Page 30 - Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions
P. 30

ANNEX B

           Template for a model MOU between a telecommunications regulator
           and central bank related to DFS security










           B.1 BASIS OF THE MOU                               B.2  AREAS OF COOPERATION AND
                                                                  COOPERATION STRATEGIES
           In recognition of the growing convergence of telecom-
           munications and financial services in what has been   GENERAL PROVISIONS
           identified as ‘Digital Financial Services,’ the Authorities
           have identified a need for Regulatory interaction and   B.2.1 The parties agree to cooperate in their respective
           collaboration to ensure the integrity, security, stability   roles in dealing with matters relating to:
           and protection of participants and end users relating to
           the provision of these services.                   a)  DFS generally;
             The CENTRAL BANK and the NATIONAL TELECOM-       b)  Full and fair access to, security, and reliability of all
           MUNICATIONS REGULATOR shall cooperate with each       components of DFS in (the country);
           other for the oversight and supervision of DFSPs and
           MNO communications networks under their respective   c)  Consumer Protection; and
           financial and telecommunications mandates to ensure   d)  Any other relevant areas of possible collaboration
           the highest levels of security, reliability, consumer pro-  between the Authorities.
           tection, fair and equitable access to facilities, and con-
           fidentiality.                                      B.2.2 The cooperation between the CENTRAL BANK
             Recognizing too that both the CENTRAL BANK and   and NATIONAL TELECOMMUNICATIONS REGULATOR
           the NATIONAL TELECOMMUNICATIONS REGULA-            shall focus around the following issues and processes:
           TOR each have limited scope of supervision and over-
           sight of components of DFS, this MOU is entered into   a)  Exchange of any relevant information;
           to establish the manner in which the authorities will   b)  Mutual capacity building;
           jointly oversee, supervise, and interact with each other
           in respect of any matters relating to DFS that touch on   c)  Investigation of any incident, issues and cases relat-
           their respective mandates and remits, and so together   ing to the scope of this MOU;
           strengthen and/or address any gaps in the Regulatory,   d)  Joint or individual hearings, as needed;
           supervisory and oversight framework for DFS in (the
           country).                                          e)  Use of common systems for DFS transaction moni-
             This MOU is entered on the basis of mutual respect,   toring
           in a spirit of goodwill, and does not affect the indepen-  f)  Fostering competition and promoting a level playing
           dence of the two Authorities hereto.                  field for all participants of a DFS ecosystem;
             This MOU aims to promote the integrity, efficiency
           and efficacy of participants by improving effective   g)  Dispute resolution between providers, and between
           regulation and enhancing the supervision of DFS.      consumers as end users;
                                                              h)  Development, monitoring and enforcement of rele-
                                                                 vant  provisions of  respective laws, by-laws, guide-
                                                                 lines or regulations where these may relate to DFS;
                                                              i)  Consultations on amendments to existing laws,
                                                                 guidelines, by-laws, or regulations where these may
                                                                 relate to DFS;







           28 • Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions
   25   26   27   28   29   30   31   32   33   34   35