Central Bank of Libya

P.O. Box 1103 | Telegram Address: Central Bank of Libya - Tripoli - Libya

Reference: R.M/N 804 ( )

Circular No. R.M/N (2017/10)

Date: 26 Safar 1439 AH

Corresponding to: 14/11/2017 AD

---

To: General Managers of Banks

Mr. General Manager - Libyan Foreign Bank

Greetings,

Based on the provisions of Law No. (1) of 2005 concerning Banks and its amendments, and the supervisory and regulatory role exercised by the Central Bank of Libya over commercial banks in accordance with the law's provisions.

We hereby forward to you a copy of the Regulations and Instructions regarding the mobile payment service and electronic wallet, to take the necessary measures and implement its contents.

Dr. Mukhtar Al-Hadi Al-Tawil
Director of Banking and Currency Supervision Department

---

Copies to:

• Mr. Governor
• Mr. Head of Commercial Bank Account Coverage Committee – Central Bank of Libya
• Mr. Director of Information and Settlements Department – Central Bank of Libya
• Mr. General Manager of Employee Funds Guarantee Fund
• Mr. Director of Information Security Department – Central Bank of Libya
• Mr. Director of Information Coverage Department – Central Bank of Libya
• Mr. Director of Accounts Department – Central Bank of Libya
• Mr. Director of Main Financial Information Unit – Central Bank of Libya
• Mr. Deputy Director of Banking and Currency Supervision Department (Supervisory Affairs, Office Compliance & Follow-up)
• Department of Banking Availability and Compliance Follow-up

N. Bajad / Periodic Messages 2017/12

---

Central Bank of Libya

CENTRAL BANK OF LIBYA

Regulations and Instructions for Mobile Payment Services and Electronic Wallets

Draft version 1.2 *16/10/2017

Objectives:

These Regulations and Instructions aim to clarify the operational structure, technologies, and operating environment for the mobile payment service and electronic wallet and transaction limits. This framework includes the following:

---

The operational rules and frameworks accompanying the service provision process, including defining the technological environment and the control and regulation process.

The minimum technical and service requirements for all parties participating in the mobile payment and electronic wallet system.

The responsibilities and duties governing the role of all participants in the mobile payment system and defining the relationship between service providers and their customers within the scope of this framework.

The general rules for the operational mechanism of the mobile payment and electronic wallet system from initiation to completion.

Definitions:

The following terms have the meanings specified below.

No.	Definition in Arabic	Definition in English
1.	Clearing Cycle: The business day on which the mobile payment transaction was executed (clearing right is the same business day)	Clearing Cycle
2.	Business Day: Public working hours of the service provider during which financial transactions are settled in electronic wallet accounts.	Business Day
3.	Transaction Limit: The maximum amount allowed for transactions via mobile phone as specified in these regulations.	Transaction Limit
4.	Electronic Currency Cap: The maximum limit permitted for the service provider to issue electronic currency units in exchange for receiving cash from each customer.	Cash cap
5.	Customers: Natural or legal persons wishing to obtain the mobile payment service who hold an electronic account in accordance with laws and regulations issued by the Central Bank of Libya.	Customers
6.	Electronic Currency: Monetary value issued by the service provider or its agent after receiving real cash against it at the settlement bank for the purpose of making payments via the electronic wallet through the mobile phone.	Electronic Currency
7.	Electronic Wallet: An account containing the value of electronic currency that customers can use in the mobile payment system.	Electronic Wallet

Subscription Methods:

(1) Through an electronic wallet: In this case, the electronic wallet is linked to a mobile phone number, and this method requires the following:

---

Related Parties:

• Customers
• Service Provider Agents
• Service Provider
• Settlement Bank
• Mobile Phone Companies
• Central Bank of Libya

Roles of Related Parties:

Central Bank of Libya

1. Issuing regulatory legislation to ensure the smooth operation of the mobile payment service for electronic wallets.
2. Issuing necessary approvals for service providers to offer the service.
3. Supervising and monitoring the activities of service providers related to the mobile payment service for electronic wallets.
4. Approving the pricing of electronic wallet services provided by service providers.

Mobile Phone Companies

1. Providing the infrastructure to build dedicated communication networks for service providers.

---

Settlement Bank

1. Organizing agreements with the service provider for guarantee account management.
2. Allocating customer deposits for electronic wallet top-ups.
3. Managing the service provider's guarantee deposit account to cover electronic currency in customers' wallets, and notifying the Central Bank of Libya of the guarantee value.
4. Monitoring the service provider's activities to ensure compliance with agreed transaction terms.

Service Provider

The mobile electronic payment service provider must, at a minimum, take the following measures:

1. Verify the quality of overall standards for auditing, follow-up, and maintaining necessary records to document all mobile electronic payment transactions in compliance with regulations and legislation issued by the Central Bank of Libya.
2. Ensure that provided solutions (software) regarding mobile electronic payment services, as outlined in this framework, comply with international financial operation standards (ISO 20022) and (ISO8583).
3. Establish mechanisms in cooperation with contracting parties to educate and standardize the use of mobile payment services.
4. Commit to periodically and upon request providing the Central Bank of Libya with internal and external audit reports and overall expertise related to the payment service, and the Central Bank has the right to request specialized audits, the scope of which will be determined at the service provider's expense.
5. Adhere to transaction limits available to customers.
6. Ensure transparency in publishing and announcing all commissions associated with service provision and the mechanism for any changes.
7. Work on enabling and preparing payment solutions and applications for customers.
8. Ensure that the mobile electronic payment system provided by service providers includes means for monitoring operations and generating reports with financial adjustments according to relevant laws and legislation.
9. Retain audit logs (Log File) for all financial operations.
10. Retain audit trails (Audit Trails) for all operations conducted within the mobile electronic payment system.
11. Submit a quarterly report evaluating the performance level of service providers.
12. Ensure all customer transactions are tracked and verified for accuracy and reliability.
13. Comply with customer protection principles outlined in the electronic service instructions and this framework.
14. Provide a network of branches and agents who will be parties to service provision for customers, where cooperation with agents must be governed by terms and procedures regarding agent selection standards and necessary technical requirements for the agent as a service provider's representative.

---

Service Providers (Follow-up)

15. Commit to sending daily reports showing wallet balance deductions resulting from cash withdrawals.
16. To enable the settlement bank to adjust the electronic wallet guarantee account balance, and to put in place appropriate risk management procedures that may arise from providing this service. These procedures must cover at least the following risks:

• Compliance Risks, including at minimum:
  • Taking necessary measures to ensure service compliance with all laws and instructions issued by the Central Bank of Libya.
• Operational Risks, including at minimum:
  • Preparing backup infrastructure to support the main transaction infrastructure against disasters and risks.
  • Providing Business Continuity Plans and a disaster emergency center to ensure continuous and sustained service provision.
  • Ensuring systems used in mobile payment operations are available 24/7 and all service participants follow the same rules.
  • Conducting periodic inspections to verify the validity of backup infrastructure, risk plans, disaster business continuity plans, risk management plans, and business continuity plans.

17. Service Provider Obligations Regarding Contracts with Customers The service provider must regulate the relationship with its customers through written contractual agreements in plain and clear language according to central bank regulations. The mobile payment service provider must provide the customer with a paper or electronic copy specifying at least the following:

• A. Role and responsibilities of the service, and rights and duties related to the customer.
• B. A written guide to familiarize the customer with the service provision mechanism, how to submit complaints, and handling procedures.
• C. Contact information for both the payment service provider's complaints unit and the competent central bank unit to receive complaints in case of dissatisfaction with the complaint process.
• D. The contract between the service provider and customers must state that mobile payment transactions constitute a legal means of settlement.
• E. The service provider must classify contracts according to customer type.
• F. The service provider must notify the customer before final execution of any payment transaction with the following:
  1. Payer of the payment transaction.
  2. Amount of the transaction to be executed.
  3. Commissions associated with this transaction. In addition to the new wallet balance and the reference number for the payment transaction.

---

Service Provider Agents

1. The service provider has the right to delegate any of the following operations to an agent network for the purpose of carrying out operations specified in this document, which may include:
   • Accepting customer subscription requests for electronic wallets to benefit from the service.
   • Transferring electronic currency units to customer wallets within specified limits.
   • Registering customer wallets within specified limits.
2. If the service provider appoints agents to provide mobile payment services for electronic wallets, the service provider must ensure verification of legal entity status and provide a certificate obtained through the Commercial Registration and Licensing Office, including the Articles of Association and Establishment Contract, in addition to the license to practice the activity, a license from the headquarters, and a list of branches belonging to the headquarters.
3. The service provider must have the ability to monitor and follow up on all operations executed by the agent.
4. The service provider must provide the agent with practical instructions on operational points that must be performed.
5. The service provider must prepare specific controls to monitor activities to be conducted by the agent regarding this service.
6. The service provider must provide the agent with an appropriate insurance system for agent activities related to the service.
7. The service provider must provide systems to agents compatible with the banking operations they are authorized to perform.
8. The service provider must regulate the relationship with agents through written agreements outlining the roles and responsibilities of each party, including at minimum the service duration and appropriate monitoring of agent activities related to the service.
9. The agent may, at a minimum, use a dedicated phone number service for each service provider.
10. The service provider and its agents must provide the Central Bank of Libya with information according to the form specified for this purpose by the Central Bank of Libya.

Customers

Any natural or legal person who requests the service from the service provider and agrees to the contract concluded between them and the service provider according to regulations specified by the Central Bank.

Transaction Limits

The Central Bank of Libya sets daily and monthly limits and caps for daily and monthly operations as follows: 1. Daily Transaction Limit

No.	Transaction Type	Limit (LYD)
1	Person to Person Transfer	150.000
2	Person to Public Service Companies Transfer	200.000
3	Public Service Companies to Person Transfer	500.000
4	Person to Government Entity Transfer (except government entities)	300.000
5	Government Entity to Person Transfer (except government entities)	500.000
6	Person to Business Companies and Traders Transfer	300.000
7	Business Companies and Traders to Subscriptions Transfer	300.000
8	Business Companies and Traders to Subscriptions Transfer	1,000.000
9	Cash Top-up to Wallet Account	Up to the monthly cap of the electronic wallet
10	Cash Withdrawal via ATM using mobile phone after 4 daily transactions max	150.000
11	Cash Withdrawal via Service Provider or Agents up to 1 daily transaction	100.000
12	Payment and Purchase Operations via Electronic Wallet for Customers	Up to the monthly transaction cap of the electronic wallet

2. Monthly Caps for Electronic Transactions via Mobile Phone for Customers' Electronic Wallets with the Service Provider. Subject to the implementation level by the service provider.

No.	Customer Type	Monthly Cap (LYD)
1	Natural Person	1,000.000
2	Traders or Companies - Small	10,000.000
3	Traders or Companies - Medium	20,000.000
4	Traders or Companies - Large	50,000.000

3. Monthly Caps for Electronic Wallet Balance with the Service Provider. Subject to the implementation level by the service provider.

No.	Customer Type	Monthly Cap (LYD)
1	Natural Person	3,000.000
2	Traders or Companies - Small	10,000.000
3	Traders or Companies - Medium	20,000.000
4	Traders or Companies - Large	50,000.000

Customer Registration in Service

Registering customers to benefit from the service is the responsibility of the service provider through its branch or agent network. The following must be considered when registering customers:

1. The service provider must have a customer registration system.

---

Electronic Wallet Customer Registration

1. The customer visits a branch or agent of the service provider, fills out the subscription request form for the mobile payment service via electronic wallet, and provides the required documents for registration.
2. The service provider enters the information to verify that the customer is not already registered, then enters their data.
3. If rejected by the service provider, the customer is immediately notified by the competent employee with the reason stated.
4. If registration is successful, the service provider:
   • A. Issues and sends a user code and personal identification number (PIN) specific to the customer.
   • B. Activates the service for the customer and notifies them on the same phone number linked to the service.

Electronic Wallet Cash Top-up Process

1. The customer visits a branch or agent of their service provider.
2. The service provider or agent enters the cash top-up transaction data into the system, automatically verified from the customer's wallet account.
3. The transaction complies with the relevant conditions and limits.
4. If the system rejects the top-up transaction, the employee or agent notifies the customer of the rejection with the reason.
5. If the top-up transaction is accepted, the system records the top-up value in the customer's wallet.
6. The service provider sends an SMS to the customer confirming the successful top-up.

Electronic Wallet Top-up via Bank Transfers

1. The service provider or agent sends an addition notification from the settlement bank after verifying the customer's wallet account.
2. The transaction complies with the relevant conditions and fees.
3. If the service provider rejects the top-up transaction, the employee or agent notifies the customer of the rejection with the reason.
4. If the top-up transaction is accepted, the service provider sends an SMS to the customer confirming the successful top-up.

Limited Value Cash Withdrawal from Electronic Wallet

1. The customer visits a branch or agent of their service provider.
2. The customer sends a cash withdrawal request to the service provider to verify their account against relevant conditions and limits.
3. If the transaction is accepted and successful, the branch employee or agent pays the cash withdrawal amount to the customer.
4. If the service provider rejects the transaction, the customer is informed of the rejection with the reason.

Customer-to-Customer Payment Process

1. The customer creates a payment transaction via mobile phone by filling in the required details and sending the financial transaction to the service provider.
2. The service provider verifies the customer's wallet account, available balance, and specified limits.
3. If rejected, the service provider notifies the customer of the rejection with the reason.
4. If verification is successful, the service provider notifies the customer of the successful transaction.
5. The beneficiary customer is notified of the successful transaction by the service provider.

Cash Withdrawal from Electronic Wallet via ATM

1. The customer sends a cash withdrawal request – ATM – to the service provider to verify the wallet account and compliance with relevant conditions and limits.
2. If the service provider rejects the transaction, they notify the customer of the rejection with the reason.

---

Cash Withdrawal from ATM

If the service provider accepts the verification, they send a (TRN, PIN) specific to the ATM cash withdrawal transaction.

• Single-use and valid for a limited time.
• The customer enters (TRN, PIN) into the dedicated converter on the ATM screen, which then sends it to the service provider.
• If the service provider accepts the verification, they deduct the amount from the customer's wallet in return.
• The service provider notifies the ATM of approval and transaction success on the registered phones.
• The ATM executes the withdrawal for the specified value and debits it to the mobile account belonging to the service provider.
• The customer receives the cash from the ATM.
• If verification fails at the service provider, they notify the customer and ATM of the rejection.

Cash Withdrawal Based on Customer Request via Cheques or Money Transfer

1. The customer creates a request to obtain a financial value via cheque or money transfer using the mobile phone by filling in the required details and sending the transaction to the service provider.
2. The service provider receives the request and verifies the wallet account and compliance with relevant conditions and limits.
3. If verification fails, the service provider notifies the customer of the rejection with the reason.
4. If verification succeeds, the service provider prepares a request to obtain a cheque or money transfer for the customer to collect.
5. Upon completion of the transaction by the settlement bank, the service provider notifies the customer of the successful transaction and instructs them to come and collect the cheque or additional notification for the financial transaction.

Settlements

1. Settlement within a single service provider:
   • Transactions conducted within the service provider's system between accounts opened for its customers within the limits of its infrastructure, and transactions conducted within the accounts of the Central Bank of Libya customers, a contracted party, or a participant of the service provider, are not settled as they take an internal (on-us) nature.
2. Commissions:
   • Contracts with customers must specify the mechanism for deducting commissions for all transactions executed via the electronic wallet.
   • Each service provider must cover the electronic wallet account for the value of commissions deducted from electronic wallets.
   • For customers, when transferring the service value to the Central Bank of Libya for this wallet account, it is credited through the service system and sent to the settlement bank in the account it passes through the system.
   • The service provider must allocate commissions for specific transactions from the transfers.
   • The Central Bank of Libya determines the maximum limit for commissions for service providers according to the nature of transactions executed on the system, unless covered by commissions.

Customer Rights and Responsibilities

Customer Rights

1. The service provider must provide general conditions for benefiting from the service, available to customers either as booklets or published on the service provider's website. Conditions must be written in plain and clear language and must include:
   • Services provided by the service provider.
   • Responsibilities and duties of the service provider and customers.
   • Details of commissions the service provider will charge for each service.
   • Method for handling customer complaints and suggestions.
   • Procedures customers must follow in case of mobile phone loss.
   • Procedures related to service suspension by customers under the service provider.
2. The relationship between the service provider and customers must be built on a formal contractual agreement specifying the conditions for benefiting from the mobile payment service.
3. The service provider must take necessary professional measures to ensure the security and confidentiality of customer information.
4. The service provider must have a customer service center, which must include at minimum:
   • Providing guidance and advice to customers.
   • Answering customer inquiries.
   • Providing customers with adequate learning tools to enhance usage, security, and confidentiality principles.
   • Receiving customer complaints and suggestions.
5. The service provider must have clear procedures and mechanisms for handling complaints, damages, and decisions, including:
   • Publishing the complaints center address, email, and phone numbers.
   • Recording complaints or suggestions upon receipt in a dedicated file and assigning a reference number, which must bear the signature of the complainant or suggester.
   • Initiating procedures regarding complaints or suggestions on the first business day following receipt.
   • Resolving the complaint matter and considering the suggestion within three days maximum, and notifying the customer of the result.
   • Recording all calls passing through the complaints center phone lines audibly and maintaining these records.
   • Recording in case of dispute and closing the complaint.
6. The service provider must inform customers of the sufficient sense of duty and commitment among agents, as they are responsible for their activities and agents, in case of intentional or unintentional errors by agents.
7. Ease of use (USSD menus, etc.).
8. Privacy, trust, security, and confidentiality of operations.
9. Availability anywhere, anytime.
10. Immediate access to funds balances after completing payment transactions.
11. Immediate transfer of transaction values for operation values.
12. Easy access to dispute resolution applications.

Customer Responsibilities

1. Protect the personal password.
2. Verify transaction details regarding the recipient number and value before execution.
3. Comply with all security and confidentiality rules as approved by the service provider.
4. Do not issue transactions without sufficient funds in their accounts.

Technical and Security Requirements

Information is considered a main element in providing the mobile payment service via electronic wallet, and the technology used must possess security, confidentiality, integrity, and reliability in general. Therefore, the mobile payment service via electronic wallet must include the following elements:

1. Compatibility and smooth operation with other systems.
2. Use of Secure SMS (SECURED SMS) according to the latest international standards or use of USSD.
3. Use of secure, encrypted communication channels to provide electronic wallet payment services.
4. Simplicity and lack of complexity in applications to be installed on customer phones.
5. The user interface must be menu-based.
6. Customer access to the menu must be governed by username and password.
7. The password used must be encrypted.

General Controls and Conditions

1. The mobile payment system via electronic wallet is considered a licensed system by the Central Bank of Libya, and no other party may operate a parallel system without obtaining approval from the Central Bank of Libya.
2. Each electronic wallet must be linked to a customer's mobile phone number.
3. Access to the mobile system via electronic wallet requires the customer to have at least three years of experience in their field of work.
4. The person authorized to access the mobile electronic payment system must be of a higher rank than the data entry clerk.
5. No transaction in the mobile electronic payment system may be conducted without the participation of the data entry clerk, verifier, and authorized person.
6. A rotation policy must be established for the data entry clerks, verifiers, and authorized persons, and necessary measures must be taken to grant these authorities to the minimum number of people.
7. A daily report must be submitted by the system operations supervisor to the internal audit department of the service provider.
8. The system administrator (Admin) at the service provider is not allowed to issue any electronic wallet in any form.
9. No amount may be added to the mobile electronic payment system unless the actual financial consideration is collected in the bank's core system.
10. No transaction may be deducted from the customer's electronic wallet account without written consent from the customer.
11. The service is available to customers from the age of 18 and above.