The Bank of Ghana is shifting toward a system-wide approach to managing cyber risk and has introduced a revised Cyber and Information Security Directive (CISD), thereby extending its regulatory coverage beyond banks to include fintechs, microfinance institutions and other financial sector players.
Governor Dr Johnson Pandit Asiama said this directive reflects a transition from traditional financial supervision to safeguarding the integrity of data and digital infrastructure underpinning the economy.
The updated framework replaces the 2018 directive, which the central bank said is no longer adequate for current risks.
Key provisions include new governance standards for artificial intelligence and machine learning systems used in fraud detection and credit scoring, aimed at ensuring transparency and security in automated decision-making.
The directive sets stricter conditions for cloud adoption, limiting the hosting of sensitive financial data outside Ghana in line with data sovereignty requirements under existing legislation.
Dr Asiama said core systems and critical data must remain within national borders.
The directive expands participation in sector-wide monitoring and response systems to include savings and loans companies, fintech firms and other non-bank institutions, with the aim of reducing vulnerabilities across the financial ecosystem.
To support implementation, the Bank of Ghana is developing a shared services model to fund and sustain FICSOC operations, signalling potential cost-sharing obligations for regulated entities.
Chief of Staff at the Presidency, Julius Debrah, also noted at the Cyber and Information Security Directive (CISD) launch that innovation without protection creates vulnerability and building resilience requires coordinated action across regulators and industry participants.
The revised policy underscores increasing linkages between financial stability and digital infrastructure as the country deepens its shift toward a technology-driven financial system.
Thus, the CISD is a comprehensive regulatory framework developed by the Bank of Ghana to strengthen cyber resilience and protect integrity in the country’s financial system.
As Ghana’s financial systems become increasingly digital, safeguarding them has become a matter of national importance.
Copyright © 1994 - 2026 GhanaWeb. All rights reserved.
