The Bank of Ghana (BoG) has taken a bold step in safeguarding the country’s financial system with the release of an Exposure Draft of its Cyber and Information Security Directive (CISD).
The directive, unveiled last week, seeks comments from banks, financial institutions, industry stakeholders, and members of the public before it is finalized and enforced.
The move is in line with the Bank’s Procedures for Issuance of Directives, 2020, which require public consultation before the rollout of new regulations.
Building a Safer Cyber Environment
The draft directive, according to the central bank, is designed to provide a regulatory framework for cybersecurity risk management across Ghana’s banking and financial services sector.
“The Directive is intended to create a safer and more secure cyber environment that underpins information system security and ultimately supports a resilient banking sector,” the Bank explained.
At the heart of the directive are minimum baseline controls and governance structures that institutions must adopt to secure digital platforms, customer data, and payment systems. With cybercrime on the rise globally and in Ghana, the BoG has emphasized that a proactive approach is critical to ensuring both institutional resilience and depositor confidence.
Key Provisions
Among other requirements, the draft directive obliges banks and financial institutions to:
Establish board-level oversight for cyber and information security.
Implement security controls aligned with international best practices.
Develop and test incident response and recovery plans.
Report significant cyber incidents promptly to the Bank of Ghana.
Conduct regular security audits and vulnerability assessments.
The Bank argues that such measures will help institutions anticipate and withstand cyber threats rather than merely reacting to them.
Open Door to Stakeholders
By putting the draft into the public domain, the BoG says it aims to build ownership of the directive across the sector and beyond. Stakeholders are encouraged to submit comments and practical suggestions that can strengthen the final regulation.
“This approach is consistent with our belief in transparency, inclusivity, and the need for a collaborative effort to protect the financial system,” the Bank noted.
Industry watchers have praised the move as timely, given the rapid adoption of digital banking services and electronic payment platforms in Ghana. Cybersecurity experts argue that early engagement with stakeholders will help ensure the directive is practical, enforceable, and effective.
The consultation process is expected to run for several weeks before the BoG consolidates feedback and issues the final version of the directive.
*****
Never miss out on the news. Get your valuable breaking news and other vital content by following The Sikaman Times on WhatsApp Channel
*****
