Defining and promoting excellence in the provision of mobile money services

Similar documents
Unofficial Translation This translation is for convenience of those unfamiliar with Thai language Please refer to the Thai official version

Appendix State of the Industry Report on Mobile Money

UNITED BANK FOR AFRICA (UK) LIMITED PRIVACY NOTICE

DIGITAL FINANCIAL SERVICES BASIC TERMINOLOGY

CANADIAN PAYMENTS ASSOCIATION ASSOCIATION CANADIENNE DES PAIEMENTS RULE E4

ANTI-MONEY LAUNDERING SERVICES EXPERTS WITH IMPACT

Extract from Instruction for procedures against Money Laundering and Terrorist Financing for the SEB Group

Custom Benchmarking Report for Mobile Money. Anonymised version Dummy Data March 2017

Interbank Messaging Platforms and Technology Providers Remain Outside of PPF.

The WEF's Mobile Financial Services Project

My Visa Long is Getting Long in the Tooth

Use Case 1: Shared KYC / AML (Anti Money Laundering)

THE ARCG CHARTER. Issued in March 2008

NEPCon Impartiality Policy

TERMS OF REFERENCE OF THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS

Data Protection and Privacy Statement

The table below compares to the 2009 Essential Elements and the 2018 Enhanced Data Stewardship Elements

Applicant Data Privacy Notice

Mobile Connect Privacy Principles

Standard Advisory London Limited Third Party Privacy Statement

How to Stand Up a Privacy Program: Privacy in a Box

Retail Payment Systems Internal Control Questionnaire

APS Bank plc Data Privacy Policy

Information paper. Transaction filtering, systems testing and annual certification: driving business benefits

The Digital Financial Services Ecosystem

FINANCIAL DOCUMENTATION IN THE USE OF ELECTRONIC PAYMENTS REFERENCE TOOL 1 DRAFT FOR DISCUSSION PURPOSES ONLY

IMAS Guidance to Assessing Money Laundering and Financing of Terrorism (ML/FT) Risk

Financial Regulation and Financial Inclusion

UNITY TRUST BANK PLC ( the Bank ) AUDIT AND RISK COMMITTEE

Board Charter. Values Statement for IDCARE

AMF Position Compliance function requirements

TRANSACTIONAL SOLUTIONS

PERSONAL DATA PROTECTION ACT (PDPA)

GUIDANCE NOTE: MANAGED TRUST COMPANY BUSINESSES

Effective Vendor Risk Management. April 21, Mario A. Mosse. This Training is Brought to you by ComplianceOnline. Presenter:

Vendor Management Challenges and Expectations An Open Discussion April 13, 2017

TAG Certified Against Fraud Guidelines. Version 1.0 Released May 2016

Mobile Money regulation

Mobile money in Africa

I. Overview II. New services

Corporate Governance Framework

Privacy Notice for Clients of RISDON HOSEGOOD Solicitors

Guidance Note: Corporate Governance - Audit Committee. January Ce document est aussi disponible en français.

To the Point: Vendor Management PROFESSIONALS FORUM. initiative

Anti Money Laundering (AML) Advisory Services Effective solutions for complex issues Deloitte Malta, 2017

Solution Overview. A comprehensive business overview for financial institutions on RippleNet

Guidelines of ECF for AML/CFT Grandfathering

We collect and process your personal data when providing heating services to you. The personal data we collect includes:

WEWORK PRIVACY POLICY FOR PEOPLE DATA

UNITY TRUST BANK PLC ( the Bank ) AUDIT AND RISK COMMITTEE. Terms of Reference

Faster Payments Effectiveness Criteria - What s Next?

CONFLICTS OF INTEREST POLICY AND PROCEDURES

AUDIT COMMITTEE OF THE BOARD OF DIRECTORS OF THE TORONTO-DOMINION BANK CHARTER

Prepared Reviewed C.0 Issues Log C1.1 Assessment Process

Benchmarking Public Procurement 2015

EUROPEAN UNION GENERAL DATA PROTECTION REGULATION (EU GDPR) Privacy Statement

SINGAPORE QP SYLLABUS HANDBOOK ASSURANCE SINGAPORE QP SYLLABUS HANDBOOK ASSURANCE 1

Rules, Procedures, and Internal Controls Manual BRAM Bradesco Asset Management

Sydbank s Business Model 2017

PRIVY COUNCIL OFFICE. Audit of PCO s Accounts Payable Function. Final Report

INTEGRITY COMPLIANCE GUIDELINES

The Institute of Directors of South Africa ( IoDSA ) is the convener of the King Committee and the custodian of the King reports and practice notes.

2. Review Criteria against Enhanced Independent Review

INVESTING IN RESPONSIBLE DIGITAL FINANCIAL SERVICES Part I Overview of Guidelines

PAYMENTS CONFERENCE VICTORIA FALLS Sustaining Digital Payments

PRIVACY NOTICE May 2018

Guidance for Completion of the Anti-Money Laundering, Countering the Financing of Terrorism and Financial Sanctions Risk Evaluation Questionnaire

Privacy Statement for ING customers. Americas - May 2018

The Concept of the Legal Entity Identifier (LEI)

Xerox Privacy Notice: Rights of data subjects pursuant to the General Data Protection Regulation

Australian Remittance and Currency Providers Association Ltd. ACN: ABN: PO Box 1757 Lane Cove NSW 2066

Anti-Money Laundering and Sanctions Compliance. You Can t Afford the Risks

E-Money Prepaid & Debit Cards. Date: November 2017

Guidance for the AML/CFT Statistical return Year ended 31 December 2017 Regulated entities

Foundation Event Series One Developing and documenting Policies and Procedures. Jacelle Richardson Anguilla Financial Services Commission

Lexcel England and Wales v6.1 Standard for in-house legal departments Excellence in legal practice management and client care

English Translation (For Information Purposes Only) CODE OF BEST CORPORATE PRACTICES. Introduction

Estate Agency Affairs Board FIC AMENDMENT ACT

Audit, Risk and Compliance Committee Terms of Reference. Atlas Mara Limited. (The "COMPANY") Amendments approved by the Board on 22 March 2016

Legal & General (Unit Trust Managers) Limited Privacy Policy

The LSB s Information for Practitioners. The Standards of Lending Practice for business customers Asset Finance. Governance and oversight

STATEMENT ON RISK MANAGEMENT AND INTERNAL CONTROL

Universal Payment Gateway (UPG)

The Future of Payment Security in Canada

Trusted KYC Data Sharing Standards Scope and Governance Oversight

PERSONAL INFORMATION

General Information on Authorised Economic Operator (AEO)

Guidance for Completion of the Anti-Money Laundering, Countering the Financing of Terrorism and Financial Sanctions Risk Evaluation Questionnaire

Prepaid Cards. Coles Online Mastercard Product Disclosure Statement. Issued by: Indue Ltd Issue Date: July ABN , AFSL No.

Corporate Presentation. Author: DIMPAY Foundation

ISO/IEC Service Management. Your implementation guide

Who are Eazy Collect?

Customer Due Diligence A Risk Based Approach. Dr Tony Wicks Director of AML Solutions NICE Actimize

Self Assessment Workbook

LBMA Responsible Gold Guidance Compliance Report

AGENT INSTITUTION Presentation

Guidelines of ECF for AML/CFT Grandfathering

1.3. We will post any changes we may make to our Notice on this Website or communicate them to you by .

Customer Due Diligence, Using New Technology for in the CDD Customer Due Diligence PurposesProcess

Transcription:

SAFEGUARDING OF FUNDS DATA PRIVACY AML/CFT/FRAUD PREVENTION STAFF AND PARTNER MANAGEMENT CUSTOMER SERVICE TRANSPARENCY QUALITY OF OPERATIONS SECURITY OF SYSTEMS Defining and promoting excellence in the provision of mobile money services COPYRIGHT 2018 GSMA

Contents Introduction 2 Principle 1: Finance 4 Principle 2: AML/CFT/Fraud Prevention 5 Principle 3: People 6 Principle 4: Operation 7 Principle 5: Security 8 Principle 6: Transparency 9 Principle 7: Customer Service 10 Principle 8: Data Privacy 11 Annex: Definition of Mobile Money 12 1

Introduction The GSMA Mobile Money Certification The GSMA Mobile Money Certification is a global initiative to bring safer, more transparent, and more resilient financial services to millions of mobile money users around the world. Over the past decade, mobile money has evolved from a niche product in a small number of markets to an emerging market phenomenon, bringing reliable financial services to previously unbanked populations. Mobile money has evolved into the leading payment platform for the digital economy in many emerging markets. With 690 million registered accounts as of December 2017, the industry is now processing over $1 billion dollars a day. A key ingredient in the success of mobile money has been trust. The Certification will help to take the industry to the next level by improving quality of services and customer satisfaction, facilitating the implementation of trusted partnerships, building trust with regulators and encouraging the implementation of appropriate and proportional regulatory standards. Background The GSMA Mobile Money Certification is the result of years of collaboration between the GSMA and the mobile money industry, to increase trust and transparency in the provision of mobile money services. Beginning with the launch of the GSMA Code of Conduct in late 2014, the GSMA worked together with providers in Africa, Latin America, and Asia to understand the challenges of their business and the best practices in these markets. To develop the certification criteria, the GSMA led a three-year consultative process involving mobile money providers and independent expert consultants. The criteria were developed and tested through the self-assessments of 39 mobile money providers. In 2017 the GSMA contracted Alliances Management, an independent certification management company, to manage the scheme. The benefits of becoming certified Certified organisations are at the forefront of the mobile money industry. They have proven that they are serious about protecting the rights of consumers, delivering reliable and secure services, and combatting money laundering and the financing of terrorism. Their business practices are amongst the very best in the industry. 2

Fundamentally, the Certification is about enhancing trust and empowering consumers to make more informed choices about their financial services. This encourages mobile money adoption and advances financial inclusion. It gives assurances to potential financial partners that robust controls are in place, facilitating interoperability and encouraging integration into the financial ecosystem. The potential to collaborate, innovate and integrate with business partners will also be enhanced. By defining industry best practice, the Certification aims to build trust with regulators and encourage the implementation of appropriate and proportional regulatory standards. Enhancing trust in mobile money is in the collective interest of the private sector, governments, regulators, and consumers. Society as a whole stands to gain from the digitisation of financial services. The Principles of the Certification The Certification comprises eight principles, which are further divided into sub-principles. These principles are explained in detail in the body of this document. The eight principles are: 1. Finance: Safeguard customer funds against the risk of loss 2. AML/CFT/Fraud: Combat money laundering, terrorist financing and fraud 3. People: Manage staff, agents, and third parties correctly 4. Operation: Operate the service well and reliably 5. Security: Ensure the security of the systems supporting the service 6. Transparency: Communicate fees, T&Cs and information transparently to cu 7. Customer Service: Effectively address customer service requests and complaints 8. Data Privacy: Protect customers personal data The Certification process SELF ASSESSEMENT REMEDY NON-COMPLIANCE APPLICATION OFF-SITE AND ON-SITE ASSESSEMENT ASSESSMENT REPORT CERTIFICATE ISSUED For more information about the GSMA Mobile Money Certification, including details of the certification process, visit gsmamobilemoneycert.com or email mm@gsmamobilemoneycert.com. 3

Principle 1: Finance Safeguard customer funds against the risk of loss 1.1 Protection against loss due to the failure of the bank, provider, or another party Providers shall take measures to ensure that funds are protected in the case of insolvency of provider, custodial bank, or other entity 1.1.1 Providers shall ensure that funds equal to the total value of outstanding mobile money liabilities are held in one or more custodial accounts on behalf of the mobile money users 1.1.2 Providers shall ensure that user funds are ring-fenced to prevent attachment from the creditors of the provider in the event of a provider s insolvency 1.1.3 Providers shall take measures to mitigate the risk of loss of funds due to insolvency of the bank, bond issuer, or other entity in which funds are invested 1.2 Protection against settlement risk Providers shall take measures to ensure that funds are not at risk due to the process of settlement with banks and other financial partners 1.2.1 Where feasible, providers shall only authorize customer transactions in which the debiting and crediting of mobile money accounts is processed in real time 1.22 Providers shall regularly reconcile transactions and settle balances with financial ecosystem partners* * For the purposes of the Mobile Money Certification, financial ecosystem partners are entities that are connected to the mobile money service in order to provide a financial service. Examples include, but are not limited to, banks (custodial banks and other account-holding banks), entities that send or receive bulk payments, aggregators, merchants using Point of Sale devices, ATM providers, and other payment service providers (national and international). 4

Principle 2: AML/CFT/Fraud Prevention Combat money laundering, terrorist financing and fraud 2.1 Effective AML/CFT policies and procedures Providers shall develop effective policies and procedures for Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) compliance 2.2 Senior management commitment to AML/CFT Senior management shall demonstrate their commitment to AML/CFT compliance through proper oversight 2.3 Appointed AML/CFT manager (money-laundering reporting officer) Providers shall appoint a qualified money-laundering reporting officer (MLRO) to promote and monitor compliance with AML/CFT-related obligations 2.4 Software to monitor transactions Providers shall create a system to monitor transactions for AML/CFT and anti-fraud purposes 2.5 Risk-based KYC requirements and transaction/balance limits Providers shall collect KYC and screen customers, and apply risk-based limits or blocks on transactions and account balances 2.5.1 Providers shall adequately identify clients 2.5.2 Providers shall place appropriate risk-based transaction and balance limits on accounts, depending upon the strength of customer identification and verification 2.5.3 Providers shall have the ability to block account transactions under certain circumstances. 2.5.4 Providers shall screen accounts using domestic and international money laundering, terrorist financing, and sanctions watch lists 2.6 Staff and agent AML/CFT training procedures Providers shall train staff and agents in AML/CFT procedures, monitor their compliance and take action against violations 2.6.1 Providers shall ensure that staff and agents are properly trained in AML/CFT procedures. 2.6.2 Providers shall monitor staff and agent compliance with AML/CFT procedures 2.7 Fraud management Providers shall develop risk-based policies and measures for fraud detection and prevention 5

Principle 3: People Manage staff, agents, and third parties correctly 3.1 Due diligence policies and procedures Providers shall conduct proper due diligence on potential staff, agents and entities providing outsourced services 3.2 Training of staff and agents Providers shall develop and implement training programmes for staff and agents 3.2.1 Providers shall develop and implement training programmes for staff 3.2.2 Providers shall develop and implement training programmes for agents 3.3 Contractual agreements Providers shall establish written agreements governing their relationship with agents and entities providing outsourced services 3.3.1 Providers shall establish written agreements governing their relationship with agents and entities providing outsourced services 3.3.2 Providers shall assume responsibility for actions taken on their behalf by their agents (and any sub-agents) under the provider-agent contract 3.4 Management of staff, agents and entities providing outsourced services Providers shall develop policies and processes for ongoing management and oversight of staff, agents and entities providing outsourced services 6

Principle 4: Service operation Operate the service well and reliably 4.1 Board and senior management oversight of the mobile money service Providers shall ensure that the Board of Directors and senior management establish effective management oversight 4.2 Service-level management and reporting Providers shall manage technical and business operations according to service levels 4.2.1 Providers and partners should operate technical systems properly and manage service levels 4.2.2 Providers and partners should manage business operations and service levels 4.3 Capacity management Providers shall take steps to ensure sufficient service capacity through forecasting, monitoring, and testing 4.4 Incident and problem management Providers shall set up an incident management process to restore the service within agreed service levels and to investigate root causes of problems 4.5 Change and configuration management Providers shall develop processes to ensure that systems and applications remain robust and secure following system and configuration changes 4.6 Enterprise risk management Providers shall establish a risk management framework for identifying, assessing, and controlling risks 4.7 Business continuity Providers shall develop effective business continuity and contingency plans 7

Principle 5: Security Ensure the security of the systems supporting the service 5.1 Security governance Providers shall implement governance mechanisms to ensure that security policies are defined and implemented with ongoing management 5.1.1 Providers shall develop, implement, and regularly review a formal security policy for mobile money services 5.1.2 Providers shall train staff about their security responsibilities 5.1.3 Providers shall ensure policies are in place for the secure handling of information and assets 5.1.4 Providers shall ensure the protection of their assets that are accessible by suppliers and third parties 5.2 Designing and developing secure systems, applications and network Providers shall ensure that the systems, applications and network that support mobile money are designed and developed securely 5.2.1 Providers shall ensure that data is protected by cryptography and network security controls 5.2.2 Providers shall ensure that systems and applications are designed and developed securely and are thoroughly tested 5.3 Security operations Providers shall implement processes to manage all systems and operations securely 5.3.1 Providers shall Identify, assess and monitor security risks 5.3.2 Providers shall properly identify and authenticate system users 5.3.3 Providers shall limit access to customer data on a need to know basis 5.3.4 Providers shall liimit physical access to systems 5.3.5 Providers shall ensure correct and secure operations of information processing 5.3.6 Providers shall develop processes to ensure that all transactions and user activities are logged with appropriate audit trails 5.3.7 Providers shall regularly test security systems and processes 5.3.8 Providers shall ensure continuity of information security 5.3.9 Providers shall develop a process to identify, address, and monitor security incidents and security-related complaints 8

Principle 6: Transparency Communicate fees, T&Cs and information transparently to customers 6.1 Effective disclosure and transparency Providers shall ensure that users are provided with clear, prominent, and timely information regarding fees and terms and conditions 6.2 Education of customers about safety and security Providers shall educate customers about how to use mobile money services safely and securely 9

Principle 7: Customer Service Effectively address customer service requests and complaints 7.1 Customer Service policies and procedures Providers shall develop and publish customer service policies and procedures 7.1.1 Providers shall develop customer service policies and procedures 7.1.2 Providers shall inform customers of customer service policies and procedures 7.1.3 Providers shall develop specific policies for handling reversals 7.2 Availability of customer service support Providers shall provide an appropriate mechanism to address customers questions and problems 7.3 External recourse mechanisms Providers shall specify how disputes can be resolved if internal resolution fails 10

Principle 8: Data Privacy Protect customers personal data 8.1 Governance of Data Privacy Providers shall comply with good practices and relevant regulations governing customer data privacy 8.2 Data Privacy transparency Providers shall ensure that users are provided with clear, prominent, and timely information regarding their data privacy practices 8.3 Customers control of their Personal Data Providers shall ensure that customers are informed of their rights and have opportunities to exercise meaningful choice and control over their personal information 8.4 Minimization of Personal Data collection and retention Providers shall limit the personal information that is collected from customers and is retained, used, or shared 11

Annex: Definition of mobile money Mobile money is a transformational service that uses information and communication technologies to extend the delivery of financial services to clients who cannot be reached with traditional branchbased financial services. A service is considered to be mobile money if it meets the following criteria: 1. The service must include transferring money and making payments using the mobile phone. 2. The service must be available to the unbanked, e.g. people who do not have access to a formal account at a financial institution. 3. The services must offer at least one of the following products: a) Domestic or international transfer; b) Mobile payment, including bill payment, bulk disbursement, and merchant payment; or c) Storage of value. 4. The service must offer a network of physical transactional points outside bank branches and ATMs that make the service widely accessible to everyone. Services that are not considered to be mobile money: 1. Mobile banking services that offer the mobile phone as just another channel to access a traditional banking product. 2. Payment services linked to a traditional banking product or credit card. For more information about the GSMA Mobile Money Certification, including details of the certification process, visit www.gsmamobilemoneycert.com or email mm@gsmamobilemoneycert.com. 12

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback