Gaming Authorisations and Compliance Directive: Summary of Amendments Implemented in October 2021 by the Malta Gaming Authority

INSIGHTS

28 Oct 2021

In October 2021, the Malta Gaming Authority (the “MGA”) amended the Gaming Authorisations and Compliance Directive (Directive 3 of 2018). As a result of such amendments, the number of key function roles required to be appointed by licensed operators has decreased, since certain roles have been merged.

Download the summary of amendments report here.

As a consequence, B2C and B2B licensees operating in the remote business are required to appoint the following key function roles:

	B2C licensee	B2B licensee
1.	CEO	CEO
2.	Key Gaming Operations = Key Gaming Operations + Key Finance + Key Risk + Key Fraud	Key Gaming Operations = Key Gaming Operations + Key Finance + Key Risk + Key Fraud
3.	Key Compliance = Compliance Officer + Key Responsible Gaming + Key Player Support + Key Marketing	Compliance Officer
4.	Key Legal	Key Legal
5.	Key Data Protection	Key Data Protection
6.	Key AML & CFT	Key Technology = Key Technology + Key Information Security
7.	Key Technology = Key Technology + Key Information Security	Internal Audit
8.	Internal Audit

Furthermore, clarifications in respect to when certain roles need to be appointed during the lifetime of the license have been made.

1. At the application stage, licensees must notify the MGA about who will hold the roles of chief executive officer, compliance officer, as well as MLRO (if applicable);

2. Within 6 months of the licence being issued, the MGA must be notified as to who has been appointed to exercise the remaining key function roles;

3. In case any of the persons exercising the key function role resigns, the licensee is required to notify the MGA by not later than 3 working days after such resignation. Additionally, the licensee is obliged to inform the MGA about the appointment of the replacement by not later than 15 working days after such resignation.

Importantly, if no person is approved by the MGA to fulfil a key function either temporarily or otherwise, the responsibility for such key function is vested in the directors of the licensee.

Policy on the Eligibility and Ongoing Competency Criteria for Key Persons – October 2021

Apart from amending Directive 3 of 2018, the MGA also issued the Policy on the Eligibility and Ongoing Competency Criteria for Key Persons (hereinafter the “Policy”), which sets the eligibility and ongoing competency criteria which the MGA shall consider in terms of persons who apply for the issuance or renewal of a Key Function Certificate.

Fitness and Propriety Considerations

Key persons are obliged to be fit and proper in order to perform their respective key functions on an ongoing basis.

The main criteria, which the MGA considers, consist of the following:

Integrity, Honesty and Reputation;
Competence and Capability.

General Competency Criteria and Continuous Professional Development

Persons being key functions officials are obliged to be duly qualified in terms of academic qualifications as well as professional experience as may be applicable for their given roles.

With respect to the continuous professional development (hereinafter “CPD”), when applying for the renewal of the Key Function Certificate, key persons must demonstrate that they have attained a minimum number of CPD hours during each calendar year of the previous certification period, in order for such renewal to be approved.

Evidence of fulfillment of the applicable CPD requirements includes the certification or other proof of attendance.

The Policy provides an exhaustive list of methods applicable to the attainment of CPD requirements, as follows:

Professional Educational Activities (courses, seminars, workshops);
Presentations (vendor or system-specific presentations);
Teaching / Lecturing / Presenting (development and delivery of presentations and courses relevant to key functions);
Publication of Articles;
Professional Examinations.

It must be noted that 1 CPD hour is earned for each hour of active participation for qualifying professional educational activities unless specified otherwise.

In addition, the table below further demonstrates the minimum experience and/or qualifications requirements as well as minimum annual CPD requirement for each key function role:

Key Role	Minimum Experience and/or Qualifications	Minimum Annual CPD Requirement
CEO	Minimum 3 years of working experience in a managerial role plus a related bachelor’s degree; or a minimum of 5 years of working experience.	5 CPD Hours
Key Gaming Operations	Minimum 2 years of working experience in a managerial role plus a related bachelor’s degree; or a minimum of 4 years of working experience; and must be knowledgeable in risk management and fraud prevention procedures.	10 CPD Hours
Key Compliance	Minimum 2 years of working experience in a compliance-related role plus a related bachelor’s degree; or a minimum of 4 years of working experience; and must be knowledgeable in terms of obligations relating to responsible gaming, advertising and sports integrity where applicable.	10 CPD Hours
Key Legal	Minimum 2 years of working experience in the role of legal counsel and/or similar senior role plus a related bachelor’s degree in law; must be knowledgeable in terms of legal affairs including those relating to contractual arrangements, litigation proceedings and dispute resolution.	10 CPD Hours
Key Data Protection	Minimum 2 years of working experience in the role of data protection lead or data protection officer plus a related diploma or certificate; or 3 years of working experience	10 CPD Hours
Key AML & CFT	Minimum 2 years of working experience as a MLRO or similar senior and/or a related managerial role plus a related bachelor’s degree or ML specific qualification; or 4 years of working experience as a MLRO or similar senior role.	10 CPD Hours
Key Technology	Minimum 2 years of working experience in a role related to IT plus a related bachelor’s degree; or 4 years of working experience in an IT-related role; must be knowledgeable in technical set-up, systems and infrastructure.	10 CPD Hours
Internal Audit	Minimum 2 years of working experience as internal auditor or similar role plus relevant certificate to perform a role of internal auditor; or 4 years of working experience as internal auditor or similar role.	10 CPD Hours

Compatibility of Roles

For clarity purposes, MGA has also published the table below to clarify which roles are incompatible with each other.

Actions required and applicable timeframes

---

For any questions please contact gaming@whpartners.eu

The information above does not and is not intended to constitute legal advice and should not be relied on as such. For any specific matters kindly seek legal assistance.

Gaming Authorisations and Compliance Directive: Summary of Amendments Implemented in October 2021 by the Malta Gaming Authority

Policy on the Eligibility and Ongoing Competency Criteria for Key Persons – October 2021

GAMING AUTHORISATIONS AND COMPLIANCE DIRECTIVE SUMMARY OF AMENDMENTS IMPLEMENTED IN OCTOBER 2021 BY THE MALTA GAMING AUTHORITY

Download the PDF

Robert Zammit

Partner

Galyna Podoprikhina

Junior Associate

SUBSCRIBE TO OUR NEWSLETTER

SHARE