Former gaming consultant Iosif Galea made transfers amounting to more than €150,000 to a Malta Gaming Authority (MGA) official and his wife over a three-year period, a court has been told. 

The couple told police investigators that they did not know who Galea was and that he had failed to explain why he was transferring money to them, a former FCID inspector told magistrate Rachel Montebello on Tuesday morning.

Galea is charged with financial crimes and money laundering related to those payments. He is also charged with misuse of electronic equipment. Galea is pleading not guilty.

He was extradited to Malta from Germany earlier this year, having served a prison sentence there for tax evasion. He had been arrested in Italy last year on the strength of a German arrest warrant while holidaying with his partner and former prime minister Joseph Muscat and wife Michelle.

Separate proceedings against former MGA official Jason Farrugia and his wife, Christine are also ongoing in which the couple are being accused of money laundering. Jason Farrugia alone is further charged with extortion, trading in influence, fraud, misappropriation, disclosing confidential information and computer misuse.

On Tuesday the court was told that the cybercrime unit was investigating an alleged data leak while the economic crimes unit carried out its own parallel investigation into the transactions as part of a wider investigation into Galea and the Farrugias.

The investigators had been unable to establish the link between the three or the reason why Galea made those money transfers, the court was told, but that they suspected that the money was transferred as payments for data which Galea had been illegally given access.

The inspector also described the transfers between Galea and Farrugia that took place after the police had issued a request for information to all local banks. At the time that these transfers took place, Galea had been a gaming consultant to at least 70 companies and Farrugia worked as a technical officer at the MGA.

The police investigation revealed that Galea had transferred €130,600 to Jason Farrugia through Revolut between August 2018 and September 2021. There were also other transfers where Galea sent money to both Jason and Christine Farrugia.

Additionally, the police said, Galea had sent a total of €11,000 to Farrugia between 2017 and 2020, through six different cheques.

He also sent over €29,000 to Farrugia’s wife, spread over 22 cheques, which were deposited in her husband’s bank account at BNF bank. The officer told the court that a €4,000 cheque made out to Christine Farrugia by Galea had not been deposited into any of the couple’s accounts.

When questioned by the police, the Farrugias said that they did not know Galea and could not explain these transactions. They exercised their right to silence when asked if they had a business relationship with Galea.

The investigators were informed that Galea had also been fined by the Malta Financial Services Authority for carrying out corporate service provider work without the necessary licence, the court was told.

“The suspicion was that data was illegally being purchased from the MGA,” the inspector said.

Asked by the defence whether he had seen the data himself, the inspector said that he had not and was not told what the data consisted of, insisting that his involvement in the investigation was limited to the economic crimes perspective, explaining that the data breach was investigated by the cybercrime unit.

Answering questions from defence lawyer Edward Gatt, the witness said he had not spoken to the MGA and neither had the companies that were transferring the money to Galea been questioned.

Owen Bugeja, the MGA’s head of software development, also testified on Tuesday. He  was responsible for the electronic Customer Relationship Management system (CRM) used by the authority.

Bugeja explained that Farrugia, as the MGA’s Chief Technical Officer, had full access to the MGA’s CRM backend. As a third party user, Galea had more limited access and could log into the platform from the user interface to upload documents into the MGA’s system but he could not access the CRM’s backend.

Bugeja led a team conducting an internal investigation into the possible data breach, which began on 9 December 2021. Farrugia’s access was revoked that day, and he was suspended. Farrugia had attempted to access the system’s backend again, after his access rights were revoked, Bugeja explained.

The username with which Iosif Galea could upload documents was linked to over 70 companies, Bugeja added.

The internal investigation discovered that Farrugia had downloaded data which was not relevant to his work and which he should not have taken, Bugeja said. “There was no reason for Farrugia to take this data,” the witness said.

Investigators also noticed that Farrugia’s work laptop was used to log into the platform using Iosif Galea’s credentials and submit documents on his behalf.

Farrugia did not need a username to login into the portal since he had full rights from the backend, Bugeja explained, adding that while he might have had usernames for testing purposes, his role did not involve testing.

“In his day-to-day tasks, Jason Farrugia would not need to log into the CRM’s backend, but as the CTO he had access rights,” Bugeja underlined.

Farrugia also had access to MGA’s Document Managing System (DMS) where files are electronically stored, but this fell under the responsibility of another official.

Lawyer Edward Gatt is Galea’s defence counsel.

The case was adjourned to October 23