The National Telecommunications Regulator shall undertake continuous monitoring of the licensed frequencies operated by the MNOs to ensure that no unauthorized radio frequency devices are being used on these frequencies to, inter alia, capture customer information and to disrupt MNO communications with their customers.

This monitoring may be undertaken jointly between the National Telecommunications Regulator and the MNOs as may be necessary. Any breaches and intrusions that may have an effect on the operation and financial security of DFS in (the country) shall be expeditiously reported by the National Telecommunications Regulator to the Central Bank.

The National Telecommunications Regulator will operate through its mandate of oversight and supervision to ensure that their licensees offer their services to DFSPs:

1. At a high technical level;

2. At a high security level;

3. At a high availability level in ensuring uninterrupted communications and/or data transfer for customers;

4. In an effective and affordable manner;

5. In a fair and equitable manner;

6. Not in a manner that may amount to abuse of their licensed access to and provision of scarce telecommunications resources to the detriment of other entities reliant on these resources;

7. Transparently;

8. Without exercising any price, access, and Quality of Service differentiation between DFSPs and for any other entities reliant on these resources;

9. Without delaying the transfer and the delivery of any service messages;

10. Without violating any intellectual property rights;

11. Whilst ensuring the availability of network access in accordance with applicable standards;

12. In a manner that may amount to anti-competitive behaviour; and

13. Where the licensees are MNOs, to validate and ensure that only verified and authorized persons are able to have access to - or provide, as the case may be - customer SIM cards;

14. Undertake, as may be required, continuous testing, intrusion filtering and monitoring of their core networks, BTS infrastructure and licensed mobile phone frequency bands to ensure that there is no unauthorized access, disruption, or use.

Tests and monitoring that may be required and which relate to specific issues identified in above shall include, but not be limited to, those for:

1. Unauthorized access to and use of any Signaling System 7 (SS7)-based core components of the MNO's infrastructure;

2. Use of any SS7 components of the MNO's infrastructure by any party where that use may be designed to undertake unauthorized or fraudulent activities;

3. Unauthorized access to and use of any LTE-based core components of the MNO's infrastructure;

4. Detection, as far as may be technically possible, of unauthorized radio frequency devices operated by unauthorized parties that may be designed to disrupt the MNOs licensed activities and/or to gain unauthorized access to customer handsets, SIM cards, customer access rights to MNO and DFS facilities, and customer data.

The National Telecommunications Regulator shall also ensure that its licensees and any other entities under its supervision:

1. Provide to the National Telecommunications Regulator reports on penetration tests that relate to the security of their systems. These reports must include any remedial action taken, if applicable;

2. Provide to the National Telecommunications Regulator reports on incidents that relate to authorized access to their systems and data; These reports must include any actual and potential data losses and breaches of consumer data protection measures, and any remedial action taken;

3. Expeditiously implement the most recent international technical and security standards;

4. Allow DFS end users to choose and fully access any of the available DFSPs, without any restrictions, discrimination, or preferential treatment among them.

Basis of the Memorandum of Understanding

In recognition of the growing convergence of telecommunications and financial services in what has been identified as 'Digital Financial Services' the Authorities have identified a need for Regulatory interaction and collaboration to ensure the integrity, security, stability and protection of participants and end users relating to the provision of these services.

The Central Bank and the National Telecommunications Regulator shall cooperate with each other for the oversight and supervision of DFSPs and MNO communications networks under their respective financial and telecommunications mandates to ensure the highest levels of security, reliability, consumer protection, fair and equitable access to facilities, and confidentiality.

Recognizing too that both the Central Bank and the National Telecommunications Regulator each have limited scope of supervision and oversight of components of DFS, this MOU is entered into to establish the manner in which the authorities will jointly oversee, supervise, and interact with each other in respect of any matters relating to DFS that touch on their respective mandates and remits, and so together strengthen and/or address any gaps in the Regulatory, supervisory and oversight framework for DFS in (the country).

This MOU is entered on the basis of mutual respect, in a spirit of goodwill, and does not affect the independence of the two Authorities hereto.

This MOU aims to promote the integrity, efficiency, and efficacy of participants by improving effective regulation and enhancing the supervision of DFS.

The parties agree to cooperate in their respective roles in dealing with matters relating to:

1. DFS generally;

2. Full and fair access to, security, and reliability of all components of DFS in (the country);

3. Consumer Protection; and

4. Any other relevant areas of possible collaboration between the Authorities.

The cooperation between the Central Bank and National Telecommunications Regulator shall focus on the following issues and processes:

1. Exchange of any relevant information;

2. Mutual capacity building;

3. Investigation of any incident, issues and cases relating to the scope of this MOU;

4. Joint or individual hearings, as needed;

5. Use of common systems for DFS transaction monitoring

6. Fostering competition and promoting a level playing field for all participants of a DFS ecosystem;

7. Dispute resolution between providers, and between consumers as end users;

8. Development, monitoring and enforcement of relevant provisions of respective laws, by-laws, guidelines, or regulations where these may relate to DFS;

9. Consultations on amendments to existing laws, guidelines, by-laws, or regulations where these may relate to DFS;

10. Consultations on the need for any new laws, guidelines, by-laws, or regulations where these may relate to DFS;

11. Use of technical expertise;

12. Management and operation of DFS infrastructure;

13. Availability of, and fair access to, MNO communication channels by DFSPs;

14. Availability of, and fair access to, any MNO data that can legally be shared with DFSPs or other parties;

15. Development and enforcement of minimum technical and operational standards;

16. Identification, mitigation, and expeditious handling and containment of all security issues and incidents;

17. Participation where necessary in the development of RMFs related to DFS;

18. Anti-money laundering, counter terrorism financing, and fraud;

19. Consumer protection generally;

20. Monitoring of systems and networks for security breaches and intrusions where these may affect DFS, and the reporting of any breaches and intrusions relating to DFS provision to the other Authority;

21. Mutually support the other Authority's activities in relation to DFS and adjacent matters;

22. Mutual and expeditious notification to the other of any issues, processes, and events that may affect the operation of DFS in (the country); and

23. Any other strategy relating to the scope of this MOU deemed necessary and appropriate by the Authorities;

The Central Bank shall undertake continuous monitoring of its supervised entities.

The Central Bank will operate through its mandate of oversight and supervision to ensure that their licensees and entities under their supervision:

1. Offer their services to DFSPs:

   • At a high technical level;

   • At a high security level;

   • At a high availability level in ensuring uninterrupted communications and/or data transfer for customers;

   • In an effective and affordable manner;

   • In a fair and equitable manner;

   • Not in a manner that may amount to abuse of their license or authorization to operate to the detriment of other entities reliant on these resources.

   • Transparently;

   • Without exercising any price, access, and Quality of Service differentiation between DFSPs;

   • Without delaying the transfer and the delivery of any service messages;

   • Without violating any intellectual property rights

   • Whilst ensuring the availability of service access in accordance with applicable standards;

2. Do not act in a manner that may amount to anti-competitive behaviour.

3. Undertake, as may be required, continuous testing, intrusion filtering and monitoring of their infrastructure to ensure that there is no unauthorized access, disruption, or use; and expeditiously:

   • Provide to the Central Bank reports on penetration tests that relate to the security of their systems. These reports must include any remedial action taken if applicable.

   • Provide to the Central Bank reports on incidents that relate to authorized access to their systems and data. These reports must include any actual and potential data losses and breaches of consumer data protection measures, and any remedial action taken.

   • Implement the most recent international technical and security standards;

4. Allow DFS consumers to choose any of the available DFSPs, without any restrictions, discrimination, or preferential treatment among them.