The Bank of Ghana (BoG) has initiated steps to expand the scope of its Financial Industry Command Security Operations Centre (FICSOC) to cover all regulated financial institutions, incorporating sister regulators such as the National Insurance Commission (NIC), National Pensions Regulatory Authority (NPRA), and the Securities and Exchange Commission (SEC).
This move is part of a broader strategy to bolster the country’s financial cybersecurity landscape, amid rising threats targeting the digital infrastructure of the financial sector.
Delivering the keynote address at the FICSOC stakeholder engagement on May 7, 2025, First Deputy Governor of the Central Bank, Dr. Zakari Mumuni, underscored that while the digital revolution has transformed financial services by unlocking innovation and promoting inclusion, it has exposed the sector to heightened risks which must be addressed.
According to the central bank’s 2024 latest fraud report, nearly GH¢10 million was lost to cyber and technology-related fraud, up from GH¢8.9 million in 2023.
“We are at a pivotal moment in the evolution of financial services. As technology advances and our economies become more interconnected, deeper integration within the financial industry is no longer a luxury – it is an imperative. Connecting platforms and systems across institutions is key to delivering seamless services to our clients. More importantly, it is a tool to reach millions of unbanked individuals across Ghana who deserve the opportunity to participate in and benefit from the formal financial system.
Yet, as we embrace the promise of digital inclusion, we must also confront the risks it brings — particularly in the realm of cybersecurity. Every new doorway to financial empowerment can also become an entry point for malicious actors. Cyber risks are unlike any other,” Dr. Zakari Mumuni remarked.
The First Deputy Governor observed that while FICSOC has been instrumental in enhancing threat monitoring and incident coordination, the next frontier is integration and collaboration.
He called on financial institutions, regulators, and technology providers to unite in building a resilient, secure, and inclusive financial ecosystem.
“A breach in one part of our financial ecosystem could compromise operations, security, and the privacy of stakeholders across multiple institutions — regulators, partners, vendors, and customers alike. This is why collaboration is not optional. No single institution, no matter how large or well-resourced, can face these threats alone. We must share intelligence, align standards, and develop resilient systems to protect the integrity of our industry and the trust of those we serve. The Bank of Ghana has long recognized this imperative. Over the years, the Bank has made significant investments in cybersecurity — not simply for compliance, but to build a foundation of trust and resilience for collective progress,” he added.
To mitigate emerging threats, Dr. Zakari Mumuni disclosed that the Central Bank is also revising its Cyber and Information Security Directive (CISD), originally issued in 2018 as it intensify efforts in tackling cyber and technology-related fraud in the financial sector.
The updated directive will take into account emerging risks associated with artificial intelligence, data privacy, cloud computing, and digital governance, and will reflect the realities of institutions of varying sizes.
“When we collaborate, we do not fight alone – we defend our sector with shared purpose and shared tools. While FICSOC offers a powerful collective shield, individual institutions must continue investing in their own cyber capabilities. A shared defense does not replace internal diligence; it strengthens it.
“But let me be clear — as a regulator, we are not resting on our success story. We are here today because we know cybersecurity is never static. It evolves — and so must we. Together, we must reflect, re-strategize, and build on our shared progress. Accordingly, the Bank of Ghana has initiated a process to revise the Cyber and Information Security Directive. The updated directive will address emerging risks tied to artificial intelligence, data privacy, cloud computing, and digital governance. It is being designed with proportionality in mind — ensuring that regulatory requirements reflect the varied realities of different institutions while continuing to protect innovation,” the First Deputy Governor stressed.
As part of its enhanced role, the Bank of Ghana has also been formally designated by the Cyber Security Authority as the Sectoral Computer Emergency Response Team (CERT) lead for the financial industry — a role that enables it to coordinate national-level responses to cyber threats and share intelligence across sectors.