scroll to explore

Credit & Financial Institutions

Auditing iGaming Entities

by Griffiths + Associates Ltd

24th October 2023

The last decade has seen Malta emerge as the undisputed front-runner in the regulation of the online gaming industry. According to the latest MGA Annual Report, as of the end of 2022, the number of companies licensed by the MGA, including online and land-based entities, stood at 350, holding 358 gaming licences and 329 game type approvals to offer various types of games under the B2C licence.

The Maltese iGgaming industry has continued to register a resilience and positive performance, that is largely attributed to its ability to remain flexible and adapt to ongoing changes.

The forthcoming global tax reform is one of the significant changes that will affect the industry. Within the international corporate tax framework, global minimum taxation is set to be introduced in 2024. Large international groups of companies with a combined annual turnover of more than €750 million will be subject to a minimum income tax of 15% from 2024. In that regard, the MGA has intensified its efforts to safeguard Malta’s competitiveness as a jurisdiction.

There are positive expectations not only for increasing revenue and employment but also for regulatory and compliance requirements resulting from the wave of national regulation. iGaming companies must respond to these demands, while auditors must possess the necessary tools to keep abreast of these changes and to be aware of specific aspects when auditing clients in this high-risk industry, whether large or small.

Griffiths + Associates methodology adopted in carrying out the statutory audits for iGaming entities.

Client acceptance procedures.

Our Customer Acceptance Policy (CAP) focuses in verifying the identity of the firm’s customers, including its legal representatives and beneficial owners or controlling persons, their agents, on how the Customer Risk Assessment must be carried out, as well as obtaining data and information on the customers’ activities as well as their transaction as to allow our Audit Team to scrutinise them.

The approach or methodology adopted by firm when carrying out audits or reviews of gaming companies during statutory audits begins with client acceptance procedures. These procedures are put in place to ensure that the client and the audit team have a clear understanding of the scope and objectives of the audit, and to confirm that the client is willing and able to provide the necessary information and resources for the audit to be conducted.

In this sense, the firm has a Customer Acceptance Policy maintained by the Compliance Officer, which sets out the customer due diligence procedures that are applied to all the firm’s customers, including entities regulated by the MGA. The due diligence procedures take into account applicable legislation such as Anti-Money Laundering legislation as referred to by the Gaming Act, as well as standard recommendations issued by the FIAU, MFSA and MGA.

Notwithstanding the above, the CAP focuses in verifying the identity of the firm’s customers, including its legal representatives and beneficial owners or controlling persons, their agents, on how the Customer Risk Assessment must be carried out, as well as obtaining data and information on the customers’ activities as well as their transaction as to allow the audits to scrutinise them.

The firm introduced a standardised form (Customer Acceptance Form) for customer acceptance purposes, which is aimed at ensuring a uniform process during the acceptance of customers. During this process the documentation such as the client’s policy and procedures relating to AML and internal controls related to responsible gaming are obtained.

Upon onboarding, Griffiths + Associates enters into a formal agreement outlining the terms and conditions of the statutory audit (Letter of Engagement and Acceptance of General Terms and Conditions), as well as any relevant laws and regulations that may apply to the gaming industry.

Once the client acceptance procedures have been completed, the Audit Team begins to plan and conduct the statutory audit.

Quality assurance.

Griffiths + Associates has compiled the ISQM 1 Manual so as to be compliant with International Standard of Quality Management 1 ‘Quality Management for Firms that Perform Audits or Reviews of Financial Statements, or Other Assurance or Related Services Engagements’. The system of quality management in compliance with such ISQM was required to be designed and implemented by 15 December 2022, which is the effective date of the quality management standard.

The ISQM 1 Manual, which is available on request, covers all the eight components required by ISQM 1:

Firm’s risk assessment process
Governance and leadership
Relevant ethical requirements
Acceptance and continuance of client relationships
Engagement performance
Resources
Information and communication
Monitoring and remediation process

Statutory audit approach.

As iGaming is a high-risk industry, the audit should be carried out with a risk-based approach.

Our professional responsibility is to obtain sufficient audit evidence before an opinion is rendered on any financial statements. To achieve this, we will conduct our work in the following phases:

3.1. Audit planning and risk assessment.

As part of that process, we conduct a pre-audit meeting with management to discuss the scope and timing of the audit. The risk assessment audit standards require assessments based on an understanding of internal controls over financial reporting of the audited Company and determination of the areas that present risks of material misstatement to its financial statements. We then design our audit approach to include tests of specific internal controls and substantive audit procedures which are tailored to the identified risks. Our risk assessment includes consideration of the following factors:

– Materiality planning: quantitative factors, qualitative factors;

– Client understanding: external factors, nature of the business, business strategy, objectives, risks, key performance indicators, internal control;

– Audit team discussion: audit approach, issue resolution;

– Audit planning: staffing, timing, audit programs.

Evaluation of the entity’s IT system and controls.

The risk assessment process Involves a thorough review of the entity’s existing I.T. processes and controls to evaluate their effectiveness, permissions applied to enforce segregation of duties and how errors or controls deficiencies are identified and addressed. The audit team evaluates the design and implementation of the controls by performing the following procedures: inquiring of entity’s IT personnel, observing the application of specific controls by the entity’s staff, inspecting documents and reports, and tracing transactions through information system by performing walk-through checks.

The conclusions on the effectiveness of the relevant controls and their impact on audit are documented and will determine the audit approach as regards the extent of substantive testing to be performed.

Compliance with laws and regulations:

Both at the risk assessment stage and throughout the audit, procedures are implemented to verify whether the entity is adhering to the Gaming Act and all other applicable regulations. Management with the oversight of those charged with governance are responsible for compliance with laws and regulations. Our responsibility is to obtain reasonable assurance that the financial statements taken as a whole are free from material misstatement whether due to fraud or error. Our objective is to respond appropriately to identified or suspected non-compliance with laws and regulations identified during the audit. Audit procedures include, and not limited to the following:

– Understanding of legal and regulatory framework applicable.

– Understanding of how the entity is complying with the framework such as reviewing the entity’s policies and procedures relating to AML.

– Make inquiries with the gaming entity’s MLRO and senior management.

– Inspect correspondence including reports relating to audits/compliance visits by regulatory bodies such as MGA and FIAU and reading minutes.

– Obtain written representations.

– Sending legal letters to all lawyers used by the entity enquiring details of litigations and claims and existence of any contingent liabilities.

– Conducting a Google search for any news and reviews involving the entity.

Other risk areas.

Other typical risk areas to be considered at the risk assessment stage in an iGaming scenario include revenue, intangible assets valuation, related party receivables valuation, and acquisition accounting. And typical estimates comprise gaming taxes, provisions for litigation and claims, valuation of intangible assets, recoverability of related party receivables, recoverability of bank and PSP balances, recoverability of investments in the subsidiary, and valuation of pending bets.

Materiality.

Considering the specifics of iGaming industry, upon “Materiality” calculation, the most relevant benchmarks are profit before tax from continuing operations, net gaming, and also total assets or net assets, depending on the type of entity and situation.

3.2. Fieldwork and Substantive Testing:

Based on the results of our risk assessment and internal control evaluation, we design a specific audit plan to focus expanded procedures on areas with the greatest risk of material misstatement, error, and fraud. We use tests of details, substantive analytical procedures, or a combination of the two to conclude on the reasonableness of the given transaction class or account balance. By utilizing a blend of substantive testing (vouching underlying transactions to support), and substantive analytical testing (testing data through overall and stratified analysis), we are able to cover significant ground while still getting a quality level of detailed depth to our testing. Striking a good balance and not overlying on one type of testing over the other is integral to a thorough and efficient audit.

The primary areas of audit focus include:

Cash & Investments; Receivables & Revenues; Capital assets; Accounts Payable including Player’s Liabilities and Expenditures; Long-term debt and other liabilities; Deferred Revenue; Compliance with purchasing and expenditures policies and controls; Compliance with laws and regulations; Any special transaction or situations with financial management or reporting significance; Commitments and contingencies; and Reporting in the financial statements in accordance with IFRS.

Typical substantive procedures:

In general, this implies agreeing the financial statement elements to the underlying accounting records including year-end account balances and transaction activity occurring throughout the year; and confirming cash held in bank and investment accounts, accounts receivable, inventory held by others, material grants and long term debt balances.

Elaborating on iGaming specifics:

Testing “revenue”, we typically use following procedures:

perform analytical procedures by current & prior year, both at a high level and detail year at revenue stream and trend analysis; agreeing monthly revenue with GSP’s monthly reports, agreeing on GGR to returns submitted to authorities; performance of a reasonable test for bonuses by comparing bonus rate over GGR with expected rate; review of customer complaints; and cut-off procedures.

Testing “player liability” (also known as customer balance or wallet), we check the client’s reconciliation by: vouching a sample of deposits and withdrawals to PSP statements; recalculations of exchange differences; agreeing bets and wins with GSP statements; analytical review on bonuses.
Testing “pending bets” is usually performed using a high-level analytical procedure and applying the wins-to-bets ratio to bets at year-end. A pending bets report after year-end can be also obtain to identify closed bets and wins or get odds at year-end to assess the fair value.
Testing “Payment Service Provider balances”, we usually obtain confirmation of PSP balances.

A particular focus is made on player funds requirements, namely, that player funds are kept segregated as per the Gaming Player Protection Regulations, SL 583.08, are safeguarded as per Gaming Act, Cap.583, Article 19 and cover the requirements pf the Player Protection Directive, Directive 2 of 2018, Article 38.

Audit Sampling:

We utilize both statistical and non-statistical sampling techniques, depending on the type of testing being performed. Internal control, substantive and compliance testing samples are generally selected using nonstatistical techniques. Sample sizes are determined by risk assessment and nature of the population.

Typical analytical procedures:

We compare financial information with comparable prior periods. This analytical work allows us to form quality expectations to compare results to. When results don’t align with our expectations, we investigate further to obtain sufficient evidence to conclude whether there is a valid reason for the deviation or if not, determine the root of the issue causing the variance. This is a great method for identifying systemic and significant issues and/or material misstatements.

3.3. Reporting.

This phase includes:

Reviewing the financial statements and agreement to underlying audited records;
Evaluating the financial statements for compliance with IFRS requirements;
Formulating an opinion as to the fair presentation of the financial statements; and
Preparing management letter with recommendations and communication letter to those charged with governance (TCWG).

Agreed-upon procedures reports.

Griffiths + Associates adheres to the following Technical Releases by the Malta Institute of Accountants as regards procedures and gathering of evidence and reporting of findings in carrying out engagements as per Article 41 (2)(b)(iii) of Directive 3 of 2018 Gaming Authorisations and Compliance Directive (“Gaming Authorisations and Compliance Directive 2018”:

– AUDIT 02/21 – Players Funds and Jackpot Funds – Technical Release for engagements requiring a confirmation of the players funds, as well as the portion of Players Funds Account balance which fall under the Maltese Licence;

– AUDIT 02/21 – Gaming Tax Payable and Levy on Gaming Devices – Technical release for engagements requiring a confirmation of Gaming tax payable on the revenue from clients classified as Maltese players, as well as Levy on gaming devices which fall under the Maltese Licence.

Griffiths + Associates is geared towards providing tailor-made solutions for Gaming Operators who are desirous in using Malta as their business hub. In addition to carrying out the audit of financial statements in accordance with International Financial Reporting Standards, we have extensive experience of advising and assisting clients with:

Carrying out Agreed Upon Procedures (AUP’s) as required by the MGA
iGaming licensing application support, Malta Gaming License
Corporate services
Due Diligence
Work Permits
Business Advisory
Tax
Accounting

Visit our website griffithsassoc.com and find more information.

Credit & Financial Institutions

Auditing iGaming Entities

'Credit & Financial Institutions' Related News Articles

A creditor’s obligation to assess the creditworthiness of a consumer

BOV TALKS ARTIFICIAL INTELLIGENCE IN THE BANKING WORLD

The MFSA consults on a draft Conduct of Business Rulebook for Banks

MFSA Shifts to Outcomes-Based Supervision in 2024

AIFMD II – A step closer to entry into force

The European Union Global Minimum Level of Taxation for Multinational Enterprise Groups and Large-Scale Domestic Groups Regulations 2024

BOV EXPERTS DISCUSS ECONOMY AND INVESTMENT BASICS WITH RETAIL CLIENTS

Bank of Valletta has supported this year’s opera by Gioachino Rossini – ‘Armida’

EU AML-CTF Package taking shape: Compromise text for AMLR and 6AMLD published

Changing the terms of a credit agreement and forbearance policies and measures: new obligations on lenders in consumer and residential property credit agreements

BOV launches revamped cutting-edge website

The HSBC Malta Foundation supports Three-Year UM Research Project through RIDT

Bank Of Valletta extends Partnership Agreement with Heritage Malta

BOV RETROSPECTIVE EXHIBITION FEATURING WORKS BY NOEL GALEA BASON OFFICIALLY INAUGURATED

Goal-line Defenders: Scoring Victory Against Financial Crime with the Three Lines of AML/CFT Defence

Agreement reached on the establishment of the Anti-Money Laundering Authority (“AMLA”)

FIAU Thematic Review on Company Service Providers when providing Company Formation Services

Directive 93/13/EEC and mandatory statutory or regulatory provisions in consumer contracts

2023 SEES 151 BOV EMPLOYEES GRADUATING

BOV SELLS PORTFOLIO OF NON-PERFORMING LOANS

MALTA Nomad Residence Permit, New Tax Rules.

BOV Boosting Employee Retention through Occupational Pension Schemes

Keeping Tabs on Market Perception and Knowledge about Investments

BOV Announces Profit Before Tax of €163.5 million as at September 2023

Proposed amendments to the Exclusive Economic Zone Act and ancillary laws

MFSA Circular regarding various amendments to the Investment Services Rulebooks

MiCA Update: Consultation Process on the Proposed Updates to Chapter 3 of the VFA Rulebook

Continuing to disclose the topic EU funding for Startups ¦ Startup Definition

BOV keeps up momentum in educating customers about scams

Malta: a state-of-the-art regulatory framework for cryptocurrencies

ESMA issues Second Consultation Package under MiCA

Standard and Poor’s (S&P) upgrades Bank of Valletta’s rating to stable

BOV Asset Management Seminar Discusses Best Practices in Investments

BANK OF VALLETTA ACQUIRES NEW FUNDING TO RELAUNCH THE BOV SME INVEST PACKAGE

BOV Introduces New Digital Portal to Update Customer Records

EU Court’s Landmark Ruling: Restricting Financial Ties to Combat Money Laundering and Terrorism Financing

ESMA and EBA issue Inaugural Consultation Packages under MICA

ESMA issues public statement in relation to sustainability disclosures in prospectuses

FIAU publishes its AML / CFT Supervisory Plan for 2023 – 2024

Reforming Digital Payments – Introducing the new Payment Services proposals

APS Bank delivers best-ever half-yearly results, to pay interim dividend

New Digital Experience For BNF Bank Customers

Proposals for an improved European Banking Union framework – Part II

Proposals for an improved European Banking Union framework – Part I

Opposing trade mark registrations in the realm of financial institutions

Over 24,000 customers respond to BOV’s call for feedback

BOV puts Mobility in the Spotlight on World Bicycle Day

BOV Goes Green for Mental Health

BOV Volunteers at GSSE 2023

The new notified PIFs framework: MFSA publishes consultation document on regulatory changes

MiCA obtains green light from European Council

ESMA postpones annual IFRS amendment of ESEF to 2024

BOV Launches Investor Education Sessions

MiCA – Landmark crypto regulation approved by EU Parliament

BOV ISSUES WARNING ON SCAM CALLS

BOV Asset Management Limited launches the Global Multi-Asset Thematic 60 Fund managed by Fidelity International

MALTA COUNTRY ANALYSIS REPORT

INFOCREDIT GROUP AMONG THE SPONSORS OF MALTA FINANCIAL CRIME COMPLIANCE CONFERENCE 2023

Business Decisions that undermine the Compliance Culture – Part 5

BOV Offers MAPFRE MSV Life Capital Guaranteed Product

Business Decisions that undermine the Compliance Culture – Part 4

Becoming a Data Driven Organisation

Business Decisions that undermine the Compliance Culture – Part 3

BANK OF VALLETTA PROMOTES HEALTHY LIFESTYLES AND ROTA INITIATIVE

Business Decisions that undermine the Compliance Culture – Part 2

ELTIF 2.0 published in the Official Journal of the European Union

The INSIGHT Interview: David Power, CEO of BNF Bank

Sustainable Finance and the Impact on the Financial Services Sector in Malta

Bank of Valletta commemorates International Women’s Day

EU’s Green Taxation: Tackling Climate Change through Tax

The classification of cryptoassets under the new Markets in Crypto-Assets Regulation

Business Decisions that undermine the Compliance Culture – The MLRO Reporting Lines

Welcome to “Enterprise Innovation” ¦ 23 February 2023 at Salini Resort Hotel

Brussels forecasts 3.1% economic growth for Malta, second-highest in EU

BOV Managers Discuss Customer-Driven Strategies

More ATMs For BNF Bank Customers

Digital Operational Resilience for the Financial Sector