iGaming Licence Business Plan 2026

The iGaming licence business plan that regulators assess is not the same document that gets presented to investors. That’s a distinction most operators miss, and it’s responsible for a surprisingly large proportion of information requests during licensing reviews.

An operator submitted a Malta application with a business plan that had been prepared by their corporate advisors polished, detailed, financially modelled to a high standard. Revenue hockey-stick in year two. Platform scalability narrative. Market opportunity sizing citing global iGaming market projections. The MGA returned an information request three weeks later. What markets specifically. What payment methods for each market. How player acquisition would work in practice, not in general terms. What compliance infrastructure would cost, line by line.

The document had answered the investor questions. It hadn’t answered the regulator questions. Not the same questions.

This article covers what an iGaming licence business plan needs to contain in 2026 specifically for Malta and Curaçao and where operator submissions consistently fall short.

Why the iGaming Licence Business Plan Isn’t a Standard Business Plan

A standard business plan for investors answers: what’s the market opportunity, what’s the competitive advantage, what are the revenue projections, and why this team. A regulator assessing a licence application asks different questions.

Is the business model coherent and does it make commercial sense. Does the operator understand their specific risk profile their actual target markets, actual payment methods, actual player demographics. Is the compliance budget realistic relative to what the framework actually costs to maintain. Are the financial projections grounded in plausible player acquisition assumptions rather than market-share calculations from global figures.

The investor document and the regulatory document share some content. The framing, the emphasis, and the level of operational specificity required are different enough that operators who submit one document where two are needed consistently generate information requests on the regulatory-specific sections.

What the business plan is actually used for

The regulator uses the business plan to assess the viability and coherence of the proposed operation, the operator’s understanding of their own compliance obligations, and whether the financial model shows a business that can sustain its compliance infrastructure. A business plan that shows strong revenue with a compliance budget that would barely cover the key function staffing creates a credibility problem either the revenue is overstated or the compliance cost is understated.

iGaming Licence Business Plan: Market and Player Base Section

The market section of most business plans describes a global or regional iGaming market and then claims a share of it. Regulators are not interested in the global iGaming market size.

The World Bank‘s data on internet penetration, mobile connectivity, and financial inclusion across specific markets is the kind of specific, sourced evidence that grounds a market section credibly. What regulators want to see is: which specific player markets is the operator targeting, what regulatory framework governs gaming in each of those markets, and does the operator have a realistic player acquisition strategy for each.

Geographic specificity matters. An operator who says ‘we’re targeting European recreational players’ is describing several hundred million people across dozens of markets with different regulatory requirements. An operator who says ‘we’re targeting recreational players in Germany, Sweden, and the Netherlands’ is describing a specific regulatory challenge three national regulated markets, each requiring their own licensing assessments that they either understand or don’t.

Player demographic specificity

The AML risk assessment needs to describe the actual player demographic. The business plan needs to show that the operator knows what that demographic is. An operation described as targeting ‘mass market online casino players’ in the business plan but claiming a crypto-native target demographic in the AML framework creates a consistency problem across submission documents. Inconsistencies get flagged.

What regulators look for: the market section and the AML section should tell the same story about who the players are, where they’re from, and what payment methods they use. If they tell different stories, information requests follow.

The Financial Projections Section of the iGaming Licence Business Plan

Financial projections in a licensing application get assessed for coherence, not ambition. The regulator isn’t deciding whether to invest. They’re deciding whether the operator understands what they’re building.

Projections that show revenue growing from zero to €50 million in year one raise questions about player acquisition assumptions. Not because the regulator thinks it’s impossible. Because they want to see the calculation: average player value, player acquisition cost, assumed conversion rate, assumed retention. If those inputs aren’t in the document, the regulator asks for them.

The compliance cost line that operators underestimate

The compliance cost in the financial projections is the section that most consistently misrepresents what the operation will actually cost. Key function staffing five roles in Malta, each requiring qualified professionals is a significant recurring cost. Annual independent compliance audit. RNG and platform certification, recurring when game libraries update. Compliance contribution to the MGA scaling with GGR. These aren’t optional costs. They’re structural costs of operating a licensed gaming platform.

An iGaming licence business plan that shows total compliance cost at €30,000 per year while describing an MGA-licensed operation at any meaningful revenue level is a plan that hasn’t done the compliance cost calculation. Regulators notice. Either the regulator flags the plan, or worse, the operator launches while genuinely believing that number and discovers the real figure in year two.

iGaming Licence Business Plan: The AML and Compliance Framework Section

The Malta Gaming Authority‘s assessment of the business plan specifically evaluates whether the described business model is coherent with the compliance framework submitted alongside it. These two documents need to tell the same story.

The AML section of the business plan differs from the standalone AML policy document. It needs to explain how the operator understands its specific AML risk. Not gaming AML risk in general. Their risk. The markets they’re targeting, the payment methods they’re accepting, the player demographic they expect, the specific money laundering typologies relevant to those characteristics.

Generic AML narrative the company will maintain a comprehensive AML programme in accordance with applicable regulations’ generates requests for specificity. Every time.

Responsible gaming in the business plan

A business plan that doesn’t address responsible gaming at all is a gap in Malta applications. The MGA expects the operator to understand player protection as an operational requirement. The business plan should show how the operator will implement the tools and integrate responsible gaming monitoring with the commercial operation.

Addressing responsible gaming in the business plan doesn’t need to be extensive. It needs to be present and coherent with the standalone responsible gaming policy submitted alongside it. Inconsistency between the business plan description and the policy document creates questions. Absence of any reference creates a finding.

iGaming Licence Business Plan: Corporate Structure Section

The business plan needs to describe the corporate structure clearly. It should show which entity holds the licence, what the ownership chain looks like, how the group is organised, and where the key functions sit within that structure.

For operators with holding structures in other jurisdictions, the business plan should explain the rationale. For example, this may include a Bulgarian holding company above a Malta operating entity. Not justify the tax position specifically, but explain why the structure is organised as it is. An unexplained complex structure creates more questions than a simply explained one, even if the complex structure is entirely legitimate.

The key function reporting lines need to be clear in the business plan. Compliance Officer reporting to the board, not to the commercial director. MLRO with independent filing authority. The org chart included in the business plan should show these reporting relationships clearly, rather than leaving them only in the key function submission.

How to build the corporate structure that works for the licensing application and why structures built for other purposes create documentation problems is in iGaming corporate structure in 2026.

The iGaming Licence Business Plan and the Banking Application

The business plan submitted to the licensing regulator is also, often, the foundation of the banking application. Banks assessing gaming operators want to understand the business model in plain language who the players are, how deposits flow, how the operator generates revenue, what compliance infrastructure exists.

A business plan written for a regulator using regulatory terminology and compliance framework language isn’t the same document as a business plan written for a bank compliance officer who probably doesn’t work in gaming and needs the model explained clearly. But the underlying content the market, the player base, the revenue model, the compliance programme is the same.

Operators who build the business plan with both audiences in mind produce documents that work for both. Operators who build it for the regulatory submission and then wonder why the bank version doesn’t land effectively are creating extra work.

How the business plan content intersects with what banks assess during gaming operator due diligence is in opening a bank account for an iGaming business in 2026.

iGaming Licence Business Plan: What Operators Consistently Get Wrong

Four things appear in almost every business plan that generates information requests. Not always all four. But consistently, some combination of them.

Revenue projections without player acquisition specifics. How does €20 million GGR in year two translate to a specific number of active players at a specific average player value with a specific acquisition cost. Without that calculation visible, the projection is just a number.

Compliance cost significantly understated relative to the described operation. Either the operator does not understand actual compliance costs, or someone without iGaming sector experience wrote the plan. Either way, it creates a credibility problem.

AML narrative that’s generic rather than specific to the actual business. Already covered above. Still the most common single cause of AML-section information requests.

The market section describes the global iGaming TAM instead of the operator’s specific target markets, player demographics, and regulatory context for each market. The global market isn’t the operator’s market. Their market is the one they’re targeting.

The full compliance checklist behind what an iGaming licence application needs is in the iGaming compliance checklist in 2026. How the business plan fits within the full application process what else is required alongside it is in the iGaming licence application guide in 2026. The AML requirements that need to be reflected in the business plan are in iGaming AML compliance in 2026. And how the business plan sits within the full casino launch sequence is in how to start an online casino in 2026.

Frequently Asked Questions

How is an iGaming licence business plan different from a standard business plan?

The emphasis and required specificity differ significantly. An investor business plan answers market opportunity, competitive advantage, revenue projections, and team quality. A regulatory business plan needs to answer those questions and also explain which specific markets the operator targets, which regulatory framework applies in each market, which payment methods the operator will accept, what AML risk profile each payment method carries, how the compliance budget reflects the real cost of running a licensed gaming platform, and how the financial projections support the player acquisition assumptions. Generic market narrative and optimistic revenue projections without underlying calculations generate information requests that delay the application.

What financial projections does a gaming licence business plan need to include?

Three-year projections covering revenue by player segment and market, costs including compliance costs at realistic levels, and the player acquisition assumptions that underlie the revenue figures. The assumptions matter as much as the numbers how many active players, at what average revenue per player, at what acquisition cost, with what retention rates. Projections without visible assumptions generate requests for those assumptions. Compliance costs need to reflect the real cost of running a licensed gaming operation. This includes key function staffing, audits, certification, and regulatory fees, not the lower figures a startup budget may hope for.

Does the business plan affect banking applications as well as licensing?

Yes, significantly. Banks assessing gaming operators want to understand the business model in plain language. They need to know who the players are, how deposits flow, how the operator generates revenue, and what compliance infrastructure exists. The business plan that satisfies the licensing regulator covers the same ground that the bank’s compliance officer needs to understand. Operators who build the document with both audiences in mind regulatory precision and plain-language commercial explanation produce something that works for both applications rather than having to produce two separate documents.

What is the most common reason a gaming licence business plan generates information requests?

AML narrative that describes a generic online gaming operator rather than the specific business applying for the licence. The risk assessment section needs to describe the target markets, payment methods, player demographics, and monitoring approach. It should also show how the operator calibrates that approach to the actual business model. Generic compliance language the company will maintain adequate AML procedures generates requests for specifics every time. Every time.

How detailed does the market section of a gaming licence business plan need to be?

Specific enough to name the target player markets, explain the regulatory context of gaming in each market, and describe the player acquisition approach for each. Global iGaming market sizing is not useful to a regulator. The specific markets the operator is targeting, why those markets, and how the operator plans to reach players in those markets is what the regulator needs to assess the coherence of the proposed operation. If the market section and the AML section describe different player demographics or different geographies, inconsistency flags follow.

How should the compliance cost be represented in the business plan?

Accurately. For an MGA-licensed mid-sized operator, total annual compliance cost typically exceeds €150,000 per year. This includes key function staffing, annual independent compliance audit, RNG and platform certification, compliance contribution scaling with GGR, legal support, and advisory costs. Business plans that show much lower compliance costs create a credibility problem before the financial review starts. Either the operator does not understand compliance costs, or someone outside the sector prepared the plan. Both conclusions make the regulator’s assessment of the application more scepti