The Bank of Ghana (BoG) is preparing to roll out a revised Cyber and Information Security Directive (CISD) as part of sweeping measures to reinforce cybersecurity resilience within the country’s financial sector.
The move underscores the central bank’s determination to stay ahead of increasingly sophisticated digital threats, while fostering industry-wide collaboration to protect the integrity of Ghana’s financial ecosystem.
Announced at the recent Financial Industry Command Security Operations Centre (FICSOC) Stakeholders Forum in Accra, the central bank’s plan places renewed emphasis on regulatory reform, cross-sector cooperation, and technology governance.
Innovation and threat
First Deputy Governor Dr. Zakari Mumuni used the occasion to outline a comprehensive vision of collective defense in an age where cyber threats are stealthy, adaptive, and borderless.
“The Cyber Security Authority has formally designated the Bank of Ghana as the Sectoral Computer Emergency Response Team (CERT) lead for the financial industry,” he told the forum.
“This is more than a title—it’s a mandate to drive collective defense across the sector.”
Dr. Mumuni’s statement arrives at a critical juncture. As Ghana’s financial system grows more interconnected through digital infrastructure and service platforms, every advance in technology also becomes a potential vulnerability.
The proliferation of cyber threats—including insider breaches, digital fraud, and advanced persistent attacks—has elevated cybersecurity from an IT concern to a national economic imperative.
In 2024 alone, the BoG’s Fraud Report recorded cyber and technology-related fraud losses totaling nearly GH¢10 million, marking an increase from GH¢8.9 million in 2023.
“These numbers are not just statistics—they are a clarion call,” Dr. Mumuni said.
From proactive defense to adaptive regulation
Central to the Bank’s strategy is the revision of the CISD, originally introduced in 2018 to standardize and elevate cybersecurity practices across the banking and financial services industry.
The initial directive was instrumental in shifting institutional postures from reactive to proactive, with FICSOC playing a pivotal role in enabling real-time threat monitoring, incident reporting, and collaborative response mechanisms.
The forthcoming revision aims to build on that legacy, taking into account the rapidly evolving landscape of digital innovation. According to Dr. Mumuni, the updated directive will integrate new guidelines on artificial intelligence (AI), data privacy, cloud computing, and digital governance.
“This will not be a one-size-fits-all approach,” he emphasized. “The revised directive will be proportional and adaptive, ensuring institutions of all sizes can innovate while maintaining strong security standards.”
This nuanced regulatory approach reflects the BoG’s recognition that fintech startups, microfinance institutions, and large commercial banks operate under different conditions—but face common risks.
“Cybersecurity must be democratized,” Dr. Mumuni added. “Every institution must be supported with the tools and visibility to protect their operations and their customers.”
FICSOC as a shield of shared vigilance
Launched in 2019, the Financial Industry Command Security Operations Centre (FICSOC) has emerged as a cornerstone of Ghana’s cybersecurity architecture.
By aggregating and analyzing threat data from multiple institutions, the platform has fostered unprecedented situational awareness and enabled faster, more coordinated responses to cyber incidents.
The BoG now seeks to broaden FICSOC’s reach by integrating all regulated financial institutions into the platform—including entities overseen by sister regulatory bodies such as the National Insurance Commission (NIC), the National Pensions Regulatory Authority (NPRA), and the Securities and Exchange Commission (SEC).
This expansion is expected to amplify the platform’s capacity to serve as an early warning system and central repository for threat intelligence.
“The work at FICSOC has not gone unnoticed,” said Dr. Mumuni. “Its success has earned us the designation as Sectoral CERT lead. This designation opens the door to cross-sectoral intelligence sharing, collective defense, and a unified national response.”
However, he was quick to stress that shared defense does not replace institutional diligence.
“While FICSOC offers a powerful collective shield, individual institutions must continue investing in their own cyber capabilities. A shared defense strengthens internal resilience—it doesn’t substitute it.”
A culture of collaboration for resilience
The tone of the FICSOC Forum underscored a central message: that cybersecurity can no longer be the domain of individual institutions operating in isolation. The stakes are too high, and the threats too interconnected.
“Cyber risks are unlike any other,” Dr. Mumuni explained. “A single weakness in one institution can cascade into systemic threats. A breach in one part of our financial ecosystem could compromise operations, security, and the privacy of stakeholders across multiple institutions—regulators, partners, vendors, and customers alike.”
The path forward, he argued, lies in collective intelligence, standardized protocols, and integrated defense strategies.
The central bank, in this regard, is not only a regulator but also a convener and catalyst for system-wide resilience.
“We must build stronger bridges between institutions, regulators, and technology providers,” he said. “We must share, learn, and act—together.”
Trust as the foundation of financial innovation
In an era where financial inclusion increasingly depends on digital connectivity, securing Ghana’s financial infrastructure is more than just a technical necessity—it is a prerequisite for trust. Millions of unbanked and underserved citizens stand to benefit from the innovations driven by fintech and mobile banking, but that progress will stall without confidence in the safety and reliability of digital platforms.
By revising the CISD and expanding the mandate of FICSOC, the Bank of Ghana is making it clear that cybersecurity is not a box to be checked but a dynamic ecosystem to be nurtured.
It is a journey of continuous learning, innovation, and collaboration.
“Innovation without security is a risk we cannot afford,” Dr. Mumuni concluded. “The resilience of our financial system depends not just on regulation or technology—but on our willingness to work together.”
- Friday, May 9, 2025 Newspaper Headlines - 9 May 2025
- Adangabey brightens rural kids’ future from his wheelchair - 9 May 2025
- Stanbic donates ICT equipment to UHAS for digital learning - 9 May 2025
