Dr. Johnson Asiama (2nd L) with some stakeholders
The Bank of Ghana (BoG) has launched a revised Cyber and Information Security Directive (CISD) aimed at strengthening the country’s digital financial system.
Speaking at the official launch of the Cyber and Information Security Directive (CISD) in Accra on the theme, “A Safer and More Resilient Digital Financial Industry”, Governor of the Bank of Ghana, (BoG), Dr. Johnson Asiama described the framework as a critical step toward safeguarding the country’s financial system in an increasingly digital era and growing cyber threats.
Sections 41 to 48 of the Cybersecurity Act, 2020 (Act 1038), designates the Bank of Ghana’s Financial Industry Command Security Operations Centre (FICSOC) as the Sectoral Computer Emergency Response Team (CERT) for the entire financial industry.
Key features of the new framework for CISD, include AI and machine learning governance, cloud computing security, proportionality framework, board-level accountability and inclusive oversight.
According to Dr. Asiama, the revised directive replaces the 2018 framework expected to address emerging threats and cyber problems in the current digital era which goes beyond simple compliance to a posture of active and collective cyber resilience.
He noted that the revised CISD also reflects an expanded mandate of the Central Bank which goes beyond supervising capital adequacy ratios or liquidity positions of banks to being responsible for safeguarding the confidentiality, and integrity of data that supports the financial sector.
The Governor highlighted the rapid transformation of the ountry’s financial landscape over the past decade, through innovations such as the introduction of mobile money, cloud computing, and artificial intelligence which has improved financial inclusion.
He, however, indicated that while all these innovations have improved financial inclusion significantly, it has also introduced serious security risks such as ransomware attacks, and systematic data breaches that could ‘paralyse a bank for days, and shatter public trust’.
The directive also introduces a proportionality framework to ease compliance burdens on smaller institutions, as well as new requirements for board-level accountability.
“We now mandate that at least one member of your Board possesses verifiable expertise in cyber risk management. A financial ecosystem is only as strong as its weakest link and we aim to build a unified shield for the entire sector,” he said.
Dr. Asiama further urged stakeholders to treat cybersecurity as a continuous process with vigilance and adaptation rather than a one-time effort.
By Ebenezer K. Amponsah