The Malta Gaming Authority is hereby publishing a revised version of the System Audit Checklist. The Authority is also issuing a new System Review Checklist, which will be used after licence issuance, to verify that the implemented systems operated by the Licensee reflect the information submitted to the Authority, as well as being in line with the requirements emanating from the Gaming Act and any other relevant subsidiary legislations. Both documents may be accessed from the ‘Downloads’ section.

The revised Audit Checklist builds on the previous version, however, it also takes into consideration the requirements from the revised System Documentation Checklist, and omits any requirements that were inefficient or obsolete. The Audit Checklist has been split into 4 separate checklists to cater for the differing B2C, B2C with DLT, B2B and B2B Software needs.

Although applicants are urged to refer to the revised Audit Checklist where possible, the revised requirements will come into force for any System Audits engaged as of 1 January 2023.

System Reviews will also be carried out by the approved Audit Service Providers (the ‘ASPs’), similar to the System and Compliance Audits processes. The System Review should be carried out on the live environment, and the Licensee’s personnel should be available to demonstrate functionality and provide evidence and information as per the list of checks provided.

System Reviews will generally be required one year after issuance of a new licence, or within a shorter time frame if a system audit was not required at licence issuance stage. A Licensee might be asked to undergo a System Review in any other instances that the Authority decides upon.

Audit Service Providers conducting System Audit and/or System Reviews should submit feedback though the Authority’s CRM system, or otherwise, as instructed by the Authority. The checklists have been structured in a way to better guide ASPs and Licensees on the checks applicable per licence type. However, the ASP is free to conduct and include feedback on other additional checks that are deemed relevant to the Audit. This is especially so in the cases of B2B licence providers offering both management and/or control of the games, as well as that of the back-end software. In such instances, the different checks from both B2B tabs might be relevant and would need to be conducted.

In case of any checks which are deemed to be as not applicable, the ASP needs to provide the rationale behind this decision, as well as any supporting evidence.

Kindly contact our support team at [email protected] should you require any further information.