BoG launches new cyber security directive to safeguard financial sector

The Governor of the Bank of Ghana, Dr Johnson Pandit Asiama, has launched the revised Cyber and Information Security Directive (CISD) 2026, aimed at strengthening the resilience of Ghana’s digital financial ecosystem.

He said the initiative was a critical step towards safeguarding the confidentiality, integrity, and availability of data within the financial sector.

Speaking at the launch in Accra, Dr Asiama said the theme for the launch: ‘A Safer and More Resilient Digital Financial Industry,’ reflected the central pillar of the Bank’s regulatory philosophy and its commitment to protecting customers’ financial transactions.

Dr Asiama noted that the directive marked a significant milestone in the Bank’s mandate, which had evolved beyond ensuring price stability and soundness of financial institutions to include protection against cyber threats.

He observed that rapid technological advancements such as mobile money, cloud computing, and artificial intelligence had transformed financial inclusion and service delivery, but had also exposed the sector to sophisticated cyber risks.

“These threats, ranging from ransomware attacks to large-scale data breaches, are no longer isolated incidents but national security concerns that require coordinated action,” he said.

Dr Asiama explained that the revised directive builds on the initial framework introduced in 2018, which he said was no longer adequate to address emerging threats in the digital space.

He indicated that the Cybersecurity Act, 2020 (Act 1038), mandates the Bank of Ghana’s Financial Industry Command Security Operations Centre (FICSOC) to serve as the Sectoral Computer Emergency Response Team for the financial industry.

According to him, the CISD 2026 introduces key measures including governance frameworks for artificial intelligence, enhanced security protocols for cloud computing, and a proportionality approach that aligns regulatory requirements with the size and risk profile of institutions.

He further stated that the directive places cybersecurity at the board level, requiring financial institutions to include expertise in cyber risk management in their leadership structures.

Dr Asiama also announced plans to expand oversight to include other financial institutions, fintech companies, and partner regulators to ensure a comprehensive and unified defence system.

He stressed the need for a shared responsibility model to sustain the operations of the FICSOC, noting that continuous investment in technology and skilled personnel was essential.

“Cybersecurity is not a destination but a continuous journey. Our resilience will depend on talent, technology, and trust,” he added.

In his remarks, the Second Deputy Governor of the Bank of Ghana, Dr Zakari Mumuni, said the directive came at a time when cyber threats had become a constant reality, making preparedness a critical requirement for the financial sector.

He noted that the directive provided a clear regulatory framework to strengthen cyber defence and enhance the overall stability of the financial ecosystem.

Dr Mumuni emphasised that safeguarding the financial system was a collective responsibility, adding that cybersecurity must be treated as a national and economic security priority.

He commended stakeholders for their continued collaboration and urged all institutions to embrace the directive not merely as a compliance requirement, but as a strategic tool for building a secure and resilient financial system.

BY KINGSLEY ASARE

Follow our WhatsApp Channel now! https://whatsapp.com/channel/0029VbAjG7g3gvWajUAEX12Q