The proposal to be submitted to the LGA for
such internal controls shall be a system document which shall include
detailed information relating to:
(a) the operation of remote gaming
(b) general procedures to be followed for the operation of remote gaming
(c) computer software where applicable
(d) procedures for recording and paying prizes won in remote gaming
(e) accounting systems and procedure
(f) procedures to be followed to play a game
(g) procedures and standards for the maintenance, security, storage and
transportation of equipment to be used to conduct remote gaming
(h) procedures for the setting up and maintenance of security facilities
including general compliance and internal controls relating to access to
(i) a disaster recovery plan
(j) an adequate system of data backup
(k) any other information that the Authority may require.
The above provisions also apply
when a licensee intends to change a control system which had been
approved by the Authority.
The Regulations also provide
that the Authority may at its sole discretion, submit or direct the
applicant or licensee to submit the proposed control system or an
approved control system, to an audit. This takes place in the third
stage of the process, that is, after the issue of the letter of intent
but before the issue of the final license certificate.
In considering whether to grant
the approval of the control system the Authority gives due regard to the
(a) whether the proposed
control system or the proposed changes to the control system satisfy all
the requirements of the Maltese Gaming laws and regulations;
(b) whether the proposed
control system or the proposed changes to the control system are capable
of providing satisfactory and effective control over the operation of
The Authority shall by written
notice inform the applicant or licensee of its decision and where
approval has not been granted, the Authority shall give reasons for its
refusal to grant approval. Where approval is granted, the Authority
shall have the right to direct the applicant or licensee, by means of a
directive, to change or modify the approved control system in any manner
whatsoever, within a period of time which shall not be less than thirty
days from the date on which the directive is served on the applicant or
licensee. Failure to comply with such directive shall constitute
sufficient grounds for the Authority not to issue a license or to
suspend the license as the case may be.
the law further provides that all remote gaming shall be conducted under
the control system which has been approved by the Authority.
Specifications of the Gaming System
The “gaming system” is a
computer system or systems of computers by means of which remote gaming
is conducted, and shall include all its associated components, its
operating systems and applications software. Technically this would
include the subcomponents of the system that provide the games and would
include gaming devices, where applicable.
The Regulations provide that an
applicant for a license, or a licensee shall in respect of a new gaming
system, and before any such system becomes operational, provide adequate
certification that may be required by the Authority. The certification
must show that gaming system has been found within the previous six
months to comply with each and all the technical specifications laid
down in the law.
The certification submitted to the Authority for
approval must, where the system is based on computer software, include
the following information:
the name of the owner of the software
the name of the organization which did the testing required by the
all companies and organizations involved in the process and their
all individuals involved in the process and their professional
the processes, rules and parameters of the games
the server protocols, communication protocols and other
specifications which are part of the gaming system architecture
information about the security of the system
which modules affect processes, rules and parameters of the game if
the source-code is changed
any other information that is of material importance to the specific
a detailed description of the setup and functionality of the
application architecture and system architecture.
No changes to the gaming system
shall be made without the prior approval of the Authority and additional
certification of compliance.
Where approval of the system is
not granted the Authority shall inform the applicant or licensee of its
decision in writing stating its reasons for refusal.
Notwithstanding that the system
has been approved for operation, the Authority may at any time direct
the licensee to submit, at the licensee’s cost, the system’s software
for further testing, checking or verification.
No gaming equipment may be used
in the operation of an authorized game pursuant to an online betting or
online gaming license, without the prior approval of the Authority.
The Authority may, by written
notice, require that gaming equipment be submitted for certification by
an approved company or organization.
The Authority may at any time
after these regulations come into force publish a list of approved
certification companies and organizations.
Requirements for the Gaming System
The gaming system must:
(a) faithfully follow the game
rules published by the operator; and
(b) provide over time no more than the expected house advantage to the
Both the gaming and financial
transactions must be congruent and secure.
The random number generator
software must be used to regulate the outcome of the games. The numbers
and cards must be drawn at random and must feature impeccable fair
The gaming system must satisfy the following criteria for randomness,
(a) the data must be randomly
generated, passing appropriate statistical tests of randomness
(b) the data must be unpredictable, i.e. it must be computationally
infeasible to predict what the next number will be, given complete
knowledge of the algorithm or hardware generating the sequence, and all
previously generated numbers
(c) the series cannot be reliably reproduced, i.e. if the sequence
generator is activated again with the same input (as exactly as is
reasonably possible) it will produce two completely unrelated random
The outcome of any game event,
and the return to the player, must be independent of the CPU, memory,
disk or other components used in the playing device used by the player.
The game or any game event
outcome must not be affected by the effective
bandwidth, link utilisation, bit error rate or other characteristic of
the communication channel between the gaming system and the playing
device used by the player.
The gaming system must be able to
display for each game the following
information on the current page or on a page directly accessible from
the current page via a hyperlink:
(a) the name of the game
(b) restrictions on play
(c) instructions on how to play, including a pay-table for all prizes
(d) the player’s current account balance
(e) unit and total bets permitted
(f) the rules of the game.
financial reports produced by the gaming system must be congruent
with gaming transaction reports and conversely. All such reports shall
be readily and freely available to the Authority.
gaming system must:
(a) be capable of producing monthly auditable and aggregate financial
statements of gaming transactions, and
(b) calculate accurately all taxation and other monies due to the
gaming system must maintain information about all games played,
(a) the identity of the player
(b) the time the game began as recorded on the games server
(c) the balance on the player’s account at the start of the game
(d) the stakes placed in the game (time stamped by the games server)
(e) the game status (in progress, complete, etc.)
(f) the result of the game (time stamped by the games server)
(g) the time the game ended as recorded by the games server
(h) the amount won or lost by the player and
(i) the balance on the player’s account at the end of the game.
gaming system must maintain information about significant events
(b) transfers of funds in excess of such amount as the Authority may
from time to time direct by notice in writing to the operator
(c) changes made by the operator to game parameters.
variations to any of the requirements listed above shall be submitted to
the Authority for its approval by notice in writing.
After the certification
process required for issue of the full five year licence, the gaming
system need not be tested regularly, but there will be follow up audits
by the Gaming Authority when deemed prudent. Only significant changes to
the live gaming system require approval by the
Gaming Authority before
they can be introduced.
Wherever a discrete random
number generator (RNG) is used, its certificate must be
submitted to the
Lotteries & Gaming Authority.
Where the gaming system used
by an operator has already been certified (which is possible when one
uses the gaming platform already licensed in Malta), no further gaming
system certification is required, but then the individual licensee’s
Control System will be subject to audit by the Lotteries & Gaming Authority.