The Bank of Ghana has launched a Cyber Security Directive for Financial Institutions to ensure an uninterrupted financial intermediation process and boost the trust and confidence of consumers in the banking industry.
Generally, the Directive seeks to establish the conduct and operational guidelines for the cyber and information security environment.
Specifically, it sets out procedures for governance, risk management, internal audit, asset management, cyber defence, and cyber response.
Speaking at the launch on the theme: “A Safer Digital Financial Industry,” Dr Maxwell Opoku-Afari, the First Deputy Governor of the Bank of Ghana, said the risk associated with cybercrime on financial systems globally was on the rise.
In Ghana, he said, a 2016 report indicates that millions of cyber-attacks were recorded that year in the financial sector.
“Indeed, cyber-attacks have the potential to pose systemic risk by disrupting business operations within the financial sector. For Ghana, the threat is growing. A recent study in 2016 disclosed that there were more than 400,000 Malware incidents, 44 million Spam incidents, and 280,000 Bot incidents within Ghana’s financial industry,” he said.
He said the Bank, through its monitoring systems, had observed on daily basis attempts by cybercriminals to bypass security controls and exploit vulnerabilities within the cyber and information security defences of financial systems.
He said the BoG was putting measures in place to ensure that the financial space was protected against those attacks.
“As the Bank of Ghana pursues this objective, alongside strengthening the regulatory and supervisory environment to restore confidence and promote stability and integrity of the banking sector, it is important that we also take concrete steps towards implementing cybersecurity measures to combat financial crime,” he said.
Dr Opoku-Afari said in the face of technology, financial services remained critical and the Bank of Ghana had established sound financial system with strong individual component institutions, as a major priority.
He noted that the Bank has developed the Cyber Security Directive for Financial Institutions because it deemed it necessary to take steps to counter the threats to ensure the integrity and operational security of the financial system.
“The idea is to position the sector as a major growth driver, to support an inclusive broad-based economy with the full implementation of new higher minimum capital requirements by the end of this year,” he said.
Dr Opoku-Afari said one unique characteristic of the Directive was the required active involvement of senior management executives and boards of financial institutions.
He said all banks would be required to appoint a Cyber and Information Security Officer (CISO), who would advise senior management and the board on cyber security issues, and also formulate adequate measures to manage cyber and information security risks.
In addition, banks would be required to follow an implementation schedule to ensure that effective cyber security controls are in place to counter any threats of cybercrime.
Dr Opoku-Afari said a key component of the measures to be deployed by the CISO is the training and education of all stakeholders.