BoG, CSA Discuss Cyber Security Act

Dr. Maxwell Opoku-Afari

THE BANK of Ghana (BoG) and the Cyber Security Authority (CSA) recently met in Accra to discuss collaborative ways to improve cyber security in the banking sector and implementing the Cybersecurity Act, 2020 (Act 1038).

The discussions were led by the First Deputy Governor of BoG, , and the Acting Director-General of CSA, Dr. Albert Antwi-Boasiako.

Dr. Opoku-Afari highlighted the proactive measures taken by the bank prior to the promulgation of Act 1038, to address cyber security challenges in the banking sector. He said the most notable of such initiatives was the issuance of the Cyber and Information Security Directive (CISD) in 2018 to regulate cyber security related activities in the banking sector.

In 2021, the bank established the Financial Industry Command Security Operations Centre (FICSOC), to provide real-time visibility into cyber threats and attacks targeting the banking sector.

The parties recognised the importance of securing information assets in the banking sector which have been designated as Critical Information Infrastructure, pursuant to Section 35 of Act 1038. They also recognised that the CSA is a designated security sector institution and that, elements of cyber security in the BoG’s activities are considered national security issues.

The parties also recognised that under Section 3(c) of Act 1038, CSA has oversight of BoG’s Critical Information Infrastructure in respect of cyber security activities.

After successful deliberations, the BoG and the CSA agreed to collaborate more closely on cyber and information security related matters and to provide each other with the necessary assistance for the efficient performance of their respective functions.

The meeting concluded with a joint statement outlining the areas of cooperation, to improve information sharing and to increase awareness for the benefit of stakeholders of the BoG and the CSA.

The CSA is expected to pay a working visit to the FICSOC as BoG and the CSA seek to promote cyber security incident response and coordination. The BoG says it will continue to be a key member of the Joint Cybersecurity Committee (JCC), pursuant to Section 13 of Act 1038.

“Going forward, the CSA will rely on the BoG for timely provision of information on cyber security incidents relating to the banking sector, among others,” Dr. Antwi-Boasiako assured.

A business desk report