j)  Consultations on the need for any new laws, guide-  B.2.4 The NATIONAL TELECOMMUNICATIONS REGU-
             lines, by-laws, or regulations where these may relate   LATOR will operate through its mandate of oversight
             to DFS;                                          and  supervision  to  ensure  that  their  licensees  offer
                                                              their services to DFSPs:
           k)  Use of technical expertise;
                                                              a)  At a high technical level;
           l)  Management and operation of DFS infrastructure;
                                                              b)  At a high security level;
           m)  Availability of, and fair access to, MNO communica-
              tion channels by DFSPs;                         c)  At a high availability level in ensuring uninterrupted
                                                                 communications and/or data transfer for customers;
           n)  Availability of, and fair access to, any MNO data that
             can legally be shared with DFSPs or other parties;  d)  In an effective and affordable manner;
           o)  Development and enforcement of minimum techni-  e)  In a fair and equitable manner;
             cal and operational standards;
                                                              f)  Not in a manner that may amount to abuse of their
           p)  Identification, mitigation, and expeditious handling   licensed access to and provision of scarce telecom-
             and containment of all security issues and incidents;  munications resources to the detriment of other
                                                                 entities reliant on these resources;
           q)  Participation where necessary in the development of
             RMFs related to DFS;                             g)  Transparently;

           r)  Anti-money laundering, counter terrorism financing,   h)  Without exercising any price, access, and Quality of
             and fraud;                                          Service differentiation between DFSPs and for any
                                                                 other entities reliant on these resources;
           s)  Consumer protection generally;
                                                              i)  Without delaying the transfer and the delivery of any
           t)  Monitoring of systems and networks for security   service messages;
             breaches and intrusions where these may affect DFS,
             and the reporting of any breaches and intrusions   j)  Without violating any intellectual property rights;
             relating to DFS provision to the other Authority;
                                                              k)  Whilst ensuring the availability of network access in
           u)  Mutually  support  the  other  Authority’s  activities  in   accordance with applicable standards;
             relation to DFS and adjacent matters;
                                                              l)  In  a manner that may  amount to  anti-competitive
           v)  Mutual and expeditious notification to the other of   behaviour; and
             any issues, processes, and events that may affect the   m)  Where the licensees are MNOs, to validate and
             operation of DFS in (the country); and
                                                                 ensure that only verified and authorized persons are
           w) Any other strategy relating  to the scope of this   able to have access to—or provide, as the case may
             MOU deemed necessary and appropriate by the         be —customer SIM cards;
             Authorities;
                                                              n)  Undertake, as may be required, continuous testing,
                                                                 intrusion filtering and monitoring of their core net-
           NATIONAL TELECOMMUNICATIONS AUTHORITY-                works, BTS infrastructure and licensed mobile phone
           DESIGNATED ROLES
                                                                 frequency bands to ensure that there is no unautho-
                                                                 rized access, disruption or use.
           B.2.3 The NATIONAL TELECOMMUNICATIONS REGU-
           LATOR hall undertakes continuous monitoring of the   B.2.5 Tests and monitoring that may be required and
           licensed frequencies operated by  the MNOs so  as  to   which relate to specific issues identified in Section 2.4
           ensure that no unauthorized radio frequency devices   above shall include, but not be limited to, those for:
           are being used on these frequencies to, inter alia, cap-
           ture customer information and to disrupt MNO commu-  a) Unauthorized access to and use of any Signalling Sys-
           nications with their customers.                      tem 7 (SS7)-based core components of the MNO’s
           This monitoring may be undertaken jointly between    infrastructure;
           the  NATIONAL  TELECOMMUNICATIONS  REGULATOR       b) Use of any SS7 components of the MNO’s infrastruc-
           and the MNOs as may be necessary. Any breaches and   ture by any party where that use may be designed to
           intrusions that may have an effect on the operation and   undertake unauthorized or fraudulent activities;
           financial security of DFS in (the country) shall be expe-
           ditiously reported by the NATIONAL TELECOMMUNI-    c) Unauthorized  access to and  use of  any LTE-based
           CATIONS REGULATOR to the CENTRAL BANK.               core components of the MNO’s infrastructure;









                                           Technical report on SS7 vulnerabilities and mitigation measures for digital financial services transactions • 29