Following the expiry of the latest Compliance and Systems Audits Service Provider Framework on 14th September 2017, the Malta Gaming Authority (MGA) has now declared that it intends to move towards a process whereby Service Providers interested in performing Compliance and/or Systems Audits may apply to the MGA for their suitability to be assessed and approved. Operators licensed by the MGA will then be able to engage any approved Service Provider of their choice, on free commercial terms.
This new regime is intended to engage qualified persons or companies to carry out the following services required by the MGA:
- Systems Audit, which is carried out as part of the MGA licensee onboarding process or when deemed necessary by the MGA;
- Compliance Audit of licensed operators, which is carried out throughout the licensed period as required by the MGA.
In order to safeguard and maintain quality of service, it is the MGA’s intention to approve Service Providers that can provide the following information and meet these criteria:
- Demonstrate capability of understanding and meeting the needs of the MGA;
- Provide a general description of operations including any experience in the gaming industry;
- Describe approach/methodology the Service Provider proposes to adopt in carrying out the reviews;
- Provide an assessment of conflict of interest.
They also need to provide the professional capabilities of each member of the team (IT Audit and Financial qualifications) as well as a detailed CV of each applicant.
It is not possible to sub-contract any part of the services being requested as part of this new regime.
The MGA will review Compliance and/or Systems Audit reports on a regular basis to ensure that the service provided meets the quality standards required by the Authority. In addition, the MGA shall be conducting quarterly quality reviews on all Service Providers through its Quality Assurance team. These reviews will include an overall assessment of the performance of Service Providers, together with the requirement to submit documentation and evidence collected while conducting the reviews.
The MGA reserves the right to have the appropriate mechanism to remove or suspend any Service Provider from the approved list in case of unsatisfactory performance.
Upon commencement of the new regime, the MGA shall offer the approved Service Providers access to the online Licensee Relationship Management System, and provide required training where necessary, to be able to submit audit reports and comply with the requirements of the system. This reporting mechanism shall be mandatory.
Prior to any Audit, the approved Service Providers need to submit to the MGA a letter declaring that they are free from any conflicts with the licensees or prospective applicants. Following completion, the approved Service Provider is required to provide the MGA with the following when submitting their report:
- Duly completed checklist for the Compliance or Systems Audit, whichever is applicable;
- A red flag report, including but not limited to, the summary of key findings and a detailed description of each of the findings, in addition to the implications of such findings, if any, remedial action that needs be taken by the licence holder and/or action to be taken by the MGA;
- Upon request from the MGA, any evidence to sustain the findings;
- Any other documentation which may be requested by the MGA.
The MGA intends to apply the new regime as of 2nd April 2018, and is thus allowing a sufficient transitory period for all involved. Proposals from interested Service Providers will be accepted as from 1st January 2018 using the appropriate application forms to be published in due course. The approval will be valid for two (2) years, following which, the MGA will decide whether to extend, review or remove this new regime.
Disclaimer: This article is not intended to impart advice and readers are asked to seek verification of statements made before acting on them.