VFA/DLT Sandbox Framework – FAQs

Virtual Financial Assets (VFA) and their underlying technology, Distributed Ledger Technology (DLT), are a new disruptive phenomenon in the digital currency and technology arena. The hype around their potential as a disrupter has been intense, with gaming as one of the sectors that may benefit from the use of VFAs and DLT technology. The Malta Gaming Authority’s (MGA) strategy to be at the forefront of gaming regulation while embracing innovation, is balanced with the recognition that a prudent approach in this area is sensible and needed.

The below Frequently Asked Questions (FAQs) section is intended to address the questions that applicants and licensees ask the Authority:

The sandbox environment commenced on 1 January 2019 for the purpose of the acceptance of virtual financial assets and virtual tokens, and will last for a period of ten (10) months. For the purpose of leveraging innovative technology arrangements within a gaming operation, the regulatory sandbox will commence on such date as the MGA may establish in due course. If the MGA deems it appropriate, the duration of the sandbox may be extended further for a specified period, in whole or in part.

Existing licensee can apply for the VFA approvals from the LRMS through the “New/Change” service request specifically from the New or Change in Payment methods form. For DLT approvals, the MGA will start to accept applications at a later date.

All additional documents are listed in the System Documentation within section 6.

Players depositing in Virtual Currencies (VC) need to complete verification process within thirty (30) days of the first deposit in VC.

Wallet addresses need to be verified to ensure that the player owns such wallet before any deposits are made. Operators need to inform the Authority about the method to be used for wallet verification within the relevant policy.

Currently, operators are required to maintain player-specified limits for fiat currencies; rather than include VFAs within the same limit, operators should add a distinct player-specified ceiling for VFAs that is distinct from the fiat currency limit.

Throughout the duration of the sandbox, and without prejudice to limits required in terms of Part V of the Gaming Player Protection Directive (Directive 2 of 2018), no operator may accept deposits in VFA by a player exceeding the equivalent of one thousand Euro (€1,000) per month. When a player elects to set a player-specified limit in accordance with the Player Protection Directive, the operator must give the player the option to set such limit both for fiat currency and for VFAs.

Customer due diligence obligations shall be triggered upon cumulative deposits or wagers, as the case may be, of one hundred and fifty Euro (€150) or more in a rolling period of one hundred and eighty (180) days.

When an operator allows more than a single wallet for the same VC, then full CDD shall be carried out on the player irrespective of whether the €150 threshold has been met.

Any pending transactions which do not match with a player’s verified wallet address shall be logged, and reversed back to the originating wallet address. Where it is not possible, the operator shall freeze the amounts and report such amount within the monthly player funds report.

Exchanging between one VC and another shall not take place within the operator’s ecosystem.

The operator may sell its custom tokens for fiat currency on its own platform, in order for such players to make use of the custom tokens on the operator’s platform itself, provided that the custom tokens may not be taken out of the operator’s platform and any withdrawals are to be made in fiat currency after converting the custom tokens, on the operator’s platform, at the same exchange rate at which they were acquired.

Operators may wish to make use of third parties that accept cryptocurrencies from players whilst allowing the operator itself to deal solely in fiat currency. Such third parties may only be used if in possession of the relevant licence from a regulator within the EU or EEA, or any other jurisdiction which is deemed to provide equivalent safeguards. Operators making use of Third Party Crypto Payment processor shall ensure that wallets are verified to ensure that such wallets are owned by the same player.

Where the custom tokens do not have a fiat pair on any exchange which offers the necessary safeguards from the MGA’s perspective, the value thereof shall be assessed by using the exchange rate of such token with Ethereum, and subsequently using such value assessed against Ethereum’s Euro value in order to derive the Euro value of the custom token. The exchange from where the rate will be taken must be notified and approved by the Authority.

Exchange rate shall be taken on the last day of the month at 12:00 pm (noon) in UTC time for this purpose.

Any operator participating in the sandbox programme are to present a report of any failed return transactions so as to be able to explain any money being held in their wallets without any ownership.