BoG: Financial institutions to publish bank-specific cyber security policies

 Dr Ernest Addison

Dr Ernest Addison

The Bank of Ghana will soon require financial institutions to publish bank-specific cyber security policies in line with the provisions in the Payment Systems and Services Bill which is expected to be passed by Parliament soon.


The Governor of the Bank of Ghana Dr Ernest Addison, who announced this on Wednesday, said the financial institutions would also be required to implement an integrated approach by adopting enterprise-wide frameworks of cyber risk management in line with business objectives.


Dr Addison said this in a speech read on his behalf at the first summit on digital banking and cyber security organised by Standard Chartered Bank.


The summit brings together cyber security experts to share experiences and examine critical issues on digital banking and its associated cyber security risks and how to counter cyber threats in the industry.


Dr Addison said the central bank would continue to exercise firm oversight of the payment system, monitor risks associated with digital innovation and develop appropriate regulatory responses without stifling innovation.


He said while digitisation of banking operations had engineered innovative financial products and expanded the scope of financial services alongside improved payments and settlement systems, the growth of technology-driven electronic payments are also associated with cyber related risks such as insecure card data systems and identity theft.


It is in this direction that the Bank has prepared a banking sector cyber and information security guidelines to protect consumers and create a safer environment for online and e-payments products, and also to create a secure environment for transactions within the cyberspace and guarantee trust and confidence in ICT systems.


It also provides an assurance framework for the design of security policies in compliance to global security standards and best practices by way of cyber and information security assessments, and protects banks, customers and clients against the potentially devastating consequences of cyber attacks.


Dr Addison said an integrated approach to cyber security management would support financial institutions achieve both business and security focused objectives, as well as regulatory compliance in an efficient and effective way.


However, he said, regulatory compliance by itself is not cyber security; adding that the onus lies on banks to examine the state of their security systems, identify gaps and design appropriate mechanisms to counter possible cyber threats.


“Today’s world is completely different from a decade ago as changes in information and communication technology increase exponentially. Consequently, financial institutions need to undertake cyber security-related due diligence and assessments, identify proper detective controls, and enforce third party and insider risk programmes,” he said.


Mrs Mansa Nettey, Chief Executive Officer, Standard Chartered Bank Ghana, said advances in technology had ushered in new challenges and threats, including cybercrime.


“All organisations, which have adopted digitisation, increasingly have to deal with these threats which are becoming sophisticated. What is even more alarming is that the rate of advancement seems to have outpaced developments in cyber security,” she said, adding that it was unfortunate that regulation of cyber security was not harmonised and was not developing as fast, leading individual organisations to try their own solutions to cyber threats.


She said cyber security was one area that the banks needed to work with each other to protect themselves from the threat of cyber-crime by engaging each other, sharing information and best practices and collaborating more.





Print Friendly

Leave a Comment