Ghana’s banking industry association has called on financial institutions to fundamentally rethink how they treat cybersecurity and internal controls, moving them from back-office compliance exercises to strategic, real-time safeguards embedded in the core of banking operations.
The Ghana Association of Banks (GAB) made the call at an industry workshop on March 26, 2026, convened as banks begin implementing the Bank of Ghana’s (BoG) revised Cyber and Information Security Directive (CISD) 2026. GAB Chief Executive John Awuah told industry leaders that banks must now view technology as their business, recognising its role as both an enabler and the operational backbone of modern financial services.
Mr Awuah said internal controls could no longer function as periodic, checklist-driven procedures. As banks accelerate digital transformation through mobile banking, fintech partnerships and online platforms, the risk profiles of individual institutions are changing faster than the control systems designed to manage them.
Risk and compliance executives at the session heard that digital and insider fraud now represent the sector’s most pressing vulnerabilities. Fraud occurring through electronic channels has become more complex, coordinated and difficult to detect using traditional monitoring tools, which were designed for lower transaction volumes and less sophisticated attack methods. Technology specialists at the workshop argued that insider fraud, in particular, was often more damaging than external cyberattacks precisely because it exploited trusted internal systems and processes.
The discussions identified specific structural weaknesses across institutions, including inadequate segregation of duties, limited real-time oversight, and fragmented risk frameworks that treat compliance as a reporting function rather than a strategic priority. Experts, including risk consultant Kwame Sarpong Barnieh, argued that internal controls must evolve into value-adding functions that support business growth while simultaneously protecting operations.
BoG First Deputy Governor Zakari Mumuni, who also addressed participants, said reframing cybersecurity to meet current trends was a matter of national and economic security, not merely a technical concern. He noted that the new directive, which supersedes the 2018 version, extends regulatory coverage to vulnerabilities arising from cloud technologies, third-party platforms, artificial intelligence (AI), and digital data ecosystems.
A coordination problem also featured prominently in the session. Fraud trends, especially in digital channels, are increasingly cross-institutional, with criminal networks exploiting gaps across multiple banks simultaneously. Yet the industry’s responses remain largely siloed. Participants called for stronger information sharing and collective action through platforms such as GAB’s anti-fraud network, arguing that interconnected threats demanded coordinated rather than individual responses.
The workshop follows a positive but fragile trend: Ghana’s banking sector recorded 716 fraud incidents in 2024, down from 969 in 2023, a 26 percent decline attributed partly to strengthened internal controls. However, industry leaders cautioned that the decline reflected improvements in traditional controls rather than readiness for the next generation of digital threats, and that complacency at this stage could quickly reverse the gains.


