming and high-risk-sector stocks should scan for specific disclosure red flags:

• Boilerplate AML language in annual reports with generic statements that programmes “meet regulatory requirements” but no concrete detail on resources, independent reviews, or risk metrics
• Limited disclosure on interactions with AUSTRAC or state regulators, including absence of commentary on reviews or remediation programmes
• Over-reliance on VIP and junket revenue relative to mass-market play
• Absence of board-level AML key performance indicators or dedicated financial crime expertise among directors

US regulators including FinCEN and state gaming regulators have imposed multi-million-dollar penalties on Las Vegas Sands, Wynn, and Caesars for AML failures, establishing a convergence of global expectations toward bank-level AML standards for casino operators.

This article is for informational purposes only and should not be considered financial advice. Investors should conduct their own research and consult with financial professionals before making investment decisions.

The junket era is ending, but the lessons extend well beyond casinos

Many analysts and regulators now view the traditional junket model as incompatible with contemporary AML expectations. Operators are either exiting junkets entirely or bringing VIP programmes fully in-house with bank-grade controls. The convergence of enforcement actions from AUSTRAC, FinCEN, and state gaming regulators internationally signals that casino operators handling high-risk customers are expected to operate to financial-institution-level AML standards.

Three structural shifts are now underway:

• Junket model obsolescence: The intermediary-driven VIP model that powered Star’s and Crown’s high-roller revenue is being unwound across the sector.
• Bank-level AML frameworks as the new baseline: Casinos dealing with international VIPs and large cash flows must adopt controls comparable to those of financial institutions, including sophisticated monitoring systems, enhanced due diligence protocols, and sanctions screening.
• Regulatory escalation extending to adjacent sectors: Online wagering, payment platforms, and fintechs handling gaming flows now face heightened scrutiny, meaning the structural vulnerabilities exposed in the Star case are relevant to any business where high-value, cross-border, and anonymous-adjacent payment flows intersect.

Star Entertainment remains licensed under intensive regulatory supervision in both NSW and Queensland as of 8 June 2026, with AUSTRAC proceedings unresolved and special managers overseeing operations. The Crown outcome, where persistent AML governance failures drove a forced sale and delisting, stands as evidence that the consequences can extend to corporate control changes, not merely operational remediation.

The Suncity and CUP schemes were not caused by a single bad decision. They were the product of sustained institutional tolerance of arrangements that prioritised revenue over transparency, allowed compliance functions to be subordinated to commercial management, and permitted red flags to be absorbed rather than escalated.

The AML frameworks built inside high-risk businesses are not peripheral compliance infrastructure. The Star case confirms they are core to licence viability, management accountability, and ultimately equity value. For finance professionals assessing any company with high-risk international customer flows, the question is no longer whether AML risk is material. It is whether the governance structures in place are designed to surface it before regulators do.

Past performance does not guarantee future results. Regulatory outcomes, penalties, and corporate restructuring timelines are subject to change based on court proceedings and regulatory decisions.