Malta Gaming Memo - Acumum Legal & Advisory

Malta's International Legal & Advisory Firm
info@acumum.com | http://www.acumum.com
Skype: acumum
E: info@acumum.com |www.acumum.com | Skype ID: acumum | T: Malta +356 2778 1700
Acumum Legal|Acumum Services Ltd
Registered address: 260 Triq San Albert, Gzira, GZR 1150
For Information & Guidance Purposes Only
Malta Gaming Licenses -Operational & Statutory - A Detailed Overview
As part of the business and technical assessment, the applicant for a Malta remote gaming licence shall be
asked to submit the following operational and statutory requirements documentation:
 A Maltese Company Registration Certificate;
 Memorandum and Articles of Association of the Maltese Company;
 Business Entity Information Form;
 Information Security Policy;
 Incident Response & Asset Removal Policy;
 User Management Policy;
 Human Resources Roles & Responsibilities;
 System Access Control Procedures;
 Financial Accounting Procedures;
 Business Continuity and Disaster Recovery Plan;
 Data Backup Procedures;
 Change Management Procedures;
 Fraud Management Procedures;
 Application Architecture;
 System Architecture;
 Network Infrastructure;
 Details of the Random number generator (if required);
 Name of the owner of the software;
 Name of the organisation that did the testing;
 Online text / content;
 Contracts with Business Partners
Malta Company
Upon incorporation, the Maltese Registrar of Companies shall, after ascertaining compliance with the
statutory provisions of the Maltese Companies Act, issue a certificate of registration, as evidence of the
company’s corporate existence.
Memorandum and Articles of Association
The applicant must satisfy minimum criteria of local presence, one of which is that the licence holder must be
a Maltese registered corporate entity, the most common form being a private limited liability company.
Business Entity Information Form
The applicant shall also need to fill in a purposely prepared form. The Business Entity form shall contain details
relating to the registered office and operating address in Malta, websites, details of credit institution
entrusting to the safekeeping of players’ monies, player account number, financial year end etc;
The credit institution holding players’ monies may be located in or outside of Malta, and must issue a written
declaration attesting that:-
(i) It will not attempt to enforce or execute, any charge, write-off, set-off or other claim against the afore-
mentioned Clients’ Accounts;
(ii) It will not combine the Clients’ Accounts with any other account in respect of any debt owed to it by the
licensee;

Skype: acumum
(iii) It shall credit any interest payable on the above indicated Clients accounts only to that account/s;
(iv) It shall disclose any information with regard to the Clients’ Accounts as may be requested by the
Lotteries and Gaming Authority.
Information Security Policy
The information security policy must contain a comprehensive and all-encompassing description of the means,
technical and human resources that shall be implemented by the applicant for the better protection of the
confidentiality, integrity and availability of all of the business information to safeguard the company’s assets,
customers, staff and reputation.
The applicant should emphasise the use of firewalls that shall be used to protect sensitive player database,
payment security measures e.g. the use of 3-D secure credit card validation when the client is management
payments /withdrawals, the use of an encryption when player is entering password, password validation
processes etc;
From the human resources aspect, it is important to ensure that the applicant operates through a system of
authorisations and “need-to-know” basis. Sensitive information, regarding players’ details and credit card
validity shall only be accessible by senior management, e.g. key official, chief financial officer etc;
The applicant should also secure a change of password policy on a periodical basis, and ensure that effective
technical counter-measures are implemented when an employee / consultant leaves the applicant (immediate
closures of accesses) etc;
Incident Response & Asset Removal Policy
The essential elements here are classification of the incident or problem, diagnosis, escalation and trouble-
shooting of the problem.
If the incident is such that it hinders the operations of the applicant, causes downtime or worse still if the
incident is critical, and causes loss of data, what is the escalation path, from diagnosis to solution.
The applicant must devise a policy which encompasses a holistic approach to cater for all incidents, by training
staff to detect incident and establishing a rapid and effective escalation path to take all measures as are
necessary to (i) contain the incident; (ii) diagnose problem; and (iii) find solution.
This calls for a classification of the incident response e.g. whether it is software related or hardware related,
and a classification of how serious the incident is. Segregation measures may be undertaken, to ensure that
the incident does not spill-over to other key areas, which may hinder operability and/or cause downtime.
The Key official must be informed at the earliest, and he must, inform the LGA by means of a specific incident
report form.
If the incident cannot be solved remotely or by debugging software, but is caused by a failure to one of the
hardware components, which may only be rectified by substituting the hardware component, the policy
should include a description of the escalation path necessary to implement changes, how fast these changes
can be implemented, the procedure to inform the LGA with no undue delay and whether the changes were
made policy by having on-site spares, as well as keeping an inventory on such on-site spares.
User Management Policy
This document shall delineate the necessary procedures for the implementation of all integrity checks of the
company’s operational information systems, to minimise any risk to the company’s assets and reputation or to
its customers’ personal and financial data resulting from unauthorised access to or modification of those
systems.

Skype: acumum
The objectives of the policy are therefore to ensure that only selected users have access to the information as
necessary for their legitimate business. The objectives are therefore in a way similar to the aforesaid
Information Security Policy, but the accent is strongly on privileges and accesses afforded to the human
resources within the Company. The privileges of each employee must be clearly delineated, to ensure that all
information is compartmentalised. No employee should have access to information which is extraneous to his
work description, and access should be given on a strict “need-to-know” basis.
The policy should also cover a policy for consultants and affiliates.
Human Resources - Roles & Responsibilities
The applicant needs to illustrate the organisational structure of the remote gaming company. It is highly
advisable that an organisational chart delineating the hierarchy of the Company, is provided, specifying the
role, responsibilities and duties of each employee.
The Key official must be a director of the Company, and in order to fulfil his reporting duties to the LGA and
comply with statutory obligations, have a pivotal role with full access to the policies and financials. The key
official must be in a position to extract information directly and without hindrance, and all employees should,
if necessary, provide him with the necessary information.
The human resources roles and responsibilities are dependent on the operator’s structure; however, typically,
the document should contain a descriptive overview of the following roles:
(i) Financial Comptroller;
(ii) Accounting Staff;
(iii) Head Chat Manager;
(iv) Chat Moderator;
(v) Customer Moderator; etc;
System Access Control Procedures
This memo should be seen as drawing-closely and being complementary to the User Management Policy.
Whereas, the User Management Policy should describe the policy relating to user management, accesses and
privileges, the System Access Control Procedures should show how in practice, these procedures are
implemented.
A detailed account of the staff password policies – frequency of changes to password / password strength /
lost password policies, should be included, specifying who can implement such technical measures.
Furthermore, this memorandum should outline the technical measures that need to be implemented
whenever an employee ceases employment, thereby ensuring that access is terminated immediately, and
cannot be reactivated by the employee. A similar policy should be implemented with regard to consultants and
whenever tasks are outsourced to third parties, if any.
A flow chart explaining the privileges and accesses, as well as the technical measures in place between each
department is strongly commendable.
Financial Accounting Procedures
Transparency is a key issue for remote gaming companies licensed by the LGA. Apart from filing audited
financial statements after the end of year of assessment, all remote gaming companies must file management
accounts on a semester basis to the LGA.

Skype: acumum
Furthermore, the LGA shall approve the place, other than the licensee’s registered office where the applicant
keeps the remote gaming records. These records and accounts must show a true and fair view of the financial
position and state of affairs of the licensee. These accounts must be prepared in accordance with international
financial reporting standards (IFRS).
The audited accounts of a corporation form the basis of the tax computation but certain statutory adjustments
may be carried out. Compliance with International Accounting Standards (IASs) has been mandatory for all
Maltese companies since 1995 for annual accounts and consolidated accounts, and have implemented the IAS
Regulation of June 2002. Accounting standards relating to the presentation, content and publication of annual
accounts, annual reports and consolidated accounts with respect to companies with limited liability have fully
transposed the Fourth and Seventh Company Law Directives.
Furthermore, the Maltese Companies Act governs the content and form of individual accounts and of
consolidated accounts respectively. According to both articles, accounts shall be drawn up clearly and in
accordance with the provisions of the Act and with generally accepted accounting principles and practice.
Compliance with “generally accepted accounting principles and practice” is defined in Article 2 (4) of the
Companies Act as adherence to International Accounting Standards as may be issued from time to time by the
International Accounting Standards Board, or any other body succeeding it by whatever name it may be
known, and to any accounting standards as may be made applicable from time to time in terms of the
Accountancy Profession Act.
In the event that a provision of the Act is in conflict or is not compatible with generally accepted accounting
principles and practice, the accounts are required to be drawn up so as to give a true and fair view of the
assets, liabilities, financial position and profit or loss of the company (or companies in the case of consolidated
accounts).
Audited sets of financial statements must be presented to the LGA, within sixty (60) days from the end of its
financial year and the licensee shall, within thirty (30) days from the end of the half yearly period, lodge
interim financial statements showing the licence holder’s results and signed by the key official.
The LGA may require any additional financial information in the format specified by the LGA. Furthermore, the
LGA may, at its own discretion, conduct an investigation if it has reason to believe that the Licensee or key
official is not conforming to the Act.
The applicant must therefore show that is it implementing the aforesaid policies to give a true and fair view of
its financials and the procedure into force to ensure that this is always an accurate assessment of the
company’s financial situation e.g. the four-eye principal approach (accounts vetted by financial comptroller
and Key official (who must have access to the financials).
The name of the accountants / auditors may also be specified in the memo.
Business Continuity and Disaster Recovery Plan
Business continuity and disaster recovery is one of the most pivotal memorandum for the application form.
Notwithstanding, the operator’s best endeavours, it is not possible to entirely exclude the possibility of a
disaster or catastrophe (such as earthquakes, thunder strikes, flooding, fire etc;) which may severely impede /
hinder the continuity of the operator’s business.
It is therefore imperative, that the operator devise a well-detailed plan, explaining what measures, has been
implemented to minimise risks, and to efficiently neutralise disasters, should they occur.
A classification of the types of disasters and the escalation path to ensure swift rectification is essential here.
All the personnel of the operator should be familiar with the disaster recovery plan and procedure. Regular
drills should be carried out, and any developments thought to the employees. The disaster recovery plan
should be in the form of a workable “cookbook” detailing the counter-measures to be implemented,

Skype: acumum
depending on the severity of the disaster, as well as the escalation path to be followed for the swift and
effective counter-measures to address the disaster.
Although co-location companies may have 24:7 support services, the operator should not depend entirely on
the co-location personnel, and devise his own strategies, including the training of a specialised task force to
remedy the problem efficiently and in the most efficient way possible.
Data Backup Procedures
Closely linked to the Business Continuity and Disaster Recovery Plan, is the notion of data backup procedure.
The operator should be well aware that data is a valuable asset, and that the loss of any such data, may hinder
the continuity of his business, severely effect his revenues and give rise to a liability exposure, for loss of data.
The onus is always on the operator to ensure that the data is stored safely and may be retrieved effortlessly
and efficiently. It is therefore important that backups be done periodically and punctually, through a number
of methods, including but not limited to remote dual copy, automated off-site tape backups and off-site tape
backup storage.
Change Management Procedures
This document should be broadly divided into the following three (3) sections:
(i) Human Resources
(ii) System mechanisms, maintenance and updates;
(iii) Hardware changes
The common thread throughout is to show how efficiently and smoothly, an operator may manage changes,
which are not only innate in every company, but especially frequent in a dynamic industry such as the Gaming
One.
Human Resources
Every Maltese remote gaming company must inform the LGA in writing of any appointment / termination of an
employee with the licensed gaming company. The termination of an employment or the creation of a new
employment post may bring about changes to escalation path / reporting requirements. It is therefore
important, that the policies and procedures be amended periodically to reflect the true company structure of
the firm.
This memorandum should also cross-reference to other memoranda, including the user management policy
and security access policy but outlining the escalation path that need to be undertaken, whenever an
employment is terminated / created e.g. security checks for engagement of new personnel – change of
passwords etc;
This memorandum should also include changes re: consultancy agreements and affiliates.
System Mechanisms, Maintenance and Updates
The very nature of the gaming business requires periodic changes to the product offering and mechanisms to
ensure that the operator maintains its cutting edge. Constant upgrades are needed to maintain top security, as
security breaches become more and more sophisticated, to increase browsing speed, with the integration of
different source-codes e.g. flash.
Whereas, some updates may be merely aesthetical e.g. facelift to the webpage, new colour codes, company
logos etc; others may require changes to the very essence of the system mechanics or business rules.

Skype: acumum
The memorandum must therefore explain the procedure needed to implement thhese changes i.e. escalation
paths, as well as the methods of effecting such changes, and the measures undertaken to ensure that the
changes are effected as seamlessly as possible, without the risk of losing any data and/or minimising the
inconvenience to players.
The memorandum should include, but not be limited to the following changes-
(i) Marketing – text and graphics changes – banners / promotions etc;
(ii) New functionality – Requested by the Management;
(iii) Bugs: Detected in live or develop environment etc;
Every change should also be tested in a “dummy run” prior to implementation to ensure that any
inconvenience is minimalised.
A simple flow-chart showing the escalation of events of the persons directly involved in this technical change,
would be very important.
Hardware
The changes to the hardware is central and is mainly triggered off by two events-
(i) Failure replacement;
(ii) Upgrades
Although all efforts are afforded to circumvent the possibility of failure, this may never be completely
eradicated. In this case, the operator must furnish a memorandum, explaining the processes which are
implemented whenever there is a system failure, such as how the change procedure is effected from a
decision level. The Key Official must, liaise with the LGA, and formalise the report of the incident, through the
filling in of an Incident Report form.
With regard to upgrades, it is important that operators espouse new technologies, which shall allow him to
maintain a competitive edge, and render the gaming experience more captivating to players.
The implementation of upgrades may, depending on their extent, cause disruption and/or interruption of the
service, therefore all measures should be undertaken to circumvent loss of data and downtime, such as that
upgrades are effected during off-peak hours.
Contrary to failure replacements which occur randomly, upgrades may be planned ahead. The key official
should inform the LGA of the planned upgrade and shall, post implementation, notify the LGA with a
Decommissioning of equipment report form.
Fraud Management Procedures
The operator must be aware that accountability, good corporate governance and a flawless reputation, which
scores highly on player trust are pivotal to the gaming business. The Players must have the serenity and peace
of mind that they are depositing funds with a trustworthy operator licensed by a reputable body.
With internet fraud and computer crime involving ever-more sophisticated methodology, the operator must
devise a system of checks and balances aimed at minimising the risks of fraud, abuse and unsolicited money
movements.
The Operator must therefore have a well delineated Know-Your-Client procedure, requiring the player to
submit documents, through a safe channel, which may conclusively establish his identity and place of
residence. Complementing the documentary evidence is the use of IP tracking, to ensure that the actual
geographical location of the player, tallies with the residence provided in the documentary information.

Skype: acumum
The operator should also monitor suspicious payout requests, such as a payout request shortly after a deposit,
as well as unusual payment patterns. All payment requests in the excess of €2330 may only be effected upon
receipt of the necessary KYC documentation.
The player details should then be verified by the card service providers / payment gateways through and e-
processor verification function and their in-built scrubbing and verification system in collaboration with the
acquiring banks. It is important that the operator makes use of reputable service providers, who make use of
technical measures aimed at severely reducing the incidence of fraud e.g. 3-D Secure verification for card
payments.
This two-pronged approach is important because it provides a safety-net to attest the veracity of the player.
Even if the customer registration and deposit registration processes are intrinsically intertwined, the operator
should not be relying blindly on the information supplied to it by the card service providers / payment gateway
providers. An independent KYC shall be carried out and a re-conciliation shall subsequently be made between
the two processes.
A possible vehicle for fraud may be represented by lost passwords requests. When processing requests for lost
passwords, the operator should verify the login logs, to ensure whether the request is compatible with
sporadic uses of the account. No information should be forwarded in ‘Live Help’ to players who have lost their
IDs or Passwords. Bona Fide requests for new passwords should be sent to the players’ registered email.
Application Architecture
The operator shall need to adequately explain the technical architecture of the gaming platform – composed
of the following.
1. The Front End Tier – this consists of the player browser, which resides in the player PC, plus the website
and game servers;
2. The memorandum should contain an explanation of the use of HTTP as a communication protocol
between the client browser and the website, and perhaps a private protocol over TCP/IP to communicate
the flash applications (running in the client browser) and the game servers.
3. The Middle Tier – composed of the website and the database;
4. The middle tier administers all interactions between the website and the game servers as well as the
databases. The operator must illustrate how this works, from the moment the player logs in (username /
password verification), passing onto the retrieval of data from the database and, if there is match, the
creation of a session key that is stored in database for future reference. The same interaction should be
recorded for any payment and/or withdrawal of payment requests.
5. The Backend Tier – formed by the database, the Game Management System, the Administrator browser
and other application running analytical and other internal processes.
6. The Back end tier regulates the interactions between the Game management system and the database.
This level contains all the site administration components: the analytical processes for the calculation of
aggregates, and the database itself as main information source.
7. The memorandum should provide in detail knowledge of the Game Management System – showing how
its use as a tool not only to change the system configuration (e.g. game setups, deposit bonus rules) and
player profiles etc; but also its important for analysis and support, including but not limited to the
following functions.
8. Search player;
9. See player profile;
10. Edit Player profile;
11. Manage player balances;
12. Get player game details;
13. Get player session history / deposit history; etc

Skype: acumum
14. The processes for obtaining the following reports should also be allow the generation of the following
reports:
a. Bonuses reports;
b. Game Logs reports;
c. IP Address reports;
d. Progressive jackpots reports;
e. Search for duplicate accounts;
f. Get pattern summary report;
g. Get new signups reports;
h. Manage incidents; etc
15. And also allow the generation of reports for key financial information, such as-
a. Business summary report;
b. Chargeback report;
c. Get hourly trends reports;
d. Float balance reports;
e. Purchase summary reports;
f. Transaction summary reports;
g. Payouts reconciliations reports
System Architecture
This is a technical document, in which the applicant should include a description on the physical infrastructure
used by the applicant for the carrying out of the gaming operation. The memorandum should include a
detailed explanation on the number of servers used and the role
of each server. The interlink between servers should also be explained by means of a flowchart and/or
organigram.
Other details should include a description of the system firewall, the I.P range of the servers, and the
applications used by the website / game servers / database etc;
Network Infrastructure
In this memorandum the applicant must give a thorough description of the network infrastructure used and
technology choices made to ensure top security, in line with the industry’s demands.
The applicant needs to describe the network infrastructure as well as the network management, such as which
components can be remotely administered and maintained. Alerts may be sent to operational staff, which may
be managed by using a ticket queue. The performance and capacity parameters should be logged and graphed,
to retrieve historical information for monitoring and capacity planning purposes.
This memorandum should also include a detailed VLAN overview, describing the firewall rules created with a
restrictive policy. Ports may only be opened for services which are to be made available from other VLANs and
then only to the VLANs or specific IP addresses which require access.
Detailed information, including the use of a diagram illustrating the VLANs involved when a HTTP request for a
website is processed, should also be attached, for ease of reference.
Details of the Random number generator (if required).
A random number generator (“RNG”) shall be required whenever there is a chance element in a game, i.e. the
outcome of the game does not depend on the skill and/or dexterity of the player. Sportsbooks are naturally
excluded from the requirement of a RNG, whereas poker and casino games all have chance elements and
necessitate an RNG. In the memorandum, the operator should specify whether the RNG is:-
a. Hardware / Software based;

Skype: acumum
b. Model
c. Brand
d. Copy of Test Certificate
e. Conclusion of Certification Authority report.
A RNG is determined in accordance with the Third Schedule of the Regulations, whereby the RNG must satisfy
the Schneier test of Randomness – i.e.
(i) The data must be randomly generated, passing appropriate statistical tests of randomness;
(ii) The data must be unpredictable; i.e. it must be computationally infeasible to predict what the next number
will be, given complete knowledge of the algorithm or hardware generating the sequence, and all previously
generated numbers;
(iii) The series cannot be reliably reproduced, i.e. if the sequence generator is activated again with the same
input it will produce two completely unrelated random sequences.
White-listed, hard-based RNGs, which are approved by the applicant, may be exempted from producing a test
certificate. However, all software-based RNGs shall require testing of their mathematical algorithm to ensure
that the outcome is truly random
Name of the owner of the software
The software may be licensed or developed by the operator. In either case, the Intellectual Property Owner of
the software must be identifiable, through the provision of the required corporate details e.g. name of
company, company registration number, registered office, place of incorporation, contact details; etc;
Name of the organisation that did the testing
Include the organisation / company involved in the process and their credentials. As with the abovementioned
case, kindly specify the name of name of company, company registration number, registered office, place of
incorporation, contact details involved in the testing thereof;
This memo should also include details regarding the processes, rules and parameters of the games, ensuring
that these dovetail to the game rules published by the operator. The game also needs to respect the
configuration decided by the operator in terms of –
(i) percentage payouts;
(ii) progressive jackpot payouts; etc;
(iii) provide no more than the expected house advantage to the operator; – i.e. outcome not piloted in any
way by the operator;
(iv) both the gaming and financial transactions must be congruent and secure;
(v) the outcome of any game event, and the return to the player must be independent of the CPU, memory,
disk or other components used in the playing device used by the player;
(vi) The Game or any game event outcome must not be affected by the effective bandwidth, link utilisation, bit
error rate or other characteristic of the communication channel between the gaming system and the playing
device used by the player;
(vii) The gaming system must be able to display for each game the following information on the current page
or on a page directly accessible from the current page via a hyperlink-
(a) the name of the game;

Skype: acumum
(b) restrictions on play;
(c) instructions on how to play, including a pay-table of all prizes and special features;
(d) the player’s current account table;
(e) unit and total bets permitted;
(f) the rules of the game.
(viii) All financial reports produced by the gaming system must be congruent with gaming transaction reports;
(ix) The gaming system must (a) be capable of producing monthly auditable and aggregate financial statements
for gaming transactions and (b) calculate all taxation and monies due to the Authority;
(x) The gaming system must maintain information about all games played, including-
(a) the identity of the player;
(b) the time the game began as recorded on the games server;
(c) the balance of the player’s account at the start of the game;
(d) the stakes placed in the game (time stamped by the games server);
(e) the game status (in progress, complete etc;)
(f) the result of the game (time stamped by the games server);
(g) the time the game ended as recorded by the game server;
(h) the amount won or lost by the player;
(i) the balance on the player’s account at the end of the game.
(xi) The gaming system must maintain information about significant events as follows
(a) large wins;
(b) transfers of funds in excess of such amount that the LGA may serve/ give notice to the operator;
(c) changes made by the operator to game parameters;
Online Text / Content
The terms and conditions must be posted on the homepage of the applicant, and shall include the following
fields:
a. Operator details;
Details of the Maltese registered company (name, company registration number, registered address, operating
address etc;)
b. Jurisdiction and Regulation;
The governing law must be the Laws of Malta;
c. Languages Displayed;
d. Player Terms & Conditions;
Kindly note that any changes thereto must be pre-approved by the LGA.

Skype: acumum
e. Bonus Scheme Conditions;
f. Rules & Regulations of the Games (text)
g. Player Registration Process in screen shots;
h. Data Protection Statement;
This may have to be amended to comply with the provisions of the Data Protection Act – Chapter 440 of the
Laws of Malta
i. Complaints;
Hyperlinks to the emails of your call centre / complaints officer etc; Contact details.
j. Provision of self protection / exclusion;
The operator must display at all times, a warning of the addiction possibilities of gaming and hyperlinks to
assisting compulsive gamers.
Furthermore, a registered player must have the option of:-
(i) Setting a limit to the amounts wagered within a specific period of time;
(ii) Set a limit on the losses which the player may incur within a specific period of time
(iii) Set a limit to the amount of time the player may play in one session;
(iv) Exclude the player from playing for a definite period of time / indefinitely.
The operator may not accept a wager contrary to the abovementioned set limits.
Moreover, the operator must make available an automatic reality check showing the following info:-
(i) How much the player has been playing;
(ii) Display the person’s winnings and losses during such period of time;
(iii) Require the player to confirm that he has read the message;
(iv) Give an option to the player to end the session or return to the game.
Kindly note that the operator’s homepage must contain the following-
(i) The registered name of the licensee’s company;
(ii) The address of the company’s registered office;
(iii) The official number and date of issue of the licence; (post licence)
(iv) A statement that the licensee’s operations are regulated by the LGA;
(v) Hyperlinks to organisations specialising in curbing gaming addiction;
(vi) Hyperlinks to rules of the games;
(vi) Kite-mark of the LGA’s website (post licence)
Contracts with Business Partners
The applicant must submit originals or certified true copies of the following agreements:
a. Payment Systems / Gateways;

Skype: acumum
b. Contracts with Software Providers;
c. Contracts with Class 4 Platform, if applicable
d. Other Contracts with Parent / Group / Affiliate Companies
Full disclosure is required by the LGA.
It is very important that the actual contracts are concluded by the Maltese registered company and not by any
parent or subsidiary thereof.
Malta Key Official
Within twenty-one (21) days from the issuance of the Letter of Intent, the applicant must appoint at least one
Key Official. The Key Official must be:
A physical person, residing in Malta hold the office of director in the Maltese Company
The Key Official must personally supervise the operations of the licence holder and ensure compliance with all
applicable laws and regulations. As director of the company, the Key Official is bound by the general precepts
set forth in Article 136A of the Companies Act: to act honestly and in good faith in the best interest of the
company. Consequently, the Key Official must seek to obtain the most advantageous return to the Company,
and in so doing must adhere to statutory precepts such as professional secrecy, compliance with corporate,
fiscal and special laws and by any restrictions, including but not limited to any reserved matters, which may be
specified in the memorandum and articles of association of the gaming company.
The Key Official acts as the main contact point between the licence holder and the Lotteries and Gaming
Authority. Therefore, he/she has to adopt a “hands-on” approach and furnish the Authority with any
information which may be requested by the Authority in furtherance to the business of the licence holder.
Furthermore, the Key Official is requested to:
 Report any suspicious transactions to the Authority or local authorities;
 Remit the gaming tax to the Authority without delay (payable within the 20th day of the next month
after which the gaming tax is due);
 Promptly inform the Authority of the appointment or termination of any person employed by the
remote gaming company;
 Promptly inform the LGA of any incident which impedes, hinders or obstructs the gaming operation
e.g. any failure in the hardware, downtime, whether scheduled or unscheduled by means of the filing
of a incident report to the LGA;
 Timely submit other statutory filings to the LGA, including but not limited to semester management
accounts and the audited financial statements.
The Key Official must be approved by the Authority and he/she cannot be divested from this role without the
prior written approval of the Authority. Therefore key officials seeking to resign from their post or any
shareholders wishing to remove the key official must seek the prior written consent of the Authority. At least
one key official must be retained by the licence-holder at all times.
For more information please contact:
Geraldine Noel
Managing Partner

Skype: acumum
Acumum - Legal & Advisory
Email: gnoel@acumum.com
Direct T: +356 2778 1700 Ext.: 101
Cell: +356 99695770

Malta Gaming Memo - Acumum Legal & Advisory

Recomendados

Recomendados

Más contenido relacionado

Similar a Malta Gaming Memo - Acumum Legal & Advisory

Similar a Malta Gaming Memo - Acumum Legal & Advisory (20)

Más de Acumum - Legal & Advisory

Más de Acumum - Legal & Advisory (19)

Último

Último (20)

Malta Gaming Memo - Acumum Legal & Advisory