In response to the increasing wave of cyber attacks in the financial sector, the central bank has issued a new set of Directives for financial institutions and established a specialised office to monitor compliance and deal with threats.
The Directives, among other things, seek to establish the conduct and operational guidelines for the cyber and information security environment. Specifically, they set out procedures for governance, risk management, internal audit, asset management, cyber defence, and cyber response among others.
Speaking at the Directives’ launch in Accra, First Deputy-Governor of BoG-Dr. Maxwell Opoku-Afari, stated that a recent study by the bank disclosed there were more than 400,000 malware incidents, 44 million spam incidents, and 280,000 bot incidents within Ghana’s financial industry.
According to Dr. Opoku-Afari, given the complexities associated with the advancement of technology, it is imperative that the Bank of Ghana takes steps to counter these threats to ensure integrity and operational security for the financial system.
“It is in this regard that the Bank of Ghana has developed the Cyber Security Directive for Financial Institutions. The objectives of this Directive are to ensure an uninterrupted financial intermediation process through a robust and resilient financial sector, and also to boost the trust and confidence of consumers in the banking industry,” he added.
The First Deputy-Governor said it is common knowledge that the financial sector’s resilience is largely dependent on the soundness of financial institutions and robustness of the financial market infrastructure.
The Cyber Security Directive for Financial Institutions, he said, does not fall short in addressing these objectives.
“All of us in the industry have key roles to play in the implementation of this Directive. One unique characteristic of this Directive is the required active involvement of senior management executives and boards of financial institutions.
“All banks are to appoint a Cyber and Information Security Officer (CISO) who will advise senior management and the board on cyber security issues, and also formulate adequate measures to manage cyber and information security risks.
“A key component of the measures to be deployed by the CISO is training and educating all stakeholders. Colleagues, it takes an individual to click on an email attachment for a virus to be introduced into the system of an organisation, but the whole organisation and sometimes the entire nation may also suffer the unintended consequences of this singular action. Therefore, another crucial element of the Directive is the creation of an enabling framework for efficient information-sharing among stakeholders; for example, between financial institutions and regulators, and among financial institutions as well,” Dr. Opoku-Afari said.
Subsequent to the Directive’s unveilling, banks are required to follow an implementation schedule to ensure effective cyber security controls are in place to counter any threats of cybercrime.
The First Deputy-Governor said there is a need for collaboration among key stakeholders in the fight against cyber-crime.
“As bankers, we must incorporate cyber security into our daily activities and imbibe these Directives in the policies and procedures of our individual financial institutions. Cyber threats are continuously evolving, and as custodians of the financial sector let us all embrace the Cyber Security Directive and work assiduously to ensure its success,” he concluded.
As part of measures to strengthen the Bank of Ghana’s oversight of banks’ implementation of cyber security directives, it has established a specialised office to focus on cybersecurity operations.