EXPLAINER: What has changed in the iGaming key function role requirements?

18 November 2021

The Malta Gaming Authority (MGA) recently updated the Gaming Authorisations and Compliance Directive (Directive 3 of 2018) to fit in line with new policies for the Eligibility and Ongoing Competency Criteria for Key Persons.

As part of this development, the eligibility requirements of the key function roles have been updated.

This article summarizes the key changes that have been made for each key function:

Chief Executive Officer (CEO)

The CEO requires a minimum of three years’ work experience in a managerial role and a related bachelor’s degree or higher, or a minimum of five years’ work experience in a managerial role.

Knowledge about the Operator’s business model, operations and organization infrastructure is also required for this role.

A CEO must also be well-informed of the Operator’s obligations in terms of general regulatory requirements.

Minimum Annual CPD Requirement: 5 CPD Hours.

Chief Operations Officer (COO)

The COO requires a minimum of two years’ work experience in a managerial role and a related bachelor’s degree or higher, or a minimum of four years’ work experience in a managerial role.

Knowledge about the Operator’s payment, risk management, and fraud prevention procedures is also required for this role.

A COO must also be well-informed of the Operator’s obligations in terms of general regulatory requirements.

Minimum Annual CPD Requirement: 10 CPD Hours.

Head of Compliance

The HOC requires a minimum of two years’ work experience in a compliance-related role and a related bachelor’s degree or higher, or a minimum of four years’ work experience in a compliance-related role.

The role also requires knowledge about the Operator’s responsibilities relating to the Gaming Act (Cap.583) and the binding instruments, included but not limited to responsibilities related to responsible gambling, advertising and sports integrity where applicable.

Furthermore, knowledge regarding the Operator’s business model, operations, systems, and procedures adopted by the Operator’s business model is also required.

Minimum Annual CPD Requirement: 10 CPD Hours.

Head of Legal

The Head of Legal requires a minimum of two years’ work experience in a legal counsel role and/or similar senior role and a related bachelor’s degree or higher.

Knowledge regarding the Gaming Act (Cap.583) and the binding instruments issued thereunder is required.

The Head of legal should also be well informed relating to legal affairs of the Operator, including contractual arrangements, litigation proceedings and dispute resolution.

Minimum Annual CPD Requirement: 10 CPD Hours.

Data Protection Officer (DPO)

The DPO must have a minimum of two years’ work experience in the role of data protection lead or data protection officer and a relevant diploma or certificate, or three years’ work experience in the role of data protection lead or data protection officer.

The DPO also requires knowledge regarding the General Data Protection Regulation (Regulation (EU) 2016/679) and the relevant local data protection legislation, as well as any guidance documents relating to data protection issued by the Office of the Information and Data Protection Commissioner and/or the Authority.

The DPO must also be knowledgeable of the Operator’s policies and procedures relating to data protection.

Minimum Annual CPD Requirement: 10 CPD Hours.

Money Laundering Reporting Officer (MLRO)

The MLRO must have a minimum of two years’ work experience as a money laundering reporting officer or a similar senior and/or related managerial role and is required to possess a related bachelor’s degree or money laundering specific qualification or have four years’ work experience as a money laundering reporting officer or similar senior and/or related managerial role.

Knowledge regarding rules concerning AML/CFT in terms of the Gaming Act (Cap. 583) and the binding instruments issued thereunder, and any other applicable binding instrument relating to AML/CFT is also required.

MLRO should be knowledgeable in terms of the AML/CFT procedures of the Operator.

Minimum Annual CPD Requirement: 10 CPD Hours.

Chief Technical Officer (CTO) – Including CISO responsibilities

The CTO must have a minimum of two years’ work experience in an IT related role together with a related bachelor’s degree or higher, or four years’ work in an IT-connected role.

Knowledge regarding the Operator’s technical set-up, systems, and infrastructure is also required.

Minimum Annual CPD Requirement: 10 CPD Hours.

Internal Audit

Internal Auditors require a minimum of two years’ work experience as an internal auditor or related role and must have the relevant certificate for this role, or the candidate must have four years’ work experience as an Internal Auditor or in a related role.

The role requires the person to be well-informed on the auditing requirements relevant to the Operator.

Minimum Annual CPD Requirement: 10 CPD Hours.

For general requirements pertaining to all roles please visit the MGA’s ‘Policy on the Eligibility and Ongoing Competency Criteria for Key Persons’.

 

How can we help?

At AE we have been supporting our clients for more than two decades and we are here to continue assisting businesses in the iGaming community to smoothly navigate and implement the necessary changes that come with this development.

We can immediately provide key persons for the roles of compliance, legal, internal audit, and data privacy, who already meet the new MGA requirements, and together with our recruitment partner, Exacta Solutions, we can help you swiftly recruit the key persons you require, who will fulfil all updated prerequisites for the remaining roles.

We look forward to supporting you through this new chapter by providing you with 360-degree assistance to ensure the changes are made in a timely, efficient manner, with minimal disruption to business operations.

Get in touch today to see how we can help on info@ae.com.mt or +356 2095 8200.

Contact Us

Key Contacts

Georg Sapiano
gsapiano@ae.com.mt