Bank of Ghana starts revising its Cyber and Information Security Directive and moves to expand FICSOC to all regulated financial institutions

In a welcome address at a Financial Industry Command Security Operations Centre (FICSOC) stakeholder engagement, the Bank of Ghana set out actions to strengthen sector-wide cyber risk management, including launching a revision of its 2018 Cyber and Information Security Directive (CISD) and beginning steps to broaden FICSOC participation beyond banks. The speech also noted that Ghana’s Cyber Security Authority has designated the Bank of Ghana as the Sectoral Computer Emergency Response Team (CERT) lead for the financial industry. The Bank of Ghana indicated the updated CISD will address emerging risks linked to artificial intelligence, data privacy, cloud computing and digital governance, and will be designed with proportionality so requirements reflect differences across institutions. FICSOC, established following the CISD, is described as enabling real-time threat monitoring, prompt incident reporting and coordinated response among participating institutions; the planned expansion would extend early warning systems, situational awareness reporting and threat intelligence to all regulated financial institutions by bringing in the National Insurance Commission, National Pensions Regulatory Authority and Securities and Exchange Commission. The address cited Bank of Ghana data showing cyber and technology-related fraud losses of almost GHS 10m in 2024, up from GHS 8.9m in the prior year. No timeline was provided for finalising the revised directive or for the expanded onboarding of institutions into FICSOC.