Presentation is loading. Please wait.

Presentation is loading. Please wait.

Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA 2014. The policy advocacy and regulatory work of the GSMA Mobile Money team.

Published byGabriella Cross Modified over 8 years ago

Similar presentations

Presentation on theme: "Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA 2014. The policy advocacy and regulatory work of the GSMA Mobile Money team."— Presentation transcript:

1 Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA 2014. The policy advocacy and regulatory work of the GSMA Mobile Money team is supported by:

2 1. Mobile money providers (“providers”) safeguard customer funds against risk of loss 2. Providers have in place effective, proportional risk-based mechanisms to prevent, detect, and report the misuse of services for the purpose of money laundering or terrorist financing (ML/TF) 3. Providers screen, train, and monitor staff, agents and entities providing outsourced services to ensure that they offer safe and reliable services and comply with all relevant operational and legal requirements 4. Providers have well-developed policies and processes and sufficient network and system capacity to ensure reliable service provision 5. Providers take robust steps to ensure the security of the mobile network and channel 6. Providers communicate clear, sufficient, and timely information in a manner that customers can understand so that customers can make informed decisions 7. Providers have in place mechanisms to ensure that complaints are effectively addressed and problems are resolved in a timely manner 8. Providers collect, process, and/or transmit personal data fairly and securely The GSMA Code of Conduct for Mobile Money Providers: the 8 Principles

3  Protection against loss due to failure of bank, provider, or other party  Providers shall ensure that funds equal to the total value of outstanding mobile money liabilities are held in one or more custodial accounts on behalf of the mobile money users (“users”).  Providers shall ensure that user funds are ring-fenced to prevent attachment from the creditors of the provider in the event of a provider’s insolvency.  Providers shall take measures to mitigate risk of loss of funds due to bank insolvency.  Providers shall take measures to mitigate risk of loss of funds due to bond issuer’s insolvency (if applicable).  Protection against settlement risk  Where feasible, providers shall only authorize customer transactions in which the debiting and crediting of mobile money accounts is processed in real time. Principle 1 Mobile money providers (“providers”) safeguard customer funds against risk of loss

4 Principle 2  Effective policies and procedures − Providers shall develop effective policies and procedures for Anti-Money Laundering and Combating the Financing of Terrorism (AML/CFT) compliance.  Senior management commitment − Senior management shall demonstrate their commitment to AML/CFT compliance through proper oversight.  Appointed AML/CFT manager  Providers shall appoint a qualified employee to promote and monitor compliance with AML/CFT-related obligations.  Software to monitor transactions  Providers shall create a system to monitor transactions for AML/CFT purposes. Providers have in place effective, proportional risk-based mechanisms to prevent, detect, and report the misuse of services for the purpose of money laundering or terrorist financing

5 Principle 2 continued  Risk-based KYC requirements and transaction / balance limits  Providers shall properly identify clients and may use a risk-based KYC approach if permitted by local laws and regulations.  Providers shall place appropriate risk-based transaction and balance limits on accounts, depending upon the strength of customer identification and verification.  Providers shall have the ability to block account transactions under certain circumstances.  Providers shall screen accounts using domestic and international money laundering, terrorist financing, and sanctions watch lists.  Staff and agent AML/CFT training procedures  Providers shall ensure that staff and agents are properly trained in AML/CFT procedures.  Providers shall monitor staff and agent compliance with AML/CFT procedures.  Providers shall develop clear policies and processes for addressing staff and agent AML/CFT violations.

6 Principle 3  Due diligence policies and procedures  Providers shall conduct proper due diligence on potential staff, agents and entities providing outsourced services.  Training  Providers shall develop staff and agent training programs.  Contractual agreements  Providers shall establish written agreements governing their relationship with agents and entities providing outsourced services.  Proper oversight of staff  Providers shall develop policies and processes for ongoing staff management.  Providers shall develop staff discipline processes. Providers screen, train, and monitor staff, agents and entities providing outsourced services to ensure that they offer safe and reliable services and comply with all relevant operational and legal requirements

7 Principle 3 continued  Proper oversight of agents and entities providing outsourced services  Providers shall develop a comprehensive outsourcing risk management program.  Providers shall take steps to ensure that outsourcing arrangements do not affect their ability to meet obligations to customers and regulators.  Providers shall ensure that appropriate contingency and disaster recovery plans are in place.  Providers shall ensure that confidential customer and provider data are properly secured.  Providers’ responsibility for actions of agents (and any sub-agents)  Providers shall assume responsibility to regulators and customers for actions taken on their behalf by their agents (and any sub-agents) under the provider-agent contract.

8 Principle 4  Board and senior management oversight  Providers shall ensure that the Board of Directors and senior management establish effective management oversight.  Network and system capacity testing  Providers shall conduct tests to ensure sufficient network and system capacity.  Robust back-end settlements  Providers shall develop reliable processes for clearing and settlement.  Business continuity and contingency plans  Providers shall develop effective business continuity and contingency plans. Providers have well-developed policies and processes and sufficient network and system capacity to ensure reliable service provision

9 Principle 5  Governance  Providers shall develop, implement, and regularly review a formal security policy for mobile money services.  Providers shall identify and assess security risks prior to offering mobile money services and shall continue to monitor such risks on an ongoing basis.  Providers shall develop a process to identify, address, and monitor security incidents and security- related complaints.  Building a secure network, systems, and applications  Providers shall use firewalls to protect customer data.  Providers shall develop processes to ensure that systems and applications remain secure.  Providers shall limit access to customer data on a “need to know” basis. Providers take robust steps to ensure the security of the mobile network and channel

10 Principle 5 continued  Providers shall limit logical and physical access to customer data.  Providers shall properly identify and authenticate system users.  Providers shall develop risk-based fraud detection/prevention systems to identify suspicious transactions.  Ongoing monitoring  Providers shall ensure that stored customer data are protected.  Providers shall ensure that systems are protected against malicious software.  Providers shall develop processes to ensure that all transactions are logged with appropriate audit trails.  Providers shall develop reliable methods to log and track user activities within the mobile money system.  Providers shall regularly test security systems and processes.

11 Principle 6  Effective disclosure and transparency  Providers shall ensure that users are provided with clear, prominent, and timely information regarding fees and terms and conditions.  Safety and security  Providers shall educate customers on how to use mobile money services safely. Providers communicate clear, sufficient, and timely information in a manner that customers can understand so that customers can make informed decisions

12 Principle 7  Policies and procedures to ensure efficient resolution of customer complaints  Providers shall develop customer complaint policies and procedures.  Providers shall inform customers of the existence of customer complaint policies and procedures.  Providers shall develop specific policies for handling reversals.  Availability of customer service support  Providers shall provide an appropriate mechanism for customers to address questions and problems.  External recourse mechanisms  Providers shall specify how disputes can be resolved if internal resolution fails. Providers have in place mechanisms to ensure that complaints are effectively addressed and problems are resolved in a timely manner

13 Principle 8  Governance  Providers shall comply with good practices and relevant regulations governing customer data privacy.  Transparency and Notice  Providers shall ensure that users are provided with clear, prominent, and timely information regarding their data privacy practices.  User Choice and Control  Providers shall ensure that customers are informed of their rights and have opportunities to exercise meaningful choice and control over their personal information.  Providers shall seek customer consent for any changes that materially affect the privacy of their personal information.  Minimization of Data Collection and Retention  Providers shall limit the personal information that is collected from customers and is retained, used, or shared. Providers collect, process, and/or transmit personal data fairly and securely

14 Frequently Asked Questions Available online: http://www.gsma.com/mobilefordevelopment/programmes/mobile-money-for-the- unbanked/code-of-conduct  Why have the GSMA and its members developed the Code of Conduct for Mobile Money Providers?  What topics does the Code of Conduct address?  How will the Code of Conduct impact customers?  How will the Code of Conduct contribute to financial inclusion goals?  Is endorsement of the Code of Conduct mandatory for GSMA members?  How is compliance with the Code of Conduct assessed?

15 Next Steps  Secure commitment from more providers  Develop Recommended Business Practices  Develop Self-Assessment Process and Certification Regime  Creation of external review panel For further information: gsma.com/mmu http://www.gsma.com/mobilefordevelopment/programmes/mobile-money-for-the-unbanked/code-of-conduct mmu@gsma.com GSMA London Office - T +44 (0) 20 7356 0600

Download ppt "Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA 2014. The policy advocacy and regulatory work of the GSMA Mobile Money team."

Similar presentations

Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Auditing, Assurance and Governance in Local Government

Auditing, Assurance and Governance in Local Government
SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.

SEMINAR NAIC/ASSAL/SVS REGULATION & SUPERVISION OF MARKET CONDUCT © 2014 National Association of Insurance Commissioners Overview and Purpose of Market.
ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.

ICS 417: The ethics of ICT 4.2 The Ethics of Information and Communication Technologies (ICT) in Business by Simon Rogerson IMIS Journal May 1998.
Professional Behaviour

Professional Behaviour
1 Compliance Requirements November 27, 2012. Client registration & KRA requirements Formalities rationalized (agreements, signatures, documents) Availability.

1 Compliance Requirements November 27, Client registration & KRA requirements Formalities rationalized (agreements, signatures, documents) Availability.
Credit Reporting: What’s the role for the state? Fredes Montes Financial Infrastructure The World Bank.

Credit Reporting: What’s the role for the state? Fredes Montes Financial Infrastructure The World Bank.
1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.

1 INTERNAL CONTROLS A PRACTICAL GUIDE TO HELP ENSURE FINANCIAL INTEGRITY.
Security Controls – What Works

Security Controls – What Works
Information Security Policies and Standards

Information Security Policies and Standards
Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.

Chapter 7 Control and AIS Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 7-1.
1. 2 CVM’s OBJECTIVES u to stimulate the creation of savings and their investment in securities; u to promote the expansion and regular and efficient.

1. 2 CVM’s OBJECTIVES u to stimulate the creation of savings and their investment in securities; u to promote the expansion and regular and efficient.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.

CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
ITU workshop on “Digital Financial Services and Financial Inclusion GSMA Mobile Money for digital financial inclusion and economic development Simone di.

ITU workshop on “Digital Financial Services and Financial Inclusion GSMA Mobile Money for digital financial inclusion and economic development Simone di.
Purpose of the Standards

Purpose of the Standards
Session 3 – Information Security Policies

Session 3 – Information Security Policies
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Vendor Risk: Effective Management is Essential

Vendor Risk: Effective Management is Essential
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing

Similar presentations

Ads by Google