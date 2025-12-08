The Bank of Ghana plans to issue a revised Cyber and Information Security Directive early next year, introducing tougher governance standards and expanding sector-wide monitoring systems as rising digital payments expose banks and fintechs to sophisticated attacks. Officials announced the measures at a cybersecurity summit in Accra, emphasizing the need to match regulatory frameworks with rapidly growing cyber risks.

Speaking on behalf of Governor Dr. Johnson Pandit Asiama, Emmanuel Klu, deputy director and acting head of information at the Bank, said regulators are preparing measures to address vulnerabilities created by the digital transformation of Ghana’s financial sector. He noted that while digital payments have become central to the economy, increased reliance on technology has heightened exposure to system-wide threats that can erode public trust and disrupt monetary policy transmission.

Klu stated that innovations powering the digital revolution, including instant payments, cloud-based systems and emerging artificial intelligence tools, also introduce heightened security risks. He emphasized the central bank’s intention to champion data protection and consumer safety while ensuring regulation does not stifle innovation driving financial inclusion across the country.

A key element of the new regime involves formal elevation of Chief Information Security Officer roles within banks and fintechs. The draft directive released earlier this year proposes giving CISOs greater authority in strategic decision making, building on existing requirements for institutions to appoint dedicated cybersecurity officers and adhere to strict incident reporting timelines.

The overhaul strengthens the role of the Financial Industry Command Security Operations Centre, a 24-hour monitoring hub created in 2019. Initially focused on universal banks, the centre now covers all regulated financial institutions and fintech companies, with commercial banks, savings and loans companies and some regulators already connected.

Klu described FICSOC as the nerve centre of the sector’s real time threat detection efforts, designated as the financial industry’s lead sectoral operations centre under the Cybersecurity Act of 2020. The Bank expects the expanded platform to deepen capability in detecting anomalies and coordinating faster responses across institutions as coverage extends to additional supervisory bodies.

The regulator is pushing banks and payment firms to adopt global frameworks such as ISO 27001 and NIST standards to improve cyber maturity. Klu said the goal is building collective resilience, noting that the sector is only as strong as its weakest institution, and urged financial institutions to invest in governance, customer verification tools and fraud prevention systems.

The deputy director emphasized that cyberattacks have become a daily reality requiring proactive rather than reactive postures. He told the summit that the industry must remain visionary and stay multiple steps ahead of malicious actors to protect financial systems from evolving threats.

Visa, which co-hosted the event with the central bank, echoed calls for stronger collaboration across the financial sector. Fabrice Konan, Visa’s country manager for Ghana, described cybersecurity as a national priority because trust and functioning of the financial system depend on it.

Konan characterized cybersecurity as a matter of national interest rather than merely a technical issue. He urged institutions to share intelligence more openly and adopt coordinated defensive strategies as digital transactions expand, suggesting the forum should mark a turning point in how Ghana approaches cyber readiness.

The revised directive represents the Bank of Ghana’s latest effort to strengthen regulatory frameworks governing digital financial services. Previous measures have included mandatory cybersecurity audits, incident response protocols and requirements for business continuity planning among regulated institutions operating in Ghana’s expanding fintech ecosystem.

Digital payments have grown rapidly in Ghana over recent years, driven by mobile money adoption, internet banking expansion and emergence of numerous fintech companies offering alternative financial services. This growth has transformed how Ghanaians conduct transactions but also increased potential attack surfaces for cybercriminals targeting financial data and infrastructure.

Global trends show financial institutions facing increasingly sophisticated cyber threats including ransomware attacks, phishing schemes, distributed denial of service attacks and advanced persistent threats targeting payment systems. Regulators worldwide have responded with enhanced cybersecurity requirements recognizing that financial system stability depends on robust digital defenses.

The Bank of Ghana’s approach aligns with international best practices emphasizing shared responsibility across financial ecosystems. Regulatory frameworks increasingly recognize that cybersecurity requires coordination among banks, fintechs, payment processors, telecommunications providers and government agencies to create comprehensive defensive postures.

Industry observers note that successful implementation will depend on financial institutions’ willingness to invest in cybersecurity infrastructure, personnel and training programs. Smaller institutions may face resource challenges complying with enhanced requirements, potentially necessitating support mechanisms or phased implementation timelines.

The central bank has not disclosed specific compliance deadlines or enforcement mechanisms for the revised directive. However, officials indicated the framework will build on existing regulations while introducing more stringent governance requirements and expanding real time monitoring capabilities through FICSOC.