Following the introduction of the new regulatory regime on the 1st August 2018, the key official role was replaced by several key functions, defined by the MGA to further segregate roles within a remote gaming operation.
Each licensee or applicant shall notify to the Authority, in the manner required by the Authority, the key persons who perform one or more key functions for such licensee and must pursue a certificate of approval accordingly.
Persons performing key functions are not required to be employees of the licensee but are required to have full knowledge, understanding and access to the licensee’s practices, procedures and systems.
The Key Functions for a Business to Customer licensee shall be the following:
- CEO or equivalent
- Day-to-day gaming operations, including process of making and receiving payments from players (COO)
- Compliance with MGA
- Administrative & Financial Strategies (CFO)
- Marketing and Advertising, including bonus offers and promotions (CMO)
- Legal affairs, including contractual arrangements and dispute resolution
- Player support
- Responsible gaming
- Prevention of fraud
- Risk management
- Prevention of Money Laundering and Financing of Terrorism (MLRO)
- Adherence to legislation relating to data protection and privacy (DPO)
- Technological affairs, including management of the back-end and control system (CTO)
- Network and information security (ISO)
- Internal audit
The MGA has issued a notification enforcing certain roles to be taken up by independent individuals. Such notification states the following: Compliance-based roles are incompatible with roles centred around the growth of the business. In particular, the Chief Executive role, responsibility for the licensee’s finances (except responsibility for the payment of tax and fees due in terms of law) and responsibility for marketing and advertising are incompatible with the following roles:
(i) Compliance with the licensee’s obligations emanating from the MGA licence/s;
(ii) Player support;
(iii) Responsible gaming.
Furthermore, the person responsible for the prevention of money laundering and financing of terrorism is also expected to refrain from taking on other responsibilities which may conflict with his functions in such role, or which otherwise conflicts with such function or prejudices the person’s effectiveness and independence in such role, including but not limited to the Data Protection Officer;
The Data Protection Officer role is incompatible with any other role that manages or otherwise controls personal data, or which otherwise conflicts with such function or prejudices the person’s effectiveness in such role, including but not limited to the Money Laundering Reporting Officer;
The person responsible for internal audit is normally expected not to hold any other function.
RSM is in a position to support the persons carrying out the following key functions :
- Compliance with the licensee’s obligations emanating from the licence or licences issued by the MGA;
- The administrative and financial strategies of the licensee, including but not limited to the payment of tax and fees due to the MGA;
- The prevention of fraud and support to the Money Laundering Reporting Officer; and
- Adherence to applicable legislation relating to data protection and privacy.