Malta Remote Gaming Company

Malta Company Formation Packages

€250 – Malta Company Formation

*** Click Here for a Full Written Quotation ***

We specialize in Malta Company Formation. We help you with Malta company formation, company set up and incorporation, management services, bank account opening and taxation in order to obtain Malta Company Tax Advantages.

Malta provides unique advantages and constructive use of Malta state incentives can give you significant benefits. Tax, residency, safety and lifestyle advantages.

We are leading Company Formation professionals who are part of the FBS Kotsomitis Global Network. We will be your Partner in Malta for ALL your Malta Company Formation Needs.

Malta Remote Gaming Company Overview

Malta has proven itself as a well-established, efficient and reputable i-gaming centre and has asserted its role as a front-runner to the i-gaming industry by becoming the first E.U. member state to regulate remote gaming. The flexibility and thoroughness of the  Remote Gaming Regulations (L.N 176 of 2004) combined with an attractive fiscal treatment applicable to Maltese license holders means that to date, there are over 350 licensed gaming companies currently operating in Malta, including some of the most prestigious names in the industry.
Some of the above mentioned major betting companies have located their business in Malta, with some operators opening fully-fledged support and call centres employing hundreds of employees.  This translates to a skilled, specialized workforce, excellent infrastructure and competing collocation companies and has been conducive in attracting some of the top names in the business.

The management of remote gaming in and from Malta is a licensable activity.  However, by virtue of Legal Notice 90 of 2011, it is possible for any person who is licensed by any Authority or authorization issued by the government or competent authority of an EEA member State, or any other jurisdiction approved by the Authority to manage remote gaming in and from Malta.

Our in-house gaming unit has a proven track-record in advising and assisting clients in all aspects of remote gaming, from application for a license to post-licensing compliance.  We pride ourselves in providing a one-stop shop solution, bespoke to clients’ needs, in the most timely and efficient manner.

Contact one of our officers to initiate the licensing process for a registered Maltese remote gaming company and start reaping the full benefits of an onshore, low-tax, reputable, EU jurisdiction. Simply fill in the contact box below or contact us by email on enquiries@fbsmalta.com or by calling at +356 2338 1500

We are committed to providing you with a swift solution best suited to your needs.

Malta Remote Gaming Licence

With respect to remote gaming, a specific regime has been established by means of the Remote Gaming Regulations, 2004.  There are four (4) types of gaming licences, and the applicable class will depend on the type of gaming activity that the prospective licensee will purport to carry out.  The classes may be summarised as follows:

• Class 1: Operators who partake in gaming risk on games based on repetitive events (Random Number Generators) e.g. Casino / Lotteries / Slots / Arcade Games / Bingo;
• Class 2: Operators who partake in gaming risk on markets based on singular events (betting) e.g. Sports Betting;
• Class 3: Operators who promote games and in return get a commission in a P2P transaction.  Typically includes multiplayer games and betting exchanges such as Poker rooms, Poker tournaments etc;
• Class 4: Operators who run a software platform to host the service of any of the above classes.  Such operators are not involved in player management functions.  They merely provide a host platform from which other licensees can operate.

Application Process for the Attainment of a Gaming Licence

First Stage – Pre-application stage

It is strongly advisable that the client and/or their representatives, set up a preliminary meeting with the Lotteries and Gaming Authority Malta, “LGA” and discuss the proposed project.

Secondary Stage – Application Process

Following this meeting, the applicant shall be asked to submit the following documents to the LGA for the Authority’s perusal:

1. Fit and Proper Test

The Lotteries and Gaming Authority shall carry out an evaluation of the candidate, and an assessment as to whether the applicant is a “fit and proper” person to carry out a remote gaming operation.  The candidate’s expertise, experience, financial standing shall all be evaluated and ensure that the principles of player protection and the reputation of Malta, shall be adequately safeguarded by the applicant.

Filing of a Personal Declaration Form for every proposed director in the remote gaming  company, as well as for every person with 5% or more interest (shareholding and/or voting rights) in the remote gaming company.

If one or more parties are another business entity, ownership and incorporation details need to be submitted.  The application forms must be accompanied by the following documents:

• A true copy of the birth certificate;
• A true copy of the passport;
• Passport size photo;
• A conduct certificate;
• Statement of Affairs;
• Credit and Financial references;
• Bookmaker licences if issued in another country;
• A document issued by a legal entity stating that all documentation submitted is a true copy of the original.

Furthermore, an applicant shall only be licensed and continue to be licensed, if they can satisfy the minimum criteria of local presence, these being:

• The licence holder being a Maltese corporate entity, typically a limited liability company;
• The licence holder must have at least one resident director, called a key official, who acts as point of liaison between the LGA and the licence holder;
• The player database must be physically located in Malta;
• The game servers must be physically located in Malta.

Our specialised remote gaming unit, can advise and assist you in the preparation of these documents and liaise with the LGA on your behalf.  Contact us to get a fee quote to start the licensing process.

2. Business Planning

Furthermore, the applicant must submit a proposed business plan of the gaming operation, which must contain:

• The objectives of the operation;
• The proposed company structure including business functions and human resources to be employed (Risk managers, odds compilers, financial officers etc;)
• The nature of games to be offered (e.g. betting, pool betting, casino etc;)
• The technologies used to conduct remote gaming (Internet, fax, mobile etc;)
• An overview of the application software to be used as gaming and control systems;
• A three-year business plan including:
  • Marketing and sales plan;
  • Forecast balance sheet;
  • A financial plan showing sources of finance, distinguishing between shareholder funds and other funds.

3. Operational and Statutory Requirements

Following the pre-approval stage, the applicant shall be required to submit a number of detailed memoranda outlining  all-encompassing details of the business and technical features of the remote gaming operation.

Documentation to be submitted at this stage:

• A Maltese Company registration certificate;

• Memorandum and Articles of Association of the Maltese Company;

• Business Entity Information Form;

• Information Security Policy;

• Incident Response & Asset Removal Policy;

• User Management Policy;

• Human Resources Roles & Responsibilities;

• System Access Control Procedures;

• Financial Accounting Procedures;

• Business Continuity and Disaster Recovery Plan;

• Data Backup Procedures;

• Change Management Procedures;

• Fraud Management Procedures;

• Application Architecture;

• System Architecture;

• Network Infrastructure;

• Details of the Random number generator( if required);

• Name of the owner of the software;

• Name of the organisation that did the testing;

• Online text / content;

• Contracts with Business Partners

This stage is the most voluminous part of the licensing procedure and the memoranda must be all-encompassing, and allow the LGA to appraise the business and technical setup of the applicant.  Our specialised remote gaming unit, can advise and assist you in the preparation of these memoranda.

For a better understanding of the information to be included in each memorandum, please view Operational and Statutory Requirements Documents

4. System Audit

Following the submission of the aforesaid documents, the LGA shall put forward any recommendations and any enhancements to the business model of the applicant.

Thereinafter the applicant shall request the applicant to submit to a technical and system audit before going live.  A compliance audit firm shall be engaged to assess the integrity of the applicant’s business by means of a thorough assessment of the applicant’s live feed data.  The compliance audit shall include, but not be limited to an assessment of:

• The Service Provider Authorisation Form, including the equipment hosting provider in Malta outlining clearly the functions and responsibilities to be carried out by such provider.  A site plan of the data floor indicating the location of the equipment must be attached to the agreement.  Serial numbers for all equipments installed are to be attached;
• The Control System –  Sample reports and tests shall be made from the live system will be requested to show how the management of the betting system is conducted;
• The information management in the operations.  Recommendations may be made to improve security of the players’ data;
• The backup and disaster recovery procedures.  Change management procedures will also be reviewed;
• The online website via a test account to verify that the site operates in accordance with the Regulations and with the operator’s declared procedures (including notifying changes).  The Player Protection measures required by the LGA will be confirmed;
• Bank account balances.  A comparison shall be made with online player account balances to ensure that the liabilities are sufficiently covered;
• Routine data submitted on a monthly basis to LGA. Any anomalies will be investigated with the operator to ensure that correct data is available to LGA and rules relating to test data are observed.  Spot checks on odd, payout ratios and randomness as applicable may be made;
• Any agents acting for the operator will be scrutinised for probity.  Copies of all relevant agreements and national licences will be required by LGA for review and filing.
• Staff lists and duties will be checked against the records held at LGA.

Focus Business Services will be glad to assist you in the full processing of the application from the preliminary to the attainment of the licence and advise on any ancillary issue related to gaming thereafter. Contact us to get a fee quote to start the licensing process.

Application fees

The submission of an application form is subject to a non-refundable fee of  €2,330 payable to the Lotteries and Gaming Authority

Licence Fees

Upon receipt of notice that the class or classes of licences applied for will be granted for a period of five (5) years, renewable for further periods of five (5) years. A licence fee for any class of Remote Gaming shall be charged by the LGA for €8,500 per annum, per licence.

Renewal Fees

Upon application for the renewal of a licence, a renewal fee for any remote gaming licence shall be charged at  €1500.

Taxation

All licensed gaming companies are subject to taxation on two levels:

• Corporate Taxation
• Gaming Taxation

Corporate Tax

The remote gaming company shall be subject to income tax on company profits at a rate of thirty-five percent (35%). However, this is subject to Malta’s full imputation tax system, wherein tax paid by a company in Malta is, on the distribution of a final dividends, imputed to the shareholder as a tax credit against the shareholders’ tax liability. Therefore, a shareholder will, upon a distribution of the dividend, be entitled to a refund in part or in full of any advance tax levied on the distributing company. The default tax credit for remote gaming companies, is a 6/7ths refund on active trading income, thereby the effective tax leakage can be lowered to just five percent (5%), and possibly even less.

For a more comprehensive understanding on the tax treatment of Maltese companies, and a working illustration of the tax refunds, please click here

Gaming Tax

A licensed company shall pay to the LGA on behalf of the Government of Malta, the following rate of taxation:

• Class 1- €4660 per month (first 6 months) and €7000 per Month thereinafter;
  Operating on a Class 4 Licence €1200 per month
• Class 2 – 0.5% on gross amount of stakes accepted;
• Class 3 – 5% of Net Income (revenue from rake less bonus, commissions and e-commerce fees);
• Class 4 – The gaming tax payable by a hosting platform is nil for the first six (6) months of operation, €2,330 per month for the subsequent six (6) months (month 7 to month 12) and €4,660 per subsequent month (month 13 onwards) for the entire duration of the licence.

The maximum gaming tax payable annually by one licensee in respect of any one licence is €466,000.

VAT Treatment of Maltese Gaming Companies

Presently, all Maltese-licensed gaming companies are exempt with credit on supplies.  Maltese licensed companies receiving a service shall suffer VAT on these supplies, insofar as these services are outside the blanket exemption from VAT under Item 9 of Part Two of the Fifth Schedule of the VAT Act, Chapter 406 of the Laws of Malta, which provides an exemption from VAT on, “Government lotto and lotteries, the supply of agency services related thereto, and such other supplies related to gambling as may be approved by the Minister.”

The reverse charge mechanism is applicable solely to the Supplier of the service, but not to the Maltese Company.  Effectively, this means that any service which is received by a Maltese gaming company, which is outside the scope of the aforesaid Item 9 of Part Two of the Fifth Schedule of the VAT Act shall not be recoverable by the Maltese gaming company.

However, it is possible, through careful tax planning and the exercise of the shared conduct agreement, to mitigate the possible far-reaching consequences of such VAT treatment, through the adoption of a shared conduct agreement.

Services

Our specialised Gaming Unit can assist you in all aspects of Remote Gaming, including but not limited to the following services:

• Licensing requirements, application processing and liaison for any Gaming applications with the LGA;
• Company Incorporation;
• Thorough and Effective Tax Planning, tax advisory and tax compliance services to minimise taxation;
• Key Official, Directorships and Company Secretarial Services;
• Accountancy services, including preparation of management accounts, statutory financial statements and VAT compliance payroll services for employees;
• Office support services;
• IT Contract Drafting;
• Copyright and Trademark Protection;
• Electronic Commerce Contract Drafting;
• Web-design, search engine optimisation and affiliate management solutions through our specialised in-house ICT team.

Contact one of our officers to initiate the licensing process for a Maltese registered gaming company and start reaping the full benefits of an onshore, low-tax, reputable, EU jurisdiction. Simply fill in the contact box below or contact us by email on enquiries@fbsmalta.com or by calling at +356 2338 1500

We are committed to providing you with a swift solution best suited to your needs.

Malta Key Official

Within twenty-one (21) days from the issuance of the Letter of Intent, the applicant must appoint at least one Key Official.  The Key Official must be:

• A physical person;
• Residing in Malta;  and
• Hold the office of director in the Maltese Company

The Key Official must personally supervise the operations of the licence holder and ensure compliance with all applicable laws and regulations.   As director of the company, the Key Official is bound by the general precepts set forth in Article 136A of the Companies Act: to act honestly and in good faith in the best interest of the company.  Consequently, the Key Official must seek to obtain the most advantageous return to the Company, and in so doing must adhere to statutory precepts such as professional secrecy, compliance with corporate, fiscal and special laws and by any restrictions, including but not limited to any reserved matters, which may be specified in the memorandum and articles of association of the gaming company.  Where the Key Official wishes to hold office in more than one remote gaming company, the Authority may request that the written consent of all remote gaming companies involve, to ensure that the key official does not have any competing interest.

The Key Official acts as the main contact point between the licence holder and the Lotteries and Gaming Authority.  Therefore, he/she has to adopt a “hands-on” approach and furnish the Authority with any information which may be requested by the Authority in furtherance to the business of the licence holder.  Furthermore, the Key Official is requested to:

• Report any suspicious transactions to the Authority or local authorities;
• Remit the gaming tax to the Authority without delay (payable within the 20th day of the next month after which the gaming tax is due);
• Promptly inform the Authority of the appointment or termination of any person employed by the remote gaming company;
• Promptly inform the LGA of any incident which impedes, hinders or obstructs the gaming operation e.g. any failure in the hardware, downtime, whether scheduled or unscheduled by means of the filing of a incident report to the LGA;
• Timely submit other statutory filings to the LGA, including but not limited to semester management accounts and the audited financial statements.

The Key Official must be approved by the Authority and he/she cannot be divested from this role without the prior written approval of the Authority.  Therefore key officials seeking to resign from their post or any shareholders wishing to remove the key official must seek the prior written consent of the Authority. At least one key official must be retained by the licence-holder at all times.

As part of our policy to provide a one-stop shop, Focus Business Services can provide the role of Key Official to gaming applicants.  Our team of lawyers and accoutants can assure licence-holders comply with the gaming and statutory requirements inherent in the role of key official, irrespective of whether the licence holder is a start-up operation or long-established.

Contact one of our officers for advice and assistance regarding any aspects of remote gaming and the appointment of a key official. Simply fill in the contact box below or contact us by email on enquiries@fbsmalta.com or by calling at +356 2338 1500

We are committed to providing you with a swift solution best suited to your needs.

Malta Remote Gaming Company Shared Conduct Agreement

Gaming operators are increasingly finding it more beneficial to enter into a remote gaming shared conduct of business agreement with other parties to provide ancillary services to gaming.  The parties undertake to conduct their business together by becoming responsible for specific activities in the provision of gaming services.  This shared conduct agreement which takes the form of a contractual joint venture, may be of particular benefit to the licensed remote gaming company, not only because it allows for a more specialised approach in the presentation of a well-refined gaming product, but also because of the positive Value Added Tax (VAT) implications on the provision of certain key services such as marketing and advertising.

Currently, only gaming services covered by Item 9 of Part Two of the Fifth Schedule of the VAT Act are exempt from VAT; “Government lotto and lotteries, the supply of agency services related thereto, and such other supplies related to gambling as may be approved by the Minister“.

There is no definition of what “supplies” fall under the aforesaid exemption.  This has normally been interpreted restrictively to supplies which are intrinsic to the gaming transactions.  The Lotteries and Gaming Authority Malta (“LGA”) has issued an indicative list of services, which may be deemed to constitute supplies intrinsic to the gaming transaction, and which thereby would, be exempt from VAT.

However, any service which is received by a Maltese gaming company, which is outside the scope of the aforesaid Item 9 of Part Two of the Fifth Schedule of the VAT Act shall not be recoverable by the Maltese gaming company.  The reverse charge mechanism would be applicable solely to the supplier of the service, but not to the Maltese Company.

Services which are deemed to be outside the scope of the aforesaid definition, include but are not limited to marketing and advertising, hosting, consultancy fees, training etc; services which often constitute a considerable expense to the remote gaming company.

The shared conduct agreement allows the Maltese Company to form strategic alliances with a partner, located in VAT-friendly or VAT-neutral jurisdictions and share a common ground in the provision of specifically-defined gaming services.  Prospective applicants must apply for the approval of the LGA to the proposed share conduct.

The Authority shall then review the documentation submitted by the licensee, conduct probity tests on the proposed party to the Authority and notify the licensee with its approval or otherwise. The Authority may request any amendments to the Proposed Agreement which it considers necessary.

If the Authority approves the proposed agreement, or if the Authority has requested any amendments to the Proposed Agreement and the draft amendments proposed by the parties are to the Authority’s satisfaction, the parties to the shared conduct may execute the approved agreement. The parties must submit a certified true copy of the final Agreement to the Authority within twenty (20) days of execution.

General Conditions to the Shared Conduct Agreement

No direct or indirect agreements which render any or all provisions of the approved Agreement inoperative or which have the effect of amending said Agreement may be entered into by the Parties. Any such agreements would be void and of no effect.  The parties to the joint venture must be equal partners pursuing the same economic goal for a split of the profit, in pre-agreed portions.

For a shared conduct agreement to be approved by the Authority, it is imperative that the licensee retains all gaming responsibilities. The third party involved may not conduct any form of gaming on behalf of the licensee, but may only be responsible for non-gaming activities.  The non-gaming activities can include activities which fall outside the scope of the aforesaid exemption.  The licensee shall remain responsible for adherence to any applicable legislation, regulations and directives issued by the Authority.

The licensee must submit the statements of account for the activities conducted under the shared conduct agreement to the Authority within 180 days from the end of its financial year. These must clearly and separately indicate the total revenue, the revenue-share entitlement, the total costs made and the cost-share commitment.

Advantages

The Shared Conduct has the advantage of minimising the VAT repercussions for the Maltese licensed company.  This has obvious tax advantages for all companies which enter into profit-sharing arrangements with the Maltese licensed company.  As profit-sharing is calculated as a percentage of the net revenue, a lower VAT rate translates itself to a greater pool of distributable revenue for profit-sharing.

Furthermore, this allows an easier distribution between the profit-sharing companies as no contingency has to be made by the Maltese licensed company for the VAT on certain supplies.

Our specialised gaming unit can assist you in all aspects of the shared conduct by providing bespoke tax advice and through the drafting of the shared conduct agreement.  Contact us for bespoke VAT advice or send us an email on enquiries@fbsmalta.com

Malta Remote Gaming Licence Documents – Operational and Statutory Requirements

As part of the business and technical assessment, the applicant for a Malta remote gaming licence shall be asked to submit the following operational and statutory requirements documentation:

For quick navigation click on the links below

A Maltese Company Registration Certificate;

Memorandum and Articles of Association of the Maltese Company;

Business Entity Information Form;

Information Security Policy;

Incident Response & Asset Removal Policy;

User Management Policy;

Human Resources Roles & Responsibilities;

System Access Control Procedures;

Financial Accounting Procedures;

Business Continuity and Disaster Recovery Plan;

Data Backup Procedures;

Change Management Procedures;

Fraud Management Procedures;

Application Architecture;

System Architecture;

Network Infrastructure;

Details of the Random number generator (if required);

Name of the owner of the software;

Name of the organisation that did the testing;

Online text / content;

Contracts with Business Partners

Top

Maltese Company Registration Certificate

Upon incorporation, the Maltese Registrar of Companies shall, after ascertaining compliance with the statutory provisions of the Maltese Companies Act, issue a certificate of registration, as evidence of the company’s corporate existence.

Top

Memorandum and Articles of Association of the Maltese Company

The applicant must satisfy minimum criteria of local presence, one of which is that the licence holder must be a Maltese registered corporate entity, the most common form being a private limited liability company. However, the Lotteries and Gaming Authority (“LGA”) have extended the possibility of the licence holder being another form of corporate entity, such as a limited partnership.

Irrespective, of the designated form, the LGA shall require the applicant to submit a certified copy or original of the constitutive statutes of the corporate entity. If the licence holder is a Maltese limited liability company, a copy of the Memorandum and Articles of Association shall be required. In the case of a limited partnership, a copy of the partnership deed shall suffice.

Top

Business Entity Information Form

The applicant shall also need to fill in a purposely prepared form. The Business Entity form shall contain details relating to the registered office and operating address in Malta, websites, details of credit institution entrusting to the safekeeping of players’ monies, player account number, financial year end etc;

The credit institution holding players’ monies may be located in and outside Malta, and must issue a written declaration attesting that:-

(i) It will not attempt to enforce or execute, any charge, write-off, set-off or other claim against the afore-mentioned Clients’ Accounts;

(ii) It will not combine the Clients’ Accounts with any other account in respect of any debt owed to it by the licensee;

(iii) It shall credit any interest payable on the above indicated Clients accounts only to that account/s;

(iv) It shall disclose any information with regard to the Clients’ Accounts as may be requested by the Lotteries and Gaming Authority.

Top

Information Security Policy

The Information security policy must contain a comprehensive and all-encompassing description of the means, technical and human resources that shall be implemented by the applicant for the better protection of the confidentiality, integrity and availability of all of the business information to safeguard the company’s assets, customers, staff and reputation.

By technical provisions, the applicant should emphasise the use of firewalls that shall be used to protect sensitive player database, payment security measures e.g. the use of 3-D secure credit card validation when the client is management payments /withdrawals , the use of an encryption when player is entering password, password validation processes etc;

From the human resources aspect, it is important to ensure that the applicant operates through a system of authorisations and “need-to-know” basis. Sensitive information, regarding players’ details and credit card validity shall only be accessible by senior management, e.g. key official, chief financial officer etc;

The applicant should also secure a change of password policy on a periodical basis, and ensure that effective technical counter-measures are implemented when an employee / consultant leaves the applicant (immediate closures of accesses) etc;

Top

Incident Response & Asset Removal Policy

The essential elements here are classification of the incident or problem, diagnosis, escalation and trouble-shooting of the problem.

If the incident is such that it hinders the operations of the applicant, causes downtime or worse still if the incident is critical, and causes loss of data, what is the escalation path, from diagnosis to solution?

The applicant must devise a policy which encompasses a wholistic approach to cater for all incidents, by training staff to detect incident and establishing a rapid and effective escalation path to take all measures as are necessary to (i) contain the incident; (ii) diagnose problem; and (iii) find solution.

This calls for a classification of the incident response e.g. whether it is software related or hardware related, and a classification of how serious the incident is. Segregation measures may be undertaken, to ensure that the incident does not spill-over to other key areas, which may hinder operability and/or cause downtime.

The Key official must be informed at the earliest, and he must, inform the LGA by means of a specific incident report form.

If the incident cannot be solved remotely or by debugging software, but is caused by a failure to one of the hardware components, which may only be rectified by substituting the hardware component, the policy should include a description of the escalation path necessary to implement changes, how fast these changes can be implemented, the procedure to inform the LGA with no undue delay and whether the changes were made policy by having on-site spares, as well as keeping an inventory on such on-site spares.

Top

User Management Policy

This document shall delineate the necessary procedures for the implementation of all integrity checks of the company’s operational information systems, to minimise any risk to the company’s assets and reputation or to its customers’ personal and financial data resulting from unauthorised access to or modification of those systems.

The objectives of the policy are therefore to ensure that only selected users have access to the information as necessary for their legitimate business. The objectives are therefore in a way similar to the aforesaid Information Security Policy, but the accent is strongly on privileges and accesses afforded to the human resources within the Company. The privileges of each employee must be clearly delineated, to ensure that all information is compartmentalised. No employee should have access to information which is extraneous to his work description, and access should be given on a strict “need-to-know” basis.

The policy should also cover a policy for consultants and affiliates.

Top

Human Resources Roles & Responsibilities

The applicant shall need to illustrate the organisational structure of the remote gaming company. It is highly advisable that an organisational chart delineating the hierarchy of the Company, is provided, specifying the role, responsibilities and duties of each employee.

The Key official must be a director of the Company, and in order to fulfill his reporting duties to the LGA and comply with statutory obligations, have a pivotal role with full access to the policies and financials. The key official must be in a position to extract information directly and without hindrance, and all employees should, if necessary, provide him with the necessary information.

The human resources roles and responsibilities are dependant on the operator’s structure; however, typically, the document should contain a descriptive overview of the following roles:

(i) Financial Comptroller;
(ii) Accounting Staff;
(iii) Head Chat Manager;
(iv) Chat Moderator;
(v) Customer Moderator; etc;

Top

System Access Control Procedures

This memo should be seen as drawing-closely and being complementary to the User Management Policy. Whereas, the User Management Policy should describe the policy relating to user management, accesses and privileges, the System Access Control Procedures should show how in practice, these procedures are implemented.

A detailed account of the staff password policies – frequency of changes to password / password strength / lost password policies, should be included, specifying who can implement such technical measures.

Furthermore, this memorandum should outline the technical measures that need to be implemented whenever an employee ceases employment, thereby ensuring that access is terminated immediately, and cannot be reactivated by the employee. A similar policy should be implemented with regard to consultants and whenever tasks are outsourced to third parties, if any.

A flow chart explaining the privileges and accesses, as well as the technical measures in place between each department is strongly commendable.

Top

Financial Accounting Procedures

Transparency is a key issue for remote gaming companies licensed by the LGA. Apart from filing audited financial statements after the end of year of assessment, all remote gaming companies must file management accounts on a semester basis to the LGA.

Furthermore, the LGA shall approve the place, other than the licensee’s registered office where the applicant keeps the remote gaming records. These records and accounts must show a true and fair view of the financial position and state of affairs of the licensee. These accounts must be prepared in accordance with international financial reporting standards (IFRS).

The audited accounts of a corporation form the basis of the tax computation but certain statutory adjustments may be carried out. Compliance with International Accounting Standards (IASs) has been mandatory for all Maltese companies since 1995 for annual accounts and consolidated accounts, and have implemented the IAS Regulation of June 2002. Accounting standards relating to the presentation, content and publication of annual accounts, annual reports and consolidated accounts with respect to companies with limited liability have fully transposed the Fourth and Seventh Company Law Directives.

Furthermore, the Maltese Companies Act governs the content and form of individual accounts and of consolidated accounts respectively. According to both articles, accounts shall be drawn up clearly and in accordance with the provisions of the Act and with generally accepted accounting principles and practice. Compliance with “generally accepted accounting principles and practice” is defined in Article 2 (4) of the Companies Act as adherence to International Accounting Standards as may be issued from time to time by the International Accounting Standards Board, or any other body succeeding it by whatever name it may be known, and to any accounting standards as may be made applicable from time to time in terms of the Accountancy Profession Act.

In the event that a provision of the Act is in conflict or is not compatible with generally accepted accounting principles and practice, the accounts are required to be drawn up so as to give a true and fair view of the assets, liabilities, financial position and profit or loss of the company (or companies in the case of consolidated accounts).

Audited sets of financial statements must be presented to the LGA, within sixty (60) days from the end of its financial year and the licensee shall, within thirty (30) days from the end of the half yearly period, lodge interim financial statements showing the licence holder’s results and signed by the key official.

The LGA may require any additional financial information in the format specified by the LGA. Furthermore, the LGA may, at its own discretion, conduct an investigation if it has reason to believe that the Licensee or key official is not conforming to the Act.

The applicant must therefore show that is it implementing the aforesaid policies to give a true and fair view of its financials and the procedure into force to ensure that this is always an accurate assessment of the company’s financial situation e.g. the four-eye principal approach (accounts vetted by financial comptroller and Key official (who must have access to the financials).

The name of the accountants / auditors may also be specified in the memo.

Top

Business Continuity and Disaster Recovery Plan

Business continuity and disaster recovery is one of the most pivotal memorandum for the application form. Notwithstanding, the operator’s best endeavours, it is not possible to entirely exclude the possibility of a disaster or catastrophe (such as earthquakes, thunder strikes, flooding, fire etc;) which may severely impede / hinder the continuity of the operator’s business.

It is therefore imperative, that the operator devise a well-detailed plan, explaining what measures, has been implemented to minimise risks, and to efficiently neutralise disasters, should they occur.
A classification of the types of disasters and the escalation path to ensure swift rectification is essential here. All the personnel of the operator should be familiar with the disaster recovery plan and procedure. Regular drills should be carried out, and any developments thought to the employees. The disaster recovery plan should be in the form of a workable “cookbook” detailing the counter-measures to be implemented, depending on the severity of the disaster, as well as the escalation path to be followed for the swift and effective counter-measures to address the disaster.
Although co-location companies may have 24:7 support services, the operator should not depend entirely on the co-location personnel, and devise his own strategies, including the training of a specialised task force to remedy the problem efficiently and in the most efficient way possible.

Top

Data Backup Procedures

Closely linked to the Business Continuity and Disaster Recovery Plan, is the notion of data backup procedure.
The operator should be well aware that data is his most prized and valuable asset, and that the loss of any such data, may hinder the continuity of his business, severely effect his revenues and give rise to a liability exposure, for loss of data.
The onus is always on the operator to ensure that the data is stored safely and may be retrieved effortlessly and efficiently. It is therefore important that backups be done periodically and punctually, through a number of methods, including but not limited to remote dual copy, automated off-site tape backups and off-site tape backup storage.

Top

Change Management Procedures

This memorandum should be broadly divided into the following three (3) sections;
(i) Human Resources

(ii) System mechanisms, maintenance and updates;

(iii) Hardware changes
The common thread throughout is to show how efficiently and smoothly, an operator may manage changes, which are not only innate in every company, but especially frequent in a dynamic industry such as the Gaming One.

Top

Human Resources

Every Maltese remote gaming company must inform the LGA in writing of any appointment / termination of an employee with the licensed gaming company. The termination of an employment or the creation of a new employment post may bring about changes to escalation path / reporting requirements. It is therefore important, that the policies and procedures be amended periodically to reflect the true company structure of the firm.
This memorandum should also cross-reference to other memoranda, including the user management policy and security access policy but outlining the escalation path that need to be undertaken, whenever an employment is terminated / created e.g. security checks for engagement of new personnel – change of passwords etc;
This memorandum should also include changes re: consultancy agreements and affiliates.

Top

System Mechanisms, Maintenance and Updates

The very nature of the gaming business requires periodic changes to the product offering and mechanisms to ensure that the operator maintains its cutting edge. Constant upgrades are needed to maintain top security, as security breaches become more and more sophisticated, to increase browsing speed, with the integration of different source-codes e.g. flash.

Whereas, some updates may be merely aesthetical e.g. facelift to the webpage, new colour codes, company logos etc; others may require changes to the very essence of the system mechanics or business rules.

The memorandum must therefore explain the procedure needed to implement thhese changes i.e. escalation paths, as well as the methods of effecting such changes, and the measures undertaken to ensure that the changes are effected as seamlessly as possible, without the risk of losing any data and/or minimising the inconvenience to players.

The memorandum should include, but not be limited to the following changes-

(i) Marketing – text and graphics changes – banners / promotions etc;
(ii) New functionality – Requested by the Management;
(iii) Bugs: Detected in live or develop environment etc;

Every change should also be tested in a “dummy run” prior to implementation to ensure that any inconvenience is minimalised.

A simple flow-chart showing the escalation of events of the persons directly involved in this technical change, would be very important.

Top

Hardware

The changes to the hardware is central and is mainly triggered off by two events-

(i) Failure replacement;
(ii) Upgrades

Although all efforts are afforded to circumvent the possibility of failure, this may never be completely eradicated. In this case, the operator must furnish a memorandum, explaining the processes which are implemented whenever there is a system failure, such as how the change procedure is effected from a decision level. The Key Official must, liaise with the LGA, and formalise the report of the incident, through the filling in of an Incident Report form.

With regard to upgrades, it is important that operators espouse new technologies, which shall allow him to maintain a competitive edge, and render the gaming experience more captivating to players.

The implementation of upgrades may, depending on their extent, cause disruption and/or interruption of the service, therefore all measures should be undertaken to circumvent loss of data and downtime, such as that upgrades are effected during off-peak hours.

Contrary to failure replacements which occur randomly, upgrades may be planned ahead. The key official should inform the LGA of the planned upgrade and shall, post implementation, notify the LGA with a Decommissioning of equipment report form.

Top

Fraud Management Procedures

The operator must be aware that accountability, good corporate governance and a flawless reputation, which scores highly on player trust are pivotal to the gaming business. The Players must have the serenity and peace of mind that they are depositing funds with a trustworthy operator licensed by a reputable body.

With internet fraud and computer crime involving ever-more sophisticated methodology, the operator must devise a system of checks and balances aimed at minimising the risks of fraud, abuse and unsolicited money movements.

The Operator must therefore have a well delineated Know-Your-Client procedure, requiring the player to submit documents, through a safe channel, which may conclusively establish his identity and place of residence. Complementing the documentary evidence is the use of IP tracking, to ensure that the actual geographical location of the player, tallies with the residence provided in the documentary information.

The operator should also monitor suspicious payout requests, such as a payout request shortly after a deposit, as well as unusual payment patterns. All payment requests in the excess of €2330 may only be effected upon receipt of the necessary KYC documentation.

The player details should then be verified by the card service providers / payment gateways through and e-processor verification function and their in-built scrubbing and verification system in collaboration with the acquiring banks. It is important that the operator makes use of reputable service providers, who make use of technical measures aimed at severely reducing the incidence of fraud e.g. 3-D Secure verification for card payments.

This two-pronged approach is important because it provides a safety-net to attest the veracity of the player. Even if the customer registration and deposit registration processes are intrinsically intertwined, the operator should not be relying blindly on the information supplied to it by the card service providers / payment gateway providers. An independent KYC shall be carried out and a re-conciliation shall subsequently be made between the two processes.

A possible vehicle for fraud may be represented by lost passwords requests. When processing requests for lost passwords, the operator should verify the login logs, to ensure whether the request is compatible with sporadic uses of the account. No information should be forwarded in ‘Live Help’ to players who have lost their IDs or Passwords. Bona Fide requests for new passwords should be sent to the players’ registered email.

Top

Application Architecture

The operator shall need to adequately explain the technical architecture of the gaming platform – composed of the following.

(i) The Front End Tier – this consists of the player browser, which resides in the player PC, plus the website and game servers;

The memorandum should contain an explanation of the use of HTTP as a communication protocol between the client browser and the website, and perhaps a private protocol over TCP/IP to communicate the flash applications (running in the client browser) and the game servers.

(ii) The Middle Tier – composed of the website and the database;

The middle tier administers all interactions between the website and the game servers as well as the databases. The operator must illustrate how this works, from the moment the player logs in (username / password verification), passing onto the retrieval of data from the database and, if there is match, the creation of a session key that is stored in database for future reference. The same interaction should be recorded for any payment and/or withdrawal of payment requests.

(iii) The Backend Tier – formed by the database, the Game Management System, the Administrator browser and other application running analytical and other internal processes.

The Back end tier regulates the interactions between the Game management system and the database. This level contains all the site administration components: the analytical processes for the calculation of aggregates, and the database itself as main information source.

The memorandum should provide in detail knowledge of the Game Management System – showing how its use as a tool not only to change the system configuration (e.g. game setups, deposit bonus rules) and player profiles etc; but also its important for analysis and support, including but not limited to the following functions.

(i) Search player;
(ii) See player profile;
(iii) Edit Player profile;
(iv) Manage player balances;
(v) Get player game details;
(vi) Get player session history / deposit history; etc

The processes for obtaining the following reports should also be allow the generation of the following reports:

(i) Bonuses reports;
(ii) Game Logs reports;
(iii) IP Address reports;
(iv) Progressive jackpots reports;
(v) Search for duplicate accounts;
(vi) Get pattern summary report;
(vii) Get new signups reports;
(viii) Manage incidents; etc

And also allow the generation of reports for key financial information, such as-

(i) Business summary report;
(ii) Chargeback report;
(iii) Get hourly trends reports;
(iv) Float balance reports;
(v) Purchase summary reports;
(vi) Transaction summary reports;
(vii) Payouts reconciliations reports

Top

System Architecture

This is a technical document, in which the applicant should include a description on the physical infrastructure used by the applicant for the carrying out of the gaming operation. The memorandum should include a detailed explanation on the number of servers used and the role
of each server. The interlink between servers should also be explained by means of a flowchart and/or organigram.

Other details should include a description of the system firewall, the I.P range of the servers, and the applications used by the website / game servers / database etc;

Top

Network Infrastructure

In this memorandum the applicant must give a thorough description of the network infrastructure used and technology choices made to ensure top security, in line with the industry’s demands.

The applicant needs to describe the network infrastructure as well as the network management, such as which components can be remotely administered and maintained. Alerts may be sent to operational staff, which may be managed by using a ticket queue. The performance and capacity parameters should be logged and graphed, to retrieve historical information for monitoring and capacity planning purposes.

This memorandum should also include a detailed VLAN overview, describing the firewall rules created with a restrictive policy. Ports may only be opened for services which are to be made available from other VLANs and then only to the VLANs or specific IP addresses which require access.

Detailed information, including the use of a diagram illustrating the VLANs involved when a HTTP request for a website is processed, should also be attached, for ease of reference.

Top

Details of the Random number generator (if required)

A random number generator (“RNG”) shall be required whenever there is a chance element in a game, i.e. the outcome of the game does not depend on the skill and/or dexterity of the player. Sportsbooks are naturally excluded from the requirement of a RNG, whereas poker and casino games all have chance elements and necessitate an RNG. In the memorandum, the operator should specify whether the RNG is:-

a. Hardware / Software based;
b. Model
c. Brand
d. Copy of Test Certificate
e. Conclusion of Certification Authority report.

A RNG is determined in accordance with the Third Schedule of the Regulations, whereby the RNG must satisfy the Schneier test of Randomness – i.e.

(i) The data must be randomly generated, passing appropriate statistical tests of randomness;

(ii) The data must be unpredictable; i.e. it must be computationally infeasible to predict what the next number will be, given complete knowledge of the algorithm or hardware generating the sequence, and all previously generated numbers;

(iii) The series cannot be reliably reproduced, i.e. if the sequence generator is activated again with the same input it will produce two completely unrelated random sequences.

White-listed, hard-based RNGs, which are approved by the applicant, may be exempted from producing a test certificate. However, all software-based RNGs shall require testing of their mathematical algorithm to ensure that the outcome is truly random

Top

Name of the owner of the software

The software may be licensed or developed by the operator. In either case, the Intellectual Property Owner of the software must be identifiable, through the provision of the required corporate details e.g. name of company, company registration number, registered office, place of incorporation, contact details; etc;

Top

Name of the organisation that did the testing

Include the organisation / company involved in the process and their credentials. As with the abovementioned case, kindly specify the name of name of company, company registration number, registered office, place of incorporation, contact details involved in the testing thereof;

This memo should also include details regarding the processes, rules and parameters of the games, ensuring that these dovetail to the game rules published by the operator. The game also needs to respect the configuration decided by the operator in terms of –

(i) percentage payouts;

(ii) progressive jackpot payouts; etc;

(iii) provide no more than the expected house advantage to the operator; – i.e. outcome not piloted in any way by the operator;

(iv) both the gaming and financial transactions must be congruent and secure;

(v) the outcome of any game event, and the return to the player must be independent of the CPU, memory, disk or other components used in the playing device used by the player;

(vi) The Game or any game event outcome must not be affected by the effective bandwidth, link utilisation, bit error rate or other characteristic of the communication channel between the gaming system and the playing device used by the player;

(vii) The gaming system must be able to display for each game the following information on the current page or on a page directly accessible from the current page via a hyperlink-

(a) the name of the game;
(b) restrictions on play;
(c) instructions on how to play, including a pay-table of all prizes and special features;
(d) the player’s current account table;
(e) unit and total bets permitted;
(f) the rules of the game.

(viii) All financial reports produced by the gaming system must be congruent with gaming transaction reports;

(ix) The gaming system must (a) be capable of producing monthly auditable and aggregate financial statements for gaming transactions and (b) calculate all taxation and monies due to the Authority;

(x) The gaming system must maintain information about all games played, including-

(a) the identity of the player;
(b) the time the game began as recorded on the games server;
(c) the balance of the player’s account at the start of the game;
(d) the stakes placed in the game (time stamped by the games server);
(e) the game status (in progress, complete etc;)
(f) the result of the game (time stamped by the games server);
(g) the time the game ended as recorded by the game server;
(h) the amount won or lost by the player;
(i) the balance on the player’s account at the end of the game.

(xi) The gaming system must maintain information about significant events as follows

(a) large wins;
(b) transfers of funds in excess of such amount that the LGA may serve/ give notice to the operator;
(c) changes made by the operator to game parameters;

Top

Online Text / Content

The terms and conditions must be posted on the homepage of the applicant, and shall include the following fields:

a. Operator details;

Details of the Maltese registered company (name, company registration number, registered address, operating address etc;)

b. Jurisdiction and Regulation;

The governing law must be the Laws of Malta;

c. Languages Displayed;

d. Player Terms & Conditions;

Kindly note that any changes thereto must be pre-approved by the LGA.

e. Bonus Scheme Conditions;

f. Rules & Regulations of the Games (text)

g. Player Registration Process in screen shots;

h. Data Protection Statement;

This may have to be amended to comply with the provisions of the Data Protection Act – Chapter 440 of the Laws of Malta

i. Complaints;

Hyperlinks to the emails of your call centre / complaints officer etc; Contact details.

j. Provision of self protection / exclusion;

The operator must display at all times, a warning of the addiction possibilities of gaming and hyperlinks to assisting compulsive gamers.

Furthermore, a registered player must have the option of:-

(i) Setting a limit to the amounts wagered within a specific period of time;
(ii) Set a limit on the losses which the player may incur within a specific period of time
(iii) Set a limit to the amount of time the player may play in one session;
(iv) Exclude the player from playing for a definite period of time / indefinitely.

The operator may not accept a wager contrary to the abovementioned set limits.

Moreover, the operator must make available an automatic reality check showing the following info:-

(i) How much the player has been playing;
(ii) Display the person’s winnings and losses during such period of time;
(iii) Require the player to confirm that he has read the message;
(iv) Give an option to the player to end the session or return to the game.

Kindly note that the operator’s homepage must contain the following-

(i) The registered name of the licensee’s company;
(ii) The address of the company’s registered office;
(iii) The official number and date of issue of the licence; (post licence)
(iv) A statement that the licensee’s operations are regulated by the LGA;
(v) Hyperlinks to organisations specialising in curbing gaming addiction;
(vi) Hyperlinks to rules of the games;
(vi) Kite-mark of the LGA’s website (post licence)

Top

Contracts with Business Partners

The applicant must submit originals or certified true copies of the following agreements:

a. Payment Systems / Gateways;

b. Contracts with Software Providers;

c. Contracts with Class 4 Platform, if applicable

d. Other Contracts with Parent / Group / Affiliate Companies

Full disclosure is required by the LGA.

It is very important that the actual contracts are concluded by the Maltese registered company and not by any parent or subsidiary thereof.

Contact one of our officers to initiate the licensing process for a Maltese registered gaming company and start reaping the full benefits of an onshore, low-tax, reputable, EU jurisdiction. Simply fill in the contact box below or contact us by email on enquiries@fbsmalta.com or by calling at +356 2338 1500

We are committed to providing you with a swift solution best suited to your needs.

Malta Remote Gaming Intermediaries

An essential element for the success of any remote gaming operation is to ensure an efficient and wide range of intermediaries, including skins, white labels, affiliates etc; which seek to increase traffic and revenue towards the licensed remote gaming website.  Intermediaries today play an ever important role in the solicitation of players to licensed remote gaming operators.

Acknowledging the importance of gaming intermediaries, the Maltese Lotteries and Gaming Authority has implemented a fast-track notification process.  Any remote gaming company wishing to contract the services of a gaming intermediary must file a copy of the contractual agreement with the Authority (subject to the payment of an administrative fee) and submit the details of the Intermediary.

The licensed remote gaming operator remains solely responsible for the compliance of the Remote Gaming Regulations by the intermediary (such as advertising regulations), and must never divest its statutory duties to the intermediary.

Intermediaries may be physical and legal persons and need not be resident or the in case of legal persons, incorporated or managed in Malta.   Furthermore, intermediaries need not maintain minimum share capital requirements, suffer remote gaming tax, nor have a key official at all times, as required by the remote gaming operators.

We can assist you by:

• Drafting all forms of gaming intermediary agreements including but not limited to affiliate agreements, affiliate management agreements, white label and skin agreements;
• Processing of notification form to the Lotteries and Gaming Authority;
• In the case of corporate intermediaries, the registration of a company to fulfill the role of licensed intermediary in Malta, or in any other jurisdiction of choice.  (Our fully-fledged offices in Cyprus, Greece, the UK and the Seychelles, together with our network of intermediaries, provide us with unmatched options);
• Tax planning and tax advice

Contact one of our officers for assistance in remote gaming intermediaries. Simply fill in the contact box below or contact us by email on enquiries@fbsmalta.com or by calling at +356 2338 1500

We are committed to providing you with a swift solution best suited to your needs.

Malta iGaming and Malta Remote Gaming Forms

The following are the most salient forms which the applicant must, together with the business plan, all supporting documentation, and second stage document forms be submitted  to the Lotteries and Gaming Authority (Malta):

• License for Malta Remote Gaming Forms
  The application form should indicate the name of the proposed company, which shall act as licence-holder, as well as the classes of gaming licences being applied for.

• Personal Declaration Form
  This Personal Declaration form must be filled up by every director, shareholder and beneficial owner, planning to have a qualifying interest (5% or more qualifying participation and/or voting rights in the company).

• Business Entity Information Form
  After the first stage has been successfully passed by the applicant, the latter is to submit the business entity information form, outlining the details of the Maltese gaming company (directors, share capital, bank accounts etc).

• Personal Declaration Key Official Form
  With 21 days from issue of the Letter of Intent, the applicant must appoint a key official.

• Service Provider Authorisation Form
  This form outlines the authorised domain names which the applicant shall use to solicit players to their gaming business, as well as details of the co-location company hosting their gaming server and player databases.

• Remote Gaming Employee Form
  Every person employed by the Gaming company must be pre-approved by the authority and submit themselves to a due diligence verification.

• Licensee Intermediary Form
  Any gaming intermediaries (skins, white label affiliates or partners) have to be notified to the Lotteries and Gaming Authority, through the submission of this form.

Contact one of our officers to initiate the licensing process for a Maltese registered gaming company and start reaping the full benefits of an onshore, low-tax, reputable, EU jurisdiction. Simply fill in the contact box below or contact us by email on enquiries@fbsmalta.com or by calling at +356 2338 1500

We are committed to providing you with a swift solution best suited to your needs