No need to panic about tighter data protection rules
Can you give us an overview of Mazars’ gaming practice?
We have been servicing gaming companies since the onset of the industry in Malta. We provide a one-stop shop service, assisting in corporate structuring, tax planning, licensing, VAT optimisation and compliance, accounting and audit services. We are also approved MGA compliance and systems auditors, and have been serving in this role for the past seven years. The iGaming industry has evolved and matured during the past years.
How has your client profile changed?
The industry has definitely grown and matured, and so has its outlook and approach. When we started around 15 years ago, many of our clients had limited substance on the island. They had a licence, but only small office set-ups. Since then, some of these clients have grown and developed into large companies, with a number of them listed on stock exchanges around the world. Corporate governance is much more relevant today than it was a few years ago. We also see an environment where, for some time now, there have been several mergers and acquisitions. Our long term outlook for the market is that it is principally a ‘big boys’ market. Larger companies are acquiring smaller operators and start-ups, whose strategies are often geared towards a buy-out.
When a new client comes through your door, what kind of approach do you take to meeting their requirements?
We first need to understand their product and what markets they are planning to operate in, so that we can advise them on the licensing part. Subsequently, we tackle the issue of VAT structuring, because the same product might be vatable in some markets but not in others. In the case of group structures, we proceed to guide our clients with regard to which companies within the group should acquire which services. From a tax point of view, we want to ensure that the Maltese tax imputation system is used to its best potential. We make it very clear to clients that they should not look at Malta as a tax base. Companies need to have substance in Malta, and this means more than just an office and a few employees. The Malta operation needs to add value to the group, and decisions must be taken from Malta.
There have been calls for greater tax harmonisation in the EU. How do you view the future of Malta’s tax system, and how would any potential changes affect iGaming companies?
Current developments centre on the OECD’s measures on Base Erosion and Profit Shifting (BEPS), while in 2019, the EU’s Anti-Tax Avoidance Directive will also kick in and affect areas such as thin capitalisation rules. Moreover, transfer pricing for the acquisition of intra group services would also need to be analysed in this context. However, most of our clients are already developing their structures with such a framework in mind. In the gaming sector, many companies are currently ‘getting their house in order’, especially companies that are preparing for an IPO and want to showcase the highest level of corporate governance. We have a number of listed companies in our client portfolio, and they are very much ahead of the game.
Looking at the other end of the spectrum, what are the most common mistakes you see in start-ups and early stage companies?
iGaming is not an easy industry to start up in nowadays, although this obviously depends on the particular business model. The industry is maturing, and entering the market is not easy. Innovation, focus, leverage, resilience and experience are all elements that should be present in every successful start-up. Our experience indicates that start-ups typically require anything up to 36 months to become financially sustainable. Estimating the required cash burn and ensuring a sufficient capital base at the onset remain critical. Meanwhile, exploring the application of B2B platforms in business models may reduce initial capital requirement, risk and lead time.
A brand new Gaming Act will enter into force in 2018. What are your thoughts and opinion on the content of the new legislative package?
Updating our regulations has been a necessary step in order to render Malta’s regulatory framework future-proof. The risk-based approach to regulation that the MGA plans to adopt is very positive. It is time to move away from a rule-based approach and take a more in-depth look at operators and their risk profile, and then regulate accordingly. This approach should also reward companies that invest in their systems and achieve certain certifications. So far, we have only seen the draft regulations, and not the technical requirements. The industry is now eagerly awaiting these as sometimes the devil is in the detail. Operators dislike uncertainty, and we really want to know as soon as possible when the new regulations will apply. Although I also understand that there are certain processes that need to be followed that are beyond the control of the MGA.
Many iGaming operators comment that compliance and regulation are among their biggest challenges. Do you share this view?
Compliance departments of iGaming companies have grown and become much more important today than they were a few years ago. The 4th Anti-Money Laundering (AML) Directive lists iGaming as a relevant activity. Although the industry was initially hesitant, I believe that in the medium to long-term this will serve as an opportunity to remove certain stigmas and perceptions that the industry suffers from. It will also serve to improve the industry’s relationship with other entities and the public at large. Moreover, the General Data Protection Regulation (GDPR) will come into force this year, with the threat that non-compliance can carry hefty fines. Having said that, I am more of a realist than an alarmist. Firms are already familiar with Data Protection Regulations, and many have policies and practices in this regard. It is probable that most entities already satisfy a good 70% of the GDPR requirements. In my opinion, it is not a question of reinventing the wheel, but more of adapting and fine-tuning.
Some companies say that they find it difficult to find the balance between AML and data protection and are concerned regarding potential cross-border issues. Are these concerns justified?
AML places an obligation on entities to carry out due diligence, and in doing so collect and process personal data. In contrast, GDPR seeks to limit the personal data collected and processed. iGaming companies are obliged to meet the AML obligations, even where these may appear to contradict the spirit of the GDPR. The GDPR principles, such as retention, security, and purpose of process, continue to apply within the ambit on an entity’s AML obligations. GDPR will bring on new cross-border challenges and complications, where Data Protection Commissioners in multiple countries may be handling the same complaint.
How do you see the future of the iGaming industry?
Consolidation is already happening, and this will lead to an industry with fewer and larger players. Innovation and technology have always been at the heart of the iGaming industry. As the players continue to grow and mature, greater emphasis will be placed on efficiency. I expect to see greater investment and initiatives in the automation of operational processes, reducing cost and improving player experience. Understanding customers through business intelligence and data analysis will also continue to play a critical part in product innovation, personalisation and optimisation. On the other hand, I would really like to see in the near future, a solution to the multi-jurisdictional regulatory regime within the EU. This is currently overly testing on compliance departments, and probably adds little value to the bottom line. At the end of the day, there needs to be greater mutual respect, cooperation and recognition between regulatory authorities. I strongly believe that Malta can play a key role in realising this vision.
This article first appeared in Gaming Malta 2018 edition