Malta Gaming Authority publishes policy on the use of distributed ledger technology

The Malta Gaming Authority (MGA) has published its policy paper regarding the acceptance of virtual financial assets (VFA), virtual tokens and the use of innovative technology arrangements (ITA) such as distributed ledger technology (DLT) platforms and smart contracts by authorised operators.

Authorised operators which were granted approval under the MGA’s previous Sandbox Regulatory Framework need to ensure they fulfil all additional requirements within three months.

Requirements for approval to accept DLT assets

Operators need approval from the MGA to accept VFAs if a deposit initiated by a player is a VFA, or if the deposit initiated by a player is fiat but is received as a VFA by the operator.

When it comes to wallets storing VFAs, a minimum standard is set, such as its structure in relation to payment flows and permissions, and also what security measures are used. Furthermore, a limited set of basic properties are required for wallets storing VFAs, such as an address.

A wallet address is a unique string of letters and numbers which can be shared with others to send and receive virtual assets.

In the event that a player wants to change their wallet address or loses access to their wallet and wants to withdraw their funds to a different address, the policy stipulates that the operator may, in exceptional circumstances, prevent the withdrawal to ensure compliance with anti-money laundering or counter-terrorism financing rules (AML/CFT). The policy also obliges operators to notify players of this risk in advance to ensure they don’t risk losing access to their funds.

The MGA will also assess whether to accept or reject virtual tokens classified as DLT assets on a case-by-case basis after evaluating them on a set of characteristics such as their security, market application and player protection considerations among others.

Due to the nature of virtual tokens, and their volatility, the MGA has also set requirements which ensure that operators do not become exchange platforms. It also affirms that, even if smart contracts are used for automated transactions, operators are still required to ensure strict AML/CFT oversight.

Authorised operators need to ensure compliance with AML/CFT practices by ensuring that their policies and procedures are developed in a way which will cater for the risks arising from the use of VFA or virtual tokens as funding solutions, and smart contracts to automate payments.

The MGA encourages the use of analytic tools and transactional monitoring systems to detect suspicious transactions or behaviour by either the authorised person or third-party service.

Application process

Those wishing to obtain the MGA’s approval to use DLT need to follow a set of steps through the Licensee Relationship Management System (LRMS)

A prospective authorised person needs to apply for approval to accept DLT assets and/or use innovative technology arrangements as part of a new licence application.

Already authorised operators can apply for approval for the acceptance of DLT assets through the ‘operational – payment methods’ application; and additional currencies can be added under the already approved payment method with the ‘updated documentation’ application. To apply for approval to use innovative technology arrangements, they need to use the ‘technical – new games’ application.