Accra, Oct. 23, GNA – The Bank of Ghana has
launched a Cyber Security Directive for Financial Institutions to ensure an
uninterrupted financial intermediation process and boost the trust and
confidence of consumers in the banking industry.
Generally, the Directive seeks to establish
the conduct and operational guidelines for the cyber and information security
Specifically, it sets out procedures for
governance, risk management, internal audit, asset management, cyber defence,
and cyber response.
Speaking at the launch on the theme: “A Safer
Digital Financial Industry,” Dr Maxwell Opoku-Afari, the First Deputy Governor
of the Bank of Ghana, said the risk associated with cybercrime on financial
systems globally was on the rise.
In Ghana, he said, a 2016 report indicates
that millions of cyber-attacks were recorded that year in the financial sector.
“Indeed, cyber-attacks have the potential to
pose systemic risk by disrupting business operations within the financial
sector. For Ghana, the threat is growing. A recent study in 2016 disclosed that
there were more than 400,000 Malware incidents, 44 million Spam incidents, and
280,000 Bot incidents within Ghana’s financial industry,” he said.
He said the Bank, through its monitoring
systems, had observed on daily basis attempts by cyber criminals to bypass
security controls and exploit vulnerabilities within the cyber and information
security defences of financial systems.
He said the BoG was putting measures in place
to ensure that the financial space was protected against those attacks.
“As the Bank of Ghana pursues this objective,
alongside strengthening the regulatory and supervisory environment to restore
confidence and promote stability and integrity of the banking sector, it is
important that we also take concrete steps towards implementing cybersecurity
measures to combat financial crime,” he said.
Dr Opoku-Afari said in the face of technology,
financial services remained critical and the Bank of Ghana had established
sound financial system with strong individual component institutions, as a
He noted that the Bank has developed the Cyber
Security Directive for Financial Institutions because it deemed it necessary to
take steps to counter the threats to ensure the integrity and operational
security of the financial system.
“The idea is to position the sector as a major
growth driver, to support an inclusive broad-based economy with the full
implementation of new higher minimum capital requirements by the end of this
year,” he said.
Dr Opoku-Afari said one unique characteristic
of the Directive was the required active involvement of senior management
executives and boards of financial institutions.
He said all banks would be required to appoint
a Cyber and Information Security Officer (CISO), who would advise senior
management and the board on cyber security issues, and also formulate adequate
measures to manage cyber and information security risks.
In addition, banks would be required to follow
an implementation schedule to ensure that effective cyber security controls are
in place to counter any threats of cybercrime.
Dr Opoku-Afari said a key component of the
measures to be deployed by the CISO is the training and education of all