The Lotteries and Gaming Authority of Malta (“LGA”) today (3 June 2014) issued a statement to its licensees informing them of a number of policy changes which it is implementing with immediate effect.  These “quick wins” have been taken on the initiative of the LGA’s Executive Chairman following consultation with various key players in the remote gaming industry in Malta, including the Malta Chamber of Commerce’s Remote Gaming Section and the Malta Remote Gaming Council.  We note that, soon after being appointed Joe Cuschieri, the LGA’s Executive Chairman, made it clear that he wished to take measures to reduce bureaucracy and further embrace technology where doing so would improve the LGA’s ability to fulfil its regulatory and oversight functions.

Mr Cuschieri has been quoted by the press as using the term “future proofing” in relation to his objectives for the regulation of the gaming & gambling industry in Malta. It appears that he enjoys full support from the government on this. The announcement of these “quick wins” is probably the first concrete and publically available demonstration of the type of measures which Mr Cuschieri had in mind when talking about “future proofing”. We have seen way to much protectionism and way too little “future proofing” in the gaming & gambling industry particularly the remote gaming industry over the past decade, so if these “quick wins” are anything to go by, we think that the remote gaming industry in Malta will say that Mr Cuschieri’s “future proofing” is most welcome.

Below we list the “quick wins” referred to in the statement released by the LGA to its licensees today, with our brief comments on each.  Please do not hesitate to contact us should you have any questions.

Hosting of servers abroad. For servers hosted abroad, the Authority is removing the need for the LGA zone. This means that an applicant/licensee is not required to have a separate replication server set-up hosted abroad unless there are exceptional situations where this would be required.

WH Partners comment:  To date, the LGA has required that servers forming part of an LGA licensee’s gaming system hosted outside of Malta would be segregated in an “LGA zone”, or that an “LGA zone” existed to which transactions carried out under a Maltese licence would be replicated. We note that as of early this year the LGA’s approach to the hosting of servers abroad changed in favour of a more risk-based approach.  The LGA’s written confirmation of its new policy makes it clear that operators will no longer be required to set-up an “LGA-Zone server(s)” at their hosting facility outside Malta. This should result in reducing capital expenditure for new licence applicants, as well as running costs relating to the hardware and development required, allowing the operators to invest that saving in other parts of their business.
Simultaneous Log in of Players. Players are allowed to be simultaneously logged on a separate device, as long as they are made aware of their status and are given the option to log-out of any one device, and as may be further regulated by the Authority.
WH Partners comment: One of the LGA’s requirements relating to player account security has been a ban on simultaneous player log in.  A player could not log-in simultaneously from more than one device. However, considering that technology has moved towards a situation where individuals use more than one device at the same time, the LGA has recognized that simultaneous log-in does not necessarily result in any breach of security or a lesser level of player account security and that, as long as the player is made aware of the situation, a player can be allowed to be logged in simultaneously via more than one device.  There has been no indication on whether a device limit would apply.  Can a player be allowed to log-in simultaneously from 3, 4, or 5 devices? Can a player now log-in simultaneously from the same number of different IP addresses?
Audit requirements. Operators with multiple-licences of the same class will be required to perform only one combined system and/or compliance audit covering all licences concerned. The applicable fees for the combined audits will remain unchanged but may be subject to review in future.
WH Partners comment: To date, operators in possession of multiple licences have been required to perform a system audit prior to obtaining a licence and a compliance audit within the first year of operation, as well as upon a licence renewal.  The LGA’s change of policy will enable operators to reduce a significant administrative burden without having an impact on the quality of the audit or the level of oversight which the LGA has on its licensees. Additionally, licence application timeframes are likely to be reduced.  It is not yet clear whether operators holding multiple licences which are subject to renewal at different times would also benefit from this, though we would suggest that the correct way to interpret the LGA’s new policy would be that even where licences come up for renewal at different times a system of aggregating audits into one should be implemented.  It is also not totally clear whether operators already holding a particular class of licence, e.g. a class 1 linked with a particular class 4 platform licensee, would be exempt from a systems and compliance audit where they apply for a further class 1 licence on a different class 4 platform licensee. Once again, we would suggest that once the LGA has had oversight of and audited an operator’s system, the addition of new products should only be subject to the LGA being satisfied and possibly auditing the incremental change.
Class 3 products. Applicants/licensees offering both Bingo and Poker may offer such games with the same Class 3 and also applicable to Class 4, provided they have the same service provider.
WH Partners comment: To date, operators wishing to offer various “player to player” games, such as bingo and poker have been required to obtain separate licences for each product, even though both products fell within the same licence category and even if both were provided by the same software supplier. As a result of this “quick win”, operators wishing to offer “player to player” games will only require one Class 3 licence and no longer be required to obtain 2 separate licences (one for bingo and one for poker), when the products are provided by the same platform provider.  It remains to be clarified, whether an operator hypothetically wishing to operate two or more poker or bingo platforms would also benefit from this change in policy.  If the LGA’s intention is to do away with duplicity of requirements where its regulatory objectives can just as easily be achieved via the issue of one Class 3 licence, then it seems to us that this would be the correct way to interpret this new policy.
Sealing vs tagging. In order to keep track of current hardware, the Authority is introducing the concept of “tagging” instead of “sealing” of servers,
WH Partners comment: For several years, sealing of all components of the hardware used by operators has been the LGA’s preferred way of keeping track of the equipment utilised by operators under their remote gaming licences. However, the sealing process has been criticised by many as being impractical, time consuming and a process which does not provide the LGA with any additional comfort or security.  Key stakeholders have repeatedly recommended to the LGA that such a process should either be removed or changed to be more practical.  The LGA has now decided to do without the sealing of each component and to require solely the tagging of each piece of hardware with an inventory number. The hardware will be also sealed to the rack. This will mean that replacing components due to memory outage or breakdown will no longer result in breaking a seal, which will need to be resealed. Resealing will only be required if the hardware is moved or if new hardware is installed.
Incident reporting. In support of point 5, the Authority has written new procedures for incident reporting, addition and decommissioning of hardware in which tagging or re-tagging takes place.

WH Partners comment:  In April 2014 the LGA issued a new written procedure for “Incident Reporting, Addition and Decommissioning of Hardware” which can be found athttp://www.snapadministration.com/common/file_provider.aspx?id=635373058850328750.  This document has been updated to reflect the LGA’s policy change with respect to the tagging of equipment. The publication of this procedure has been long-awaited by industry stakeholders.  Operators were most of time left guessing as to what they needed to do and provide to the LGA in cases of adding and/or decommission of equipment. This document now clearly identifies what the LGA requires from a Key Official when adding and/or decommissioning hardware.
Key official. The role and requirements for Key Officials are currently under review to ensure that such an important role is performed in a diligent and effective manner at all times. As a result, the Authority is planning to launch Key Official training and certification, details of which will be announced in the coming weeks.

 

WH Partners comment: We think that the introduction of certification and training for Key Official is something to welcome, given the important role attributed to the Key Official by the Remote Gaming Regulations. The Key Official’s role cannot and must not be underestimated. The responsibilities attached to the role include acting as a liaison officer between the operator and the authority, assisting the Authority with any investigations and queries relating to the licensed operations, oversee and manage audit process and ensuring that all games are fair and correct, and that the remote gaming system is well kept and maintained. It is a position of great responsibility and anybody taking up this role ought to be fully aware of the responsibilities attached to it and the manner in which those responsibilities are to be performed.

Cloud Environment. The Authority will start to accept with immediate effect hosting of servers in a cloud environment on a case by case basis and after carrying out a risk assessment.

WH Partners comment: Until last year, the LGA was highly sceptical about the use of “cloud”, which it generally considered to be a high risk environment. Operators were only allowed to use a cloud environment for static information.  The LGA has now recognised that with technological advancements a “cloud environment” can be considered for data which is not static. The LGA has said that it will take a risk based approach and consider each request on a case by case basis. Requirements may vary, however we hope that the LGA will eventually devise practical written guidelines on this matter.

By: James Scicluna, Robert Zammit