The Bank of Ghana has introduced a significant reform requiring all banks and specialised deposit-taking institutions to appoint cybersecurity experts to their boards, as part of its newly launched Cyber and Information Security Directive (CISD) 2026.
Governor Johnson Pandit Asiama announced the measure during the directive’s launch, describing it as a critical step in addressing growing cyber risks within Ghana’s financial sector.
Under the new rules, financial institutions must ensure that at least one board member possesses verifiable expertise in cyber risk management, effectively elevating cybersecurity from a technical issue to a core strategic priority.
“Security is no longer just an IT problem; it is a strategic business risk. We now mandate that at least one member of your Board possesses verifiable expertise in cyber risk management,” Dr. Asiama stated.
The central bank believes the move will strengthen oversight and ensure that cybersecurity considerations are embedded in high-level decision-making processes.
The directive comes at a time when digital financial services, including mobile money, artificial intelligence, and cloud computing, are rapidly transforming Ghana’s banking landscape. While these innovations have improved access and efficiency, they have also increased exposure to sophisticated cyber threats.
Dr. Asiama emphasised that strong governance is essential to building resilience in the face of these risks.
“We are no longer just supervising capital adequacy ratios or liquidity positions; we are now, more than ever, safeguarding the confidentiality, integrity, and availability of the data that powers our economy,” he said.
In addition to board-level reforms, the directive introduces broader measures, including expanded cybersecurity oversight for fintechs and microfinance institutions, as well as new frameworks for artificial intelligence governance and cloud adoption.
Financial sector stakeholders are expected to review their board compositions and governance structures to comply with the new requirement, which could drive increased demand for cybersecurity expertise at the executive level.
The Bank of Ghana maintains that the directive is not merely regulatory but a necessary evolution to protect the financial system in an increasingly digital and interconnected world.
“This Directive is more than a set of rules to be complied with; it is a collective pact to protect the digital soul of our economy,” Dr. Asiama added.
