Gaming Authorisations and Compliance Directive: Summary of Amendments Implemented in October 2021 by the Malta Gaming Authority

INSIGHTS

28 Oct 2021

In October 2021, the Malta Gaming Authority (the “MGA”) amended the Gaming Authorisations and Compliance Directive (Directive 3 of 2018). As a result of such amendments, the number of key function roles required to be appointed by licensed operators has decreased, since certain roles have been merged.

Download the summary of amendments report here.

As a consequence, B2C and B2B licensees operating in the remote business are required to appoint the following key function roles:

B2C licensee

B2B licensee

1.

CEO

CEO

2.

Key Gaming Operations = Key Gaming Operations + Key Finance + Key Risk + Key Fraud

Key Gaming Operations = Key Gaming Operations + Key Finance + Key Risk + Key Fraud

3.

Key Compliance = Compliance Officer + Key Responsible Gaming + Key Player Support + Key Marketing

Compliance Officer

4.

Key Legal

Key Legal

5.

Key Data Protection

Key Data Protection

6.

Key AML & CFT

Key Technology = Key Technology + Key Information Security

7.

Key Technology = Key Technology + Key Information Security

Internal Audit

8.

Internal Audit

Furthermore, clarifications in respect to when certain roles need to be appointed during the lifetime of the license have been made.

  1. 1. At the application stage, licensees must notify the MGA about who will hold the roles of chief executive officer, compliance officer, as well as MLRO (if applicable);
  1. 2. Within 6 months of the licence being issued, the MGA must be notified as to who has been appointed to exercise the remaining key function roles;
  1. 3. In case any of the persons exercising the key function role resigns, the licensee is required to notify the MGA by not later than 3 working days after such resignation. Additionally, the licensee is obliged to inform the MGA about the appointment of the replacement by not later than 15 working days after such resignation.

Importantly, if no person is approved by the MGA to fulfil a key function either temporarily or otherwise, the responsibility for such key function is vested in the directors of the licensee.

Policy on the Eligibility and Ongoing Competency Criteria for Key Persons – October 2021

Apart from amending Directive 3 of 2018, the MGA also issued the Policy on the Eligibility and Ongoing Competency Criteria for Key Persons (hereinafter the “Policy”), which sets the eligibility and ongoing competency criteria which the MGA shall consider in terms of persons who apply for the issuance or renewal of a Key Function Certificate.

Fitness and Propriety Considerations

Key persons are obliged to be fit and proper in order to perform their respective key functions on an ongoing basis.

The main criteria, which the MGA considers, consist of the following:

  • Integrity, Honesty and Reputation;
  • Competence and Capability.

General Competency Criteria and Continuous Professional Development

Persons being key functions officials are obliged to be duly qualified in terms of academic qualifications as well as professional experience as may be applicable for their given roles.

With respect to the continuous professional development (hereinafter “CPD”), when applying for the renewal of the Key Function Certificate, key persons must demonstrate that they have attained a minimum number of CPD hours during each calendar year of the previous certification period, in order for such renewal to be approved.

Evidence of fulfillment of the applicable CPD requirements includes the certification or other proof of attendance.

The Policy provides an exhaustive list of methods applicable to the attainment of CPD requirements, as follows:

  1. Professional Educational Activities (courses, seminars, workshops);
  2. Presentations (vendor or system-specific presentations);
  3. Teaching / Lecturing / Presenting (development and delivery of presentations and courses relevant to key functions);
  4. Publication of Articles;
  5. Professional Examinations.

It must be noted that 1 CPD hour is earned for each hour of active participation for qualifying professional educational activities unless specified otherwise.

In addition, the table below further demonstrates the minimum experience and/or qualifications requirements as well as minimum annual CPD requirement for each key function role:

Key Role

Minimum Experience and/or Qualifications

Minimum Annual CPD Requirement

CEO

  • Minimum 3 years of working experience in a managerial role plus a related bachelor’s degree; or
  • a minimum of 5 years of working experience.

5 CPD Hours

Key Gaming Operations

  • Minimum 2 years of working experience in a managerial role plus a related bachelor’s degree; or
  • a minimum of 4 years of working experience; and
  • must be knowledgeable in risk management and fraud prevention procedures.

10 CPD Hours

Key Compliance

  • Minimum 2 years of working experience in a compliance-related role plus a related bachelor’s degree; or
  • a minimum of 4 years of working experience; and
  • must be knowledgeable in terms of obligations relating to responsible gaming, advertising and sports integrity where applicable.

10 CPD Hours

Key Legal

  • Minimum 2 years of working experience in the role of legal counsel and/or similar senior role plus a related bachelor’s degree in law;
  • must be knowledgeable in terms of legal affairs including those relating to contractual arrangements, litigation proceedings and dispute resolution.

10 CPD Hours

Key Data Protection

  • Minimum 2 years of working experience in the role of data protection lead or data protection officer plus a related diploma or certificate; or
  • 3 years of working experience

10 CPD Hours

Key AML & CFT

  • Minimum 2 years of working experience as a MLRO or similar senior and/or a related managerial role plus a related bachelor’s degree or ML specific qualification; or
  • 4 years of working experience as a MLRO or similar senior role.

10 CPD Hours

Key Technology

  • Minimum 2 years of working experience in a role related to IT plus a related bachelor’s degree; or
  • 4 years of working experience in an IT-related role;
  • must be knowledgeable in technical set-up, systems and infrastructure.

10 CPD Hours

Internal Audit

  • Minimum 2 years of working experience as internal auditor or similar role plus relevant certificate to perform a role of internal auditor; or
  • 4 years of working experience as internal auditor or similar role.

10 CPD Hours


Compatibility of Roles

For clarity purposes, MGA has also published the table below to clarify which roles are incompatible with each other.

Actions required and applicable timeframes

---

For any questions please contact gaming@whpartners.eu

The information above does not and is not intended to constitute legal advice and should not be relied on as such. For any specific matters kindly seek legal assistance.