As it did last year, the MGA has once again published its supervisory agenda for 2026, identifying five thematic review areas across compliance, AML, sports betting integrity and player protection.
The MGA now operates a risk-based, data-driven oversight model that has matured considerably in recent years. Its compliance function is organised into specialised teams aligned to the regulatory pillars covered by the supervisory agenda.
Understanding the 2026 Priorities
Supervisory engagements by the MGA can be triggered at any time through inspections, thematic reviews, mystery shopping, or desk-based reviews, sending a clear message that operators must be proactively compliant, maintain robust internal control frameworks, and are expected to respond to supervisory requests promptly.
Of the five thematic review areas identified for 2026, two clearly stand out as carrying the highest importance to the Regulatory.
AML: Crypto and the NRA
AML thematic reviews are anchored in Malta’s National Risk Assessment 2023, which identified cash equivalents and crypto assets as payment methods carrying a higher risk in an online gaming context.
Crypto assets present a distinct and technically complex compliance challenge. Their pseudonymous nature, combined with the speed and cross-border reach, creates meaningful gaps in traceability that FIAT-based AML frameworks might not adequately address, complicating both Customer Due Diligence and ongoing transaction monitoring obligations.
The MGA’s thematic review will assess the governance frameworks operators have constructed around crypto payment acceptance. This includes evaluating whether:
- AML/CFT Policies and Procedures reflect the specific risk typologies associated with crypto;
- Enhanced Due Diligence triggers are calibrated to on-chain risk indicators such as wallet screening results, and blockchain analytics outputs; and
- Transaction monitoring systems are capable of detecting structuring, layering, or other red flag behaviours specific to crypto flows.
Sports Betting Integrity: Athletes and Esports
The MGA has identified the increased occurrence of athletes betting on their own sport as an area of elevated and growing risk, drawing on patterns observed through Suspicious Betting Reports and prior supervisory engagements. B2C operators offering Type 2 services on Maltese events, a category that includes domestic football and water polo, among other competitions, will face scrutiny of their policies and safeguards for preventing athletes from wagering on their own sport, including CDD processes capable of identifying registered athletes. The practical challenge for operators is one of identification. Standard KYC processes are not designed to flag whether an account holder is a professional or semi-professional athlete competing in a sport that the operator is offering markets on.
Another topic covered by the MGA’s supervisory agenda for 2026 is Esports. This vertical represents one of the fastest-growing in online sports betting, and its integrity risks are structurally different from those in traditional sports. Match-fixing in esports can involve individual players, managers, or tournament organisers, and is often coordinated through online channels that are difficult to monitor. The absence of centralised governing bodies with established integrity frameworks means that the burden of detection falls more heavily on gaming operators themselves.
Operators offering esports markets can expect supervisory assessments by the MGA targeted at relevant prevention frameworks, monitoring systems, and incident reporting channels.
How ARQ Can Help
We work with B2C and B2B licensees to build compliance programmes that function in practice and hold up under supervisory scrutiny. In response to the MGA’s 2026 agenda, we offer targeted support across the areas of highest risk:
- Mock MGA Compliance Audits – We simulate the full-scope audit process, including documentation reviews, walkthrough sessions with Key Function holders, and a structured findings report with a prioritised remediation plan.
- RG Thematic Review Preparation – Whether the MGA has notified you of an upcoming engagement or you want to get ahead of it, we prepare your team to ensure you are well prepared.
- AML and SBI Frameworks Review – Targeted assessment of your AML and SBI controls with specific focus on crypto asset governance, athlete betting prevention procedures, transaction and account monitoring calibration mapped directly against the MGA’s thematic review criteria.
Damian Callus
Damian Callus is a Lead Regulatory Advisor within ARQ’s Gaming Advisory Unit, supporting gaming clients with licensing and ongoing regulatory and operational compliance. He has over six years of experience at the Malta Gaming Authority, where he worked within both the Authorisations and Compliance Department, overseeing the technical compliance function, including the review and assessment of thematic reviews and compliance audits on MGA-licensed remote gaming operators.
