The Bank of Ghana (BoG) has released an Exposure Draft of its new Cyber and Information Security Directive, inviting comments and contributions from the banking industry and the general public.
This move is in line with the Bank of Ghana’s Procedures for the Issuance of Directives, 2020.
Public Review Period
The draft directive will be available on the Bank’s website www.bog.gov.gh for not less than 14 days from the date of publication. Stakeholders are expected to submit feedback via email to information.security@bog.gov.gh by 30 September 2025.
The Central Bank stated that it will review all submissions and provide a written explanation for comments that are incorporated into the final directive, as well as those that are not.
Objective of the Directive
The directive seeks to:
- Establish a secure digital environment for the financial services sector.
- Foster trust and confidence in ICT systems and digital transactions.
- Provide an assurance framework for developing security policies.
- Promote compliance with global cybersecurity standards and best practices through regular assessments.
Governance Structure
Under the draft directive:
- Boards of Regulated Financial Institutions (RFIs) will be responsible for defining cybersecurity risk management strategies, approving policies on information security, outsourcing, system survivability, backups, recovery from cyber incidents, and disaster preparedness.
- Senior Management of RFIs will be required to develop the institutional framework for implementing and maintaining these strategies, ensuring effective execution of cyber and information security policies.
Cybersecurity Policies and Procedures
The policies approved by the Boards must address:
- The prevailing cyber threat environment and its potential risks to the institution.
- The institution’s approach to identifying, managing, and monitoring cyber and information security risks.
- The guiding principles for implementing protective and recovery measures.
Rising Cyber Risks in Finance
The BoG emphasized that financial institutions have increasingly become high-profile targets for cyber-attacks due to their reliance on digital systems for processing transactions and transferring funds.
This exposure, the Bank noted, presents a unique challenge: balancing robust security with the need to maintain efficient, reliable services for customers.
