EXPLAINER: New MGA iGAMING Key Functions Regulations

EXPLAINER: New MGA iGAMING Key Functions Regulations

18 November 2021

On the 20^th of October 2021, the Malta Gaming Authority (MGA) updated the Gaming Authorisations and Compliance Directive (Directive 3 of 2018) to fit in line with new policies for the Eligibility and Ongoing Competency Criteria for Key Persons.

What does this mean for the iGaming community? The changes can be summarized as follows:

Change in the number of Key Function (KF) roles for B2C and B2B licenses and their responsibility and eligibility requirements

The B2B key functions have been reduced from 9 to 7 and the B2C Key functions have been reduced from 15 to 8. Additionally, the job descriptions and key requirements for each role have been updated.

The updated Key Function roles are now as follows. Click on each role to view the updated detailed job description and key requirements.

B2B licenses

1. CEO: The Chief Executive role
2. COO: Operations & Finance management
3. Head of Compliance
4. Head of Legal
5. DPO: Data Protection Officer
6. CTO Technological affairs (including CISO responsibilities)
7. Internal audit

In summary, for B2B licenses, the CTO (Chief Technical Officer) is now also taking on the responsibilities of the CISO (Chief Information Security Officer), and the COO (Chief Operations Officer) now also takes on financial commitment responsibility.

B2C licenses:

1. CEO: The Chief Executive role
2. COO: Operations & Finance management
3. Head of Compliance
4. Head of Legal
5. DPO: Data Protection Officer
6. MLRO
7. CTO Technological affairs (including CISO responsibilities)
8. Internal audit

The substantial reduction in B2C key function roles is due to the fact that previous interconnected roles have been amalgamated into roles with intertwined responsibilities.

The key changes in the eligibility requirements can be viewed in detail here

Apart from the changes in the number of key functions and requirements, the below updates are also worth highlighting:

Change in Sports Integrity – Before the MGA policy update, sports integrity suspicious betting reporting obligations only applied to B2C licenses. Such requirements will now also apply to B2B licenses (critical gaming suppliers) that also offer sports betting supplies.

Continuous Professional Development – In addition to key person’s requirement to have the required integrity, honesty, reputation, competence and capability, the MGA also introduced continuous professional development (“CPD”) requirements. Such CPD requirements consist of several hours of CPD which, as a minimum, a Key Person must fulfil. These include professional educational activities, presentations teaching, lecturing, and presenting, publication of articles and professional examinations.

Conflicting Roles – The MGA also published the Key Function roles that it considers to be incompatible. A compatibility table was published by the MGA in the Eligibility Policy’s Fourth Schedule, which is being reproduced hereunder: