MGA Issues Clarification on Audit Procedures: Updates to Reporting and Review Practices
MGA Issues Clarification on Audit Procedures: Updates to Reporting and Review Practices
The Malta Gaming Authority (MGA) has published an update to its guidance on System Audits, System Reviews, and Compliance Audits.
This clarification builds on the regulatory update issued last year and takes into account feedback from Approved Audit Service Providers such as BDO Malta as well as practices considered effective within the sector. The updated guidance aims to ensure that audit procedures remain effective, with expectations clearly communicated to both licensees and audit providers.
Summary of Procedural Updates
Approved Audit Service Providers are required to complete System Audits and System Reviews within sixty (60) days of receiving approval from the MGA, while Compliance Audits must be concluded within ninety (90) days. All reports must be submitted electronically through the Authority’s portal.Where any issues of non-compliance are identified during the audit process, the Service Provider must notify the licensee. The licensee is encouraged to resolve the issues identified during the audit window. Once addressed, the Service Provider is expected to conduct further checks. Items that are deemed to have been rectified may be marked as ‘Resolved at Audit Stage’, while issues that meet requirements only in part may be marked as ‘Partially Compliant’.
These two new audit conclusion statuses - ‘Resolved at Audit Stage’ and ‘Partially Compliant’ - have been introduced to support more accurate and transparent reporting by Service Providers.
In circumstances where non-compliance cannot be resolved within the allocated timeframe, the licensee may submit a one-time extension request. This must include a description of the issues encountered and an outline of the intended corrective actions. The MGA will consider such requests at its discretion.
To support efficient evidence management, the SharePoint Virtual Data Room (VDR) has been enhanced to ensure better organisation and accessibility of submitted documentation whilst Service Providers are required to reference relevant supporting documents within their audit reports and provide clear justifications for their adequacy.
The Malta Gaming Authority also reserves the right to reject an audit report if it determines that the findings do not allow for a conclusive outcome, particularly in cases involving multiple unresolved issues, or poor audit report quality and related evidence.