National Telecommunications Regulator-Designated roles

The National Telecommunications Regulator shall undertake continuous monitoring of the licensed frequencies operated by the MNOs to ensure that no unauthorized radio frequency devices are being used on these frequencies to, inter alia, capture customer information and to disrupt MNO communications with their customers.

This monitoring may be undertaken jointly between the National Telecommunications Regulator and the MNOs as may be necessary. Any breaches and intrusions that may have an effect on the operation and financial security of DFS in (the country) shall be expeditiously reported by the National Telecommunications Regulator to the Central Bank.

The National Telecommunications Regulator will operate through its mandate of oversight and supervision to ensure that their licensees offer their services to DFSPs:

1. At a high technical level;

2. At a high security level;

3. At a high availability level in ensuring uninterrupted communications and/or data transfer for customers;

4. In an effective and affordable manner;

5. In a fair and equitable manner;

6. Not in a manner that may amount to abuse of their licensed access to and provision of scarce telecommunications resources to the detriment of other entities reliant on these resources;

7. Transparently;

8. Without exercising any price, access, and Quality of Service differentiation between DFSPs and for any other entities reliant on these resources;

9. Without delaying the transfer and the delivery of any service messages;

10. Without violating any intellectual property rights;

11. Whilst ensuring the availability of network access in accordance with applicable standards;

12. In a manner that may amount to anti-competitive behaviour; and

13. Where the licensees are MNOs, to validate and ensure that only verified and authorized persons are able to have access to - or provide, as the case may be - customer SIM cards;

14. Undertake, as may be required, continuous testing, intrusion filtering and monitoring of their core networks, BTS infrastructure and licensed mobile phone frequency bands to ensure that there is no unauthorized access, disruption, or use.

Tests and monitoring that may be required and which relate to specific issues identified in above shall include, but not be limited to, those for:

1. Unauthorized access to and use of any Signaling System 7 (SS7)-based core components of the MNO's infrastructure;

2. Use of any SS7 components of the MNO's infrastructure by any party where that use may be designed to undertake unauthorized or fraudulent activities;

3. Unauthorized access to and use of any LTE-based core components of the MNO's infrastructure;

4. Detection, as far as may be technically possible, of unauthorized radio frequency devices operated by unauthorized parties that may be designed to disrupt the MNOs licensed activities and/or to gain unauthorized access to customer handsets, SIM cards, customer access rights to MNO and DFS facilities, and customer data.

The National Telecommunications Regulator shall also ensure that its licensees and any other entities under its supervision:

1. Provide to the National Telecommunications Regulator reports on penetration tests that relate to the security of their systems. These reports must include any remedial action taken, if applicable;

2. Provide to the National Telecommunications Regulator reports on incidents that relate to authorized access to their systems and data; These reports must include any actual and potential data losses and breaches of consumer data protection measures, and any remedial action taken;

3. Expeditiously implement the most recent international technical and security standards;

4. Allow DFS end users to choose and fully access any of the available DFSPs, without any restrictions, discrimination, or preferential treatment among them.