EXPLAINER: New MGA iGAMING Key Functions Regulations

18 November 2021

On the 20th of October 2021, the Malta Gaming Authority (MGA) updated the Gaming Authorisations and Compliance Directive (Directive 3 of 2018) to fit in line with new policies for the Eligibility and Ongoing Competency Criteria for Key Persons.

What does this mean for the iGaming community? The changes can be summarized as follows:

Change in the number of Key Function (KF) roles for B2C and B2B licenses and their responsibility and eligibility requirements

The B2B key functions have been reduced from 9 to 7 and the B2C Key functions have been reduced from 15 to 8. Additionally, the job descriptions and key requirements for each role have been updated.

The updated Key Function roles are now as follows. Click on each role to view the updated detailed job description and key requirements.

B2B licenses

  1. CEO: The Chief Executive role
  2. COO: Operations & Finance management
  3. Head of Compliance
  4. Head of Legal
  5. DPO: Data Protection Officer
  6. CTO Technological affairs (including CISO responsibilities)
  7. Internal audit

In summary, for B2B licenses, the CTO (Chief Technical Officer) is now also taking on the responsibilities of the CISO (Chief Information Security Officer), and the COO (Chief Operations Officer) now also takes on financial commitment responsibility.

B2C licenses:

  1. CEO: The Chief Executive role
  2. COO: Operations & Finance management
  3. Head of Compliance
  4. Head of Legal
  5. DPO: Data Protection Officer
  6. MLRO
  7. CTO Technological affairs (including CISO responsibilities)
  8. Internal audit

The substantial reduction in B2C key function roles is due to the fact that previous interconnected roles have been amalgamated into roles with intertwined responsibilities.

The key changes in the eligibility requirements can be viewed in detail here

Apart from the changes in the number of key functions and requirements, the below updates are also worth highlighting:

Change in Sports Integrity – Before the MGA policy update, sports integrity suspicious betting reporting obligations only applied to B2C licenses. Such requirements will now also apply to B2B licenses (critical gaming suppliers) that also offer sports betting supplies.

Continuous Professional Development – In addition to key person’s requirement to have the required integrity, honesty, reputation, competence and capability, the MGA also introduced continuous professional development (“CPD”) requirements. Such CPD requirements consist of several hours of CPD which, as a minimum, a Key Person must fulfil. These include professional educational activities, presentations teaching, lecturing, and presenting, publication of articles and professional examinations.

Conflicting Roles – The MGA also published the Key Function roles that it considers to be incompatible. A compatibility table was published by the MGA in the Eligibility Policy’s Fourth Schedule, which is being reproduced hereunder:

Source: Malta Gaming Authority

How can we help? 

At AE we have been supporting our clients for more than two decades and we are here to continue assisting businesses in the iGaming community to smoothly navigate and implement the necessary changes that come with this development.

We can immediately provide key persons for the roles of compliance, legal, internal audit, and data privacy, who already meet the new MGA requirements, and together with our recruitment partner, Exacta Solutions, we can help you swiftly recruit the key persons you require, who will fulfil all updated prerequisites for the remaining roles.

We look forward to supporting you through this new chapter by providing you with 360-degree assistance to ensure the changes are made in a timely, efficient manner, with minimal disruption to business operations.

Get in touch today to see how we can help on info@ae.com.mt or +356 2095 8200.

Contact Us

Key Contacts

Georg Sapiano
gsapiano@ae.com.mt