BoG prepares sweeping cybersecurity overhaul for banks, fintechs

The central bank is tightening cybersecurity requirements for financial institutions as rising digital payments expose banks and fintechs to more sophisticated attacks.

The Bank of Ghana plans to issue a revised Cyber and Information Security Directive early next year, introducing tougher governance standards and expanding its sector-wide monitoring systems, officials said at a cybersecurity summit in Accra.

Speaking on behalf of Governor Dr. Johnson Pandit Asiama, Emmanuel Klu – the Bank’s deputy director and acting head of information – said regulators are preparing measures to match the speed at which cyber risks are growing across the financial sector. Digital payments have become central to the economy, he said, but that shift has increased exposure to system-wide vulnerabilities. A single breach, he warned, can erode public trust and disrupt monetary policy transmission.

“The very innovations powering this revolution also introduce heightened security risks,” Mr. Klu said, citing instant payments, cloud-based systems and emerging artificial intelligence tools.

He added that the Bank intends to “champion data protection and consumer safety” while ensuring regulation does not stifle the innovation driving financial inclusion.

A key element of the new regime is a formal elevation of Chief Information Security Officer roles within banks and fintechs. The draft directive released earlier this year proposes giving CISOs greater authority in strategic decision-making. The Bank of Ghana already requires institutions to appoint dedicated cybersecurity officers and adhere to strict incident-reporting timelines, but the revised rulebook is expected to tighten compliance further.

This overhaul also strengthens the role of the Financial Industry Command Security Operations Centre (FICSOC), a 24-hour monitoring hub created in 2019. Initially focused on universal banks, the centre now covers all regulated financial institutions and fintech companies.

Mr. Klu said commercial banks, savings and loans companies and some regulators are already connected, with plans of extending coverage to additional supervisory bodies.

He described FICSOC as the “nerve-centre” of the sector’s real-time threat detection efforts, with the system designated as the financial industry’s lead sectoral operations centre under the Cybersecurity Act of 2020. The Bank expects this expanded platform to deepen its ability in detecting anomalies and coordinating faster responses across institutions.

The regulator is also pushing banks and payment firms to adopt global frameworks such as ISO 27001 and NIST standards to improve cyber maturity.

Mr. Klu said the goal is to build “collective resilience”, noting that the sector is only as strong as its weakest institution. He urged financial institutions to invest in governance, customer verification tools and fraud prevention systems.

Cyberattacks, he said, have become a daily reality and the industry cannot afford a reactive posture.

“We must try to be visionary, stay 10 or even 100 steps ahead of malicious actors,” he told the summit.

Visa, which co-hosted the event with the central bank, echoed the call for stronger collaboration.

Fabrice Konan, Visa’s country manager for Ghana, said cybersecurity is now a national priority because the trust and functioning of the financial system depend on it.

“Cybersecurity is not a technical issue. It’s a matter of national interest,” he said.

Mr. Konan urged institutions to share intelligence more openly and adopt coordinated defensive strategies as digital transactions expand.

He said the forum should mark a turning point in how Ghana approaches cyber-readiness, adding: “Together we can make Ghana’s payment ecosystem secure, resilient and ready for the future”.

The post BoG prepares sweeping cybersecurity overhaul for banks, fintechs appeared first on The Business & Financial Times.

Read Full Story