Fairness of games in the MGA jurisdiction


You deposit your money with a casino and open a game, say a slot. How do you know that the slot you are betting on is fair, and that its results are truly random and not biased? This is a considerable question on every player’s mind. The extent to which you can rest assured about the games’ fairness strongly depends on the type of market in which the casino you are playing on operates.

Types of online gambling markets

There are three main types of markets for online gambling: regulated, unregulated, and illegal. The latter is effectively a black-market, where online gambling has been explicitly deemed illegal and no licenses are issues. Unregulated markets are ‘grey areas’, where the authorities have not declared a stance either way, and online gambling remains something that is neither legal, nor illegal. Again, no licenses are issued, and while online casinos may operate here, their legality is questionable.  Finally, there are regulated markets. These are jurisdictions where online gambling is recognized and accepted, in which online casinos are licensed and can offer their services and products to residents.

There are various benefits to a regulated market. The country itself boosts its economy and revenue as the casinos open offices locally, creating jobs, and the country profits from their controlled taxation. Client casino players also benefit from playing in regulated markets. Issues like addiction prevention and intervention are taken more seriously, and the local authority – the institution that issues the licenses – provides protection in the case of issues with their payments or casinos.

Most importantly, the regulatory authority will also conduct thorough security and background checks as well as strict financial and tax audits to ensure casinos are legitimate and that their casino software is truly fair and random. To this latter end, it will typically also require licensed casinos to be tested by a known, trusted and reputable Independent Software Auditor. Unlike in grey or black areas, casinos which act improperly in regulated markets get their licenses revoked and become blocked, preventing players from accessing them and opening accounts.

Given the choice, then, it is not hard to see why players would prefer their gambling activities to happen in a regulated market, knowing they are playing on fair, random, and tested games. This article will focus on how the fairness of games is controlled and said to be ensured in one of the most popular jurisdictions – the Malta Gaming Authority.

The Malta Gaming Authority (MGA)

“Malta is at the forefront of the remote gaming industry and home to some of the world’s largest and most profitable online gaming companies”, states KPMG in its 2013 report on the subject of remote gaming. In late 2014/early 2015 the Malta Lottery and Gaming Authority (LGA) rebranded to the Malta Gaming Authority (MGA).

Based on the island of Malta, a member of the European Union and located next to Sicily in the Mediterranean Sea, the MGA has been issuing online casino licenses since online gambling started to grow in popularity in 2000, and at the time of writing has over 300 licensees. This includes popular casinos like Leo Vegas, Betsson, Casumo and ComeOn. MGA licenses are valid for a period of five years and need to be renewed once expired.

As the regulatory governing body responsible for all online (as well as land-based) gaming in Malta, and Malta’s ‘one-stop-shop’ for licensing, the MGA’s duties include ensuring a safe environment for gambling, monitoring the integrity of games and devices, granting licences to providers and creating a regulated environment from which gaming activities, remote or otherwise, can take place.

The Gaming Act (2018)

Malta’s gaming regulations are said to be strict and robust, and the MGA prides itself on high levels of openness, fairness and honesty. On the 8th of May 2018, as the MGA’s latest annual report explains, the Maltese Parliament approved the third and final reading of a new regulatory framework which repeals all the existing legislation and replaces it with a singular primary act, entitled the Gaming Act.

Through this regulatory overhaul, the licensing, monitoring and compliance processes became even more efficient and effective. The Gaming Act elevates the jurisdictional profile of Malta from a regulatory perspective by strengthening the MGA’s supervisory role, specifically its compliance and enforcement functions, to better achieve regulatory objectives, which include ensuring a fair, responsible, safe and secure provision of gaming services and the fairness of games. This new framework also broadens the regulatory scope to increase the MGA’s oversight and allow better intervention where necessary.

How does the MGA ensure games are fair?

Even before looking at the games being offered, the MGA vets the individuals and companies applying for a license. As part of their corporate governance structure, the MGA’s Fit and Proper Committee evaluates the companies and individuals requesting any type of approval from the Authority, both at on-boarding stage as well as throughout their lifecycle as MGA licensees. The shareholders, Ultimate Beneficial Owners, and persons in key positions who are directly involved in running the business are thoroughly assessed, as is the financial good standing of applicants and their business plan. The vetting also includes a System Review, requiring applicants to implement their operation onto a technical environment where an approved and independent third party contracted by the MGA – an Independent Software Auditor – will perform an assessment.

Now let’s look closer at the games themselves. As we saw, as part of an operator’s license application process, the MGA requires the casino to have its games verified and certified by an Independent Software Auditor. The latter will issue a certificate stating that the games are indeed fair and random after checking their RNGs and the adherence to stated specifications, such as RTP. The MGA can then check that the games that the casino presents online are actually the same games that the Independent Software Auditor verified by checking their hash code. All this may sound complex so we’ll delve in some more detail and learn more about what Independent Software Auditors, RNG, RTP and hash codes are in the coming sections.

All this oversight is supported by an Enforcement Directorate – which investigates all remote gaming licensees and takes appropriate enforcement actions against those breaching gaming laws, Anti-Money Laundering (AML) compliance or due diligence – and the Compliance Unit – which conducts ongoing monitoring, periodic audits and effective supervision of all operators licensed by the MGA to ensure adherence is maintained over time.

Independent Software Auditors and RTP

Licensed online casinos want to demonstrate that the games on their lobbies are truly fair and random. They partly do this by offering extensive documentation about their games to players, including technical details like the theoretical Return to Player (RTP) percentage on all games. Players can’t, however, just take the casino’s word for it, so this alone would not suffice. Hence the need of Independent Software Auditors in the industry – also called testing labs – whose role is to audit the portfolios of casino games via various tests for fairness.

Once a casino has successfully passed the tests (and, as we’ve seen, in regulated markets like the MGA jurisdiction, such tests are a requirement to obtain and maintain the license), it will receive a certification for randomness that it publishes on the homepage of its websites. One of the tests an independent software auditor conducts on licensed operators’ games is in fact an RTP check. If an operator states that a specific game has an RTP of 96%, then the test will simulate billions of rounds on that game and evaluate whether the total RTP across all the round results comes within statistically acceptable variance from the stated 96%. Thus players are ensured that over the long term, the game is paying out as it should.

When choosing a casino, players should always check all references that the casino makes to the independent testing agencies which have conducted the audits on its games. Some of the most highly-esteemed independent software auditors include eCOGRA, iTech Labs, Gaming Laboratories International (GLI), and Gaming Associates (GA). Players registering at casinos which undergo audits by one of these testing labs know that their funds are being deposited and played on games which are up to par with the highest standards of fairness.

Another element that independent software auditors evaluate is the fairness and randomness of the games’ outcome engine, or RNG.

 What are RNGs and how do they work?

The outcome of spins or bets on online slots or other games is determined by an elaborate piece of software that is continuously generating random, very long sequences of numbers which lack logical patterns and are in no predictable order. Starting with an initial seed number, a quite complex mathematical algorithm will then calculate another random number that is based on the initial one. This newest number is then used itself as a seed, and yet another number is produced using the same methodology.

There is thus an endless stream of these random numbers (interestingly being produced even when there are no bets being placed), each number representing one of the many results a specific game might have. The number which happens to be generated at the time a players places a bet, will determine the result for that player’s bet.

With such a system, it is impossible for players to predict the outcome of a game, unless they manage to find out what the initial seed number actually was and use a powerful computer with the right software to compute the next step in the algorithm. While this is a possibility, it is quite a remote one, since the initial seed is known only by the game developers, and it is never in the developers’ or casino operators’ interests to manipulate the RNG since failing an audit would mean losing their license.

The Independent Software Auditors therefore also check that the RNGs are not rigged so as to favour certain cards, roulette numbers, or symbols on the slots’ reels. Their audit must establish that no such bias exists, and only then can the operator be certified by the MGA. Players can then be confident that the results of the games they play are truly as random and fair as possible.

Hash codes – how does the MGA ensure that the games in the lobby are the same games certified by the Independent Software Auditors?

Hash codes are the result of a cryptographic hash function. They are a checksum that an algorithm generates out of the content of the data files, in this case of every slot or other game that the casino is having certified by an Independent Software Auditor. The SHA-family (Secure Hash Algorithm) is an example of a hashing systems that are commonly used in the online gambling industry. Once the Independent Software Auditor verifies a game, the certificate it issues will also include the hash codes of the files checked.

At any given time, the MGA can verify whether the games being offered by the casino are exactly the same like those certified by comparing the hash code that results from running the hash function on them. If the hash code returned is the same as that for the file certified, this means that no manipulation has taken place and the games are the same as those certified. In effect, this is a form of digital signature that ensures the games are authentic.

Who controls the MGA?

Still a question remains – who controls the MGA, and that they are doing their job properly? The MGA has a robust corporate governance structure, including an Audit Committee (whose functions comprise an Internal Audit, and which includes an external auditor representative – thus providing assurance and advice in an independent manner on the way the Authority is operating and achieving its objectives) and a Supervisory Council (whose objectives include ensuring the integrity of the regulatory functions of the MGA and overseeing licensing and enforcement).


We’ve seen how Malta is a regulated online gambling market, with the new Gaming Act of 2018 strengthening the MGA’s already robust role. The MGA vets individuals and companies running casinos, assesses their finances, and requires them to get their games’ RTP and RNG certified by Independent Software Auditors before issuing their license. Then, the MGA ensures the same games that are tested and verified are actually linked in their lobbies via hash code checks. An integrity focused corporate governance structure ensures the MGA is operating correctly via internal audits which include external representatives.

This is the process which players rely on to ensure that the games they are playing, provided that the casino hosting them is licensed by MGA, are indeed fair and random.


Comments are closed.