WH Partners contributed with the Trends and Developments in Malta article to the Chambers Gaming Law 2023 Global Practice Guide. The article can be found on Chambers.com.
Introduction
Over the last 20 years, Malta has witnessed a remarkable transformation in its gambling sector, riding the wave of remote gaming platforms that have transformed the way people engage with remote gaming and gambling. The country has established itself as an early adopter of technology and regulation to support an influx of gaming companies and their employees attracted by the favourable infrastructure and operating environment. This continued growth has allowed Malta to position itself as a leading player in the global industry. Not content to rest on its laurels, Malta continues to develop, and this article explores two ways in which the island is adapting to a rapidly evolving technological and social landscape.
New Policy on Operators Using Virtual Assets
Efforts by the Malta Gaming Authority (MGA, or the "Authority") to position itself as a leader in financial technology took a step forward in January 2023 with the publication of the "Policy". The Policy, which takes immediate effect, replaces the Sandbox Framework which regulated the treatment of virtual financial assets (VFAs) and the use of innovative technology arrangements (ITAs) within the gaming industry.
The Sandbox Framework had been in place since 2019, a period which saw both boom and bust in cryptocurrencies and non-fungible tokens (NFTs). Despite this, the take-up of virtual assets under the previous arrangement was limited, with both regulatory restrictions and a lack of supporting infrastructure cited as reasons for hesitancy. Nevertheless, the four year operation of the Framework allowed the MGA to conduct extensive consultation with relevant stakeholders and to gain considerable experience of regulating virtual assets.
If the Sandbox Framework was a cautious toe in the water, the new Policy is a confident move from a regulator determined to be in the vanguard as VFAs bounce back from their crash of 2022. It provides a comprehensive and updated description of the Authority's position with respect to distributed ledger technology (DLT) applications. It also shows a willingness to embrace fully the use of virtual assets, and predicts a matured market of service providers catering for the increased demand. The Policy balances a commitment to leverage innovation with the need to ensure player protection, and also considers the high-risk nature which virtual assets pose, including their susceptibility to use by bad actors.
Operators accepting VFAs
Under the Policy, gambling operators are permitted to accept VFA deposits using their own wallets without the need for an intermediary. Alternatively, they can utilise a third-party licensed service provider to process the transactions and retain custody of the assets.
Any MGA licensee that wishes to accept VFAs must first request approval from the MGA. For that approval to be forthcoming, the applicant will need to provide documentation such as updated policies on wallet management and verification, the list of virtual assets and their classification and updated Terms and Conditions. They will need to show the wallet structure, permissions relating to wallets holding player funds, the persons that may have access to them, and the security measures being used to prevent misappropriation or unauthorised access to wallets holding player funds. There are also obligations regarding the loss of player wallets, AML/CFT and record keeping.
VFAs that are classified as financial instruments or as electronic money may only be accepted on a case-by-case basis by the MGA and privacy coins are strictly prohibited. VFAs cannot be sold, acquired or exchanged directly on the operators' site, although there are specific exemptions for virtual tokens.
Fiat-to-fiat transactions which utilise a virtual asset as a bridge do not fall within the scope of the Policy and are treated in the same way as traditional payment service providers.
Virtual tokens
Virtual tokens are by their nature confined within a closed-loop ecosystem on the operator's site, which does not allow them to be exchanged outside that ecosystem. These tokens can be acquired on the operator's site directly using fiat or VFA with the applicable exchange rate made clear to players prior to any exchange. The MGA will decide whether to accept or reject the use of such tokens on a case-by-case basis and will carry out an evaluation applying various qualifying criteria such as the technology, structure and security.
Operators launching their own token
Under the new Policy, operators can launch their own VFA or virtual token and have it as the predominant or exclusive currency of their site, with all transactions being denominated in the virtual currency. This can serve as the foundation for innovative reward systems which have as their aim an increase in brand recognition and loyalty.
Outsourcing and service providers
Operators can make use of third-party providers that offer custodial services and accept VFAs from players thereby allowing them to transact solely in fiat currency. Any such third-party provider must be duly authorised under the terms of the VFA Act or any other applicable law.
Rate of exchange
The Policy recognises the volatile nature of VFAs and their exchange value against fiat currency as well as the existence of widely varying exchange rates for the same VFA on different exchanges. It sets rules concerning the exchange value of VFAs for transparency purposes, for reporting player liabilities, fees and tax, and for setting limits on player deposits.
Information technology agreementand smart contracts
Operators are permitted to utilise DLT for all or part of their technical setup including the use of smart contracts within the key technical setup. This in itself requires specific approval from the MGA. Approval will be granted on a case-by-case basis with an audit taking place in line with the updated system audit checklist specific to DLT platforms.
Additional safeguards
A key part of obtaining the various approvals required under the Policy is an obligation on the part of operators to show they are identifying and mitigating the risks which may arise or be exacerbated by the use of VFAs. The use of analytical tools or transaction monitoring systems to identify suspicious transactions is also encouraged and will be viewed favourably.
The nature of VFAs means it is unrealistic for operators or third-party providers to control where the technical infrastructure which hosts a ledger is located. However, the MGA requires sufficient comfort that the requirements relating to the replication of essential regulatory data are adhered to.
A Voluntary Code for Environmental, Social and Governance Best Practices
Maltese companies are not alone in feeling the need to take a proactive approach to ESG concerns. Shareholders and customers alike expect a commitment to sustainable and responsible business, and this has seen ESG emerge as a crucial consideration across various industries in developed and developing economies. The remote gaming sector has made progress in addressing ESG issues, but there remains a challenge of limited or inconsistent uptake. The voluntary ESG Code of Good Practice (the "Code") issued by the MGA aims to complement and build on existing efforts by the industry, as well as acting as a reference point for remote gaming companies to assess, report on, and improve their ESG practices.
Rather than target setting, the Code provides a framework to assist companies in identifying and reporting the most material ESG issues relevant to the sector, as determined by a materiality consultation. Focusing on issues material to the sector will enable remote gaming companies to set meaningful goals, develop targeted strategies and allocate resources more effectively.
The three pillars of ESG
Environment
At first examination, the environmental footprint of the remote gaming industry may seem insubstantial. However, aspects such as the use of data centres and business travel may have a significant carbon footprint. Increased adoption of the kind of VFAs referenced above can also involve the use of a sizeable amount of energy. As the remote gaming industry grows, these aspects also grow making the cumulative impact significant. It is therefore critical to understand where carbon reduction opportunities exist.
Social
The social dimension of ESG is of particular relevance to remote gaming due to the unique characteristics of and potential challenges associated with the industry. Responsible gaming is one of a number of issues which impact the wellbeing of customers as well as business longevity. Diversity and inclusion is another social concern of growing importance and one which links to business performance. Remote gaming businesses with recognised strong social credentials can attract socially conscious investors, build trust with customers, and reduce the operational risks associated with negative public perception.
Governance
This refers to the set of principles, policies and procedures that guide business decision-making and operations. The remote gaming industry is exposed to a wide spectrum of risks, whether financial, operational, legal, reputational or those arising from cybersecurity. By upholding good governance practices, remote gaming businesses can safeguard their economic performance and financial stability, protect the interests of their stakeholders, manage risks more effectively, and build a resilient business in an evolving industry.
Development of the Code
The development of the MGA's Code for the remote gaming industry was done over four phases. A peer review and research phase mapped ESG topics that could be material to the gaming industry and reviewed the performance of remote gaming companies against the topics. It involved a study of the literature available from published sustainability reports, international and local ESG reporting standards and available ESG performance data.
The second phase was a materiality assessment which prioritised ESG topics according to their relevance to the industry as identified by a survey of MGA licensees. This was followed by in-depth interviews with several remote gaming companies to give further insight into the priorities, and the potential benefits and challenges of adopting them. The final phase was a consultation with licensees on a draft of the Code to further enhance its clarity and relevance.
In addition to the specifics of the Code itself, the engagement with stakeholders revealed data indicating a high level of support for an industry ESG Code. 72% of participants considered ESG to be important or extremely important to their organisation's strategy, with some suggesting that to ignore ESG concerns would present a severe risk to their business.
That said, there was relatively low familiarity (34%) with the efforts that peers in the remote gaming industry were making on ESG. 81% agreed that a voluntary Code would help guide their ESG journey. Respondents highlighted several benefits of an industry-wide ESG Code, including reducing financial and other risks (78% strongly agreeing), attracting investment (72%), helping companies develop safe and responsible products (81%) and sustaining or improving the industry's reputation, including bringing about changes in public perception (88%).
The Code in practice
The Code will be a standalone voluntary submission, separate from other disclosures made to the MGA or other regulatory or reporting bodies. Authors of the Code have recognised that licensees will be at different stages in their adoption of ESG. It has therefore divided its disclosure framework into two tiers: Tier 1 is a basic standard for entities to report on and achieve, whilst Tier 2 is more comprehensive and aspirational. The MGA has set out a total of 48 disclosure areas (33 for B2B licensees) based on the ESG topics revealed by its research, consultation and materiality assessment. It will be launching an online tool in early 2024 to make reporting as easy as possible. Initially, there will be no requirement for reporting organisations to submit evidence to substantiate their declarations made, however, the MGA will expect them to perform due diligence on the data. It may also withdraw ESG recognition if false or misleading information is found to have been submitted.
Whilst information on specific companies will not be shared by the MGA, participating entities will benefit from peer benchmarking of their own performance against the aggregated performance of others.
The MGA will recognise those organisations that report under the Code with an ESG Code Approval Seal. Renewable annually, a different seal will be awarded to entities that meet Tier 1 or Tier 2 reporting requirements, as per the minimum criteria for B2C and B2B licensees. Reporting organisations will be able to display the MGA ESG Code Approval Seal on their MGA-licensed website, their corporate website, social media and publications.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
