Ghana has formally launched the Bank of Ghana (BoG) Cyber and Information Security Directive 2026 in Accra, bringing fintech companies and payment service providers under mandatory cyber resilience obligations for the first time alongside traditional banks.
Speaking at the launch, Minister for Communications, Digital Technology and Innovation Samuel Nartey George described the central bank’s embrace of the revised framework as a significant shift for an industry that was once considered resistant to change, reflecting broader government policy to treat digital technology as a core business function rather than a peripheral one.
The minister highlighted the directive’s alignment with Ghana’s Data Protection Act, 2012 (Act 843), and the Cybersecurity Act, 2020 (Act 1038), noting that those laws form the compliance backbone across sectors regulated by the Bank of Ghana.
George said the Ministry of Communications, Digital Technology and Innovation is currently reviewing the register of Critical Information Infrastructure (CII) designations and intends to classify all payment service providers as CIIs, a move he said would strengthen enforcement and reinforce obligations under existing cyber law. He reminded industry participants that regulated entities are required to file monthly reports with the Cyber Security Authority (CSA), and warned that failure to comply would trigger statutory penalties.
The minister pointed to the Financial Industry Command Security Operations Centre (FICSOC) as a shared industry defence mechanism, arguing that no single institution could withstand the volume and sophistication of attacks alone. On cross-border data flows, George signalled that while Ghana supports the free movement of data essential for digital commerce, financial data classified as critical national data must be retained locally under strict governance to guard against geopolitical risks.
He commended the Bank of Ghana for its continental leadership, noting that Ghana’s regulatory approach to fintech cyber risk has informed policy frameworks beyond its borders, and pledged continued collaboration between the ministry and the central bank to ensure compliance is effective across the sector.
