As of the 1st July of 2018, licensees are required to identify the persons responsible for the key functions as defined under the Fourth Schedule of the Authorisations Regulations. Such persons are required to undergo the MGA’s scrutiny for assessment of their fitness and propriety and would need to re-apply every three years. The persons who fulfil the necessary criteria shall then be issued with a key function certificate for the relevant function or functions.
The key functions are the following:
- Chief Executive;
- Responsibility for day-to-day gaming operations – for B2C operators, this also includes the processes of making payments to, and receiving payments from, players;
- Responsibility for compliance with the obligations emanating from the issued licence/s;
- Responsibility for finance;
- Responsibility for marketing and advertising (for B2C operators only);
- Responsibility for legal affairs and compliance with the applicable regulatory instruments;
- Player support (for B2C operators only);
- Responsible gaming (for B2C operators only);
- Responsibility for the prevention of fraud (for B2C operators only);
- Responsibility for risk management (for B2C operators only);
- Responsibility for the prevention of money laundering and the funding of terrorism (for B2C operators only);
- Adherence to applicable legislation relating to data protection and privacy;
- Responsibility for technology, including but not limited to information security and the operation and management of the control system;
- Responsibility for network and information security;
- Responsibility for internal audit (for B2C operators only).
While one individual may fulfil more than one of the above roles, the MGA has identified a number of roles which are incompatible with each other and therefore cannot be held by the same person, namely the following:
- Compliance-based roles are incompatible with roles centred around the growth of the business. In particular, the Chief Executive role, responsibility for the licensee’s finances (except responsibility for the payment of tax and fees due in terms of law) and responsibility for marketing and advertising are incompatible with the following roles:
- Compliance with the licensee’s obligations emanating from the MGA licence/s;
- Player support;
- Responsible gaming.
- The person responsible for the prevention of money laundering and financing of terrorism is also expected to refrain from taking on other responsibilities which may conflict with his functions in such role, or which otherwise conflicts with such function or prejudices the person’s effectiveness and independence in such role, including but not limited to the Data Protection Officer.
- The Data Protection Officer role is incompatible with any other role that manages or otherwise controls personal data, or which otherwise conflicts with such function or prejudices the person’s effectiveness in such role, including but not limited to the Money Laundering Reporting Officer.
- The person responsible for internal audit is normally expected not to hold any other function.
Start-up undertakings as defined in the Gaming Licence Fees Regulations, and recognised as such by the MGA in line with the Start-Up Undertakings Directive, may be allowed to have a single person conduct roles which may prima facie appear conflicting, during the first year of operation, if the MGA is satisfied that the integrity of the licensed operation will not be negatively affected.
Furthermore, such undertaking shall not be required to have a person responsible for the key function of internal audit, during such first year of operation. This is without prejudice to requirements stemming from other applicable laws.
The introduction of the key function roles has rendered the singular Key Official position void and as a result there is no longer the need for a local resident director from a regulatory point of view.