Exceeding the standards set by the MGA

The repeal of existing legislation and enactment of the Malta Gaming Act in 2018 simplified the licensing process for operators and suppliers seeking a permit from one of the most established and respected regulators in the world. But with the Malta Gaming Authority (MGA) taking a risk-based approach towards regulation, the onus is on the operator and supplier to ensure they are meeting these new rules. And while the rules are clear, ensuring compliance remains a tough task for online gambling organisations, with so much at stake if they get it wrong.  Below, I talk through how businesses should approach compliance to ensure they are always playing by the regulator’s rules and maintain a framework of compliance and security.

Take the correct approach to compliance

The changes made to the Malta Gaming Act in 2018 means the regulator now takes a risk-based approach to licensing online gambling operators and suppliers, while providing the MGA with wider powers of enforcement.

The Gaming Act is supported by a number of complimentary regulations and directives, outlining what is required for both operators and suppliers, while also allowing the individual organisation to interpret those rules and how they should meet them. But operators and suppliers must understand that these requirements are the absolute minimum and that the MGA expects them to do more in their efforts to be compliant and responsible.

This means ensuring compliance not just at the moment the licence is issued, but ongoing as the market and the business continues to change and evolve. To do this effectively, compliance must come from the top down and be both the foundation and a pillar of the company’s culture. It is also important to educate and train staff at all levels of the organisation, from the board and executive management right down to customer support agents. This effective implementation often requires help from third-party experts.

Compliance from the top down

The board and the executive must have a clear and comprehensive understanding of compliance and what that means for the organisation. They must ensure that the necessary structures, systems and procedures are in place, and they must also be confident that requirements are being met at all times.

This applies to all companies in the sector, from global organisations to start-ups looking to enter the market. A compliance breach for any organisation is costly to both reputation and bank balance. This means that regular and accurate information on compliance activities is essential for proper stewardship and management of any company.

Compliance culture

Compliance should not be a box ticking exercise, it should be done properly and be at the heart of the organisation and its company culture. Team members at all levels should understand why compliance is necessary and how they can play their part in ensuring the organisation meets and exceeds its obligations. But creating this culture often requires assistance from third-party compliance experts who have an in-depth understanding and unrivalled experience in helping businesses play by the rules.

Use third-party experts

The greatest challenge with compliance is that it applies to most areas of the business, including know your customer, problem gambling, anti-money laundering, fraud and marketing. Individually, these are complex aspects of the business that have their own teams and experts.

Compliance is also a specialism so onboarding someone that can cover all aspects of the business is almost impossible. Another option is to build a compliance team but this can be cost prohibitive. Third-party compliance experts can work with organisations to help them put compliance at the core of the business and to create a compliance culture but at a reasonable cost.

They can also assist with creating documentation but more importantly can help conduct routine reviews of the activities being conducted within the business which can help prove to the MGA that it is monitoring compliance at all times against its regulatory obligations – the regulator undertakes an annual audit that must be passed.

Third-party compliance experts can also develop and deploy training programmes to educate team members at all levels about compliance, why it is important and what part they can play.

Education and training

Training is the only way to ensure that all staff understand what compliance is and why they are being asked to complete specific tasks in order to meet requirements prescribed within the new legislative framework.

This clear understanding allows team members at all levels to see how core aspects of the business are aligned to regulations and compliance, and how they are embedded in policies and procedures.

When it comes to training, there are three areas that need to be covered:

Board and executive level: it is important they understand the need to have oversight of compliance and any potential issues that might occur, as well as potential penalties and fines.

Operational: there is mandatory compliance such as AML and non-mandatory compliance such as customer support. Regardless, all staff should undergo regular compliance education and training.

Additional training can then be provided on an individual basis, depending on whether the area of the business they work in has mandatory or non-mandatory compliance.

Procedures and policies: this training should be provided to all staff as it explains how regulations are met and why certain processes and procedures are in place.

The delivery of training is also important. It needs to be engaging and interactive and not simply a formality, with staff being given a talk supported by basic documentation.

It should be fun and maybe even competitive with rewards and incentives offered for staff that excel in different areas of compliance. To provide an engaging training platform assists in embedding the compliance culture.

Malta is clear about what it expects from its licensees

The changes to the Malta Gaming Act have made it very clear what the regulator expects from its operator and supplier licensees, who in turn must prioritise compliance. To do this, they should follow the guidance set out above and consider using third-party compliance experts who can complement existing resources and often be a cost-effective way to bolster their compliance efforts on an ongoing basis.

This can be a positive and bold step for companies to take but can prove very effective to maintaining a long-term robust compliance programme; something the board, the company and the MGA will be looking for.  Compliance is a huge and challenging undertaking, and with the risk of getting compliance wrong so great, why wouldn’t they onboard expert guidance to make sure they not only meet requirements but exceed them.

James Lees, regulatory compliance officer, SMP eGaming

Lees joined SMP eGaming in 2018 as regulatory compliance officer and holds a first-class law with business degree from the University of Northumbria. Lees is currently studying towards a diploma in Legal Practice, and a master’s degree in Professional Legal Practice.

Matthew Robins, director, SMP eGaming

Robins joined SMP at the start of 2019 as egaming head of regulatory compliance prior to his promotion. He has 20+ years’ experience in compliance, audit and regulations, having worked for The Stars Group for a decade where he was director of compliance and MLRO and more recently at MuchBetter as chief compliance officer.