CSA, GAB hold consultative meeting on role of banks in ensuring secure, resilient digital ecosystem for the financial sector

The Cyber Security Authority (CSA) and the Ghana Association of Banks (GAB), led by their respective Institutional Heads, met on Thursday, April 7 2022, at the Cyber Security Authority Conference room in Accra to discuss the role of banks in ensuring a secure and resilient digital ecosystem for the financial sector. Also present at the meeting were representatives from the Information Security Office of the Bank of Ghana (BoG).

The parties exchanged views on further strengthening cybersecurity and discussed practical strategies for implementing the Cybersecurity Act  2020 (Act 1038), a possible revision to BoG’s Cyber and Information Security Directive, among various issues of mutual interest.

The parties recognised the importance of securing the banking sector especially critical systems as they have been designated as critical information infrastructure (CII) pursuant to Section 35 of the Cybersecurity Act, 2020.

They further recognised that the Bank of Ghana is the regulator of the banking and financial services sector and that the CSA only regulates owners of CII with respect to cybersecurity activities as provided in Section 3 (c) of Act 1038. All the members of the GAB are designated as owners of critical information infrastructures and hence the need to strengthen collaboration between the GAB, CSA and the BoG.

They agreed that security in the Banking sector could be improved if there is effective collaboration and partnerships with other institutions like the Financial Intelligence Centre (FIC), the Economic Organised Crime Office (EOCO), the Criminal Investigations Department (CID), and the Cyber Security Authority, amongst others.

After successful deliberations, the CSA and the GAB  agreed to collaborate more closely on certain critical areas and provide each other with all the necessary assistance for the efficient performance of their functions.

The meeting concluded with a Joint Statement outlining the areas of cooperation: the protection of CIIs, Incident response, multi-stakeholder engagement, capacity building and awareness creation.

The GAB and CSA reaffirmed their commitment to work together and agreed to: 

1. Collaborate with the Bank of Ghana to review the existing financial sector cybersecurity directive based on the current cyber risk profile of the financial sector and to align with the Cybersecurity Act 2020 (Act 1038).

2. Sign an MOU on capacity building and awareness creation on cyber risks in the banking sector. The parties will further collaborate to sensitise the public on the latest trends in cyber threats and ways they can protect themselves.

3. Adopt a multi-stakeholder approach through partnerships and joint activities to increase stakeholder knowledge, understanding and compliance of the Cybersecurity Act, 2020 and to promote collaboration with other agencies to improve cybersecurity in the financial sector.

4. Work closely with the BoG to ensure the accreditation of the Financial Sector Sectorial CERT pursuant to Section 44 of the Cybersecurity Act, 2020 to facilitate incident reporting and information sharing on cybersecurity incidents among banks.

5. Collaborate and contribute to the establishment of the Industry Forum pursuant to Section 81 of Act 1038.

Both the CSA and GAB resolved to work closely with the BoG and other relevant agencies to ensure alignment of the various regulatory responsibilities of Banks to facilitate effective cybersecurity development in the banking sector.