The Cyber Security Authority (CSA) and the Ghana Association of Bankers (GAB) are collaborating to ensure a secure and resilient digital ecosystem for the financial sector.

This is coming after the heads of the two institutions met. Also present at the meeting were representatives from the Information Security Office of the Bank of Ghana (BoG).

Parliament passed the landmark Cybersecurity Act 2020 which establishes the Cyber Security Authority, protects the critical information infrastructure of the country, regulates cybersecurity activities, provides for the protection of children on the internet and develops Ghana’s cybersecurity ecosystem.

The Cybersecurity Act 2020, Act 1038, was passed by the 7th Parliament on November 06, 2020, and subsequently assented into law by the President, H.E. Nana Addo Dankwa Akufo-Addo on December 29, 2020.

The parties exchanged views on further strengthening cybersecurity and discussed practical strategies for implementing the Cybersecurity Act 2020 (Act 1038), a possible revision to BoG’s Cyber and Information Security Directive, among various issues of mutual interest.

The parties recognised the importance of securing the banking sector especially critical systems as they have been designated as critical information infrastructure (CII) pursuant to Section 35 of the Cybersecurity Act, 2020.

They further recognised that the Bank of Ghana is the regulator of the banking and financial services sector and that the CSA only regulates owners of CII with respect to cybersecurity activities as provided in Section 3 (c) of Act 1038. All the members of the GAB are designated as owners of critical information infrastructures and hence the need to strengthen collaboration between the GAB, CSA, and the BoG.

They agreed that security in the banking sector could be improved if there is effective collaboration and partnerships with other institutions like the Financial Intelligence Centre (FIC), the Economic Organised Crime Office (EOCO), the Criminal Investigations Department (CID), and the Cyber Security Authority, amongst others.

The meeting concluded with a Joint Statement outlining the areas of cooperation: the protection of CIIs, incident response, multi-stakeholder engagement, capacity building, and awareness creation.

The GAB and CSA reaffirmed their commitment to work together and agreed to collaborate with the Bank of Ghana to review the existing financial sector cybersecurity directive based on the current cyber risk profile of the financial sector and to align with the Cybersecurity Act 2020 (Act 1038), as well as sign a Memorandum of Understand on capacity building and awareness creation on cyber risks in the banking sector.

The parties will further collaborate to sensitise the public on the latest trends in cyber threats and ways they can protect themselves.

They will also adopt a multi-stakeholder approach through partnerships and joint activities to increase stakeholder knowledge, understanding, and compliance of the Cybersecurity Act, 2020 and to promote collaboration with other agencies to improve cybersecurity in the financial sector.  

They will also work closely with the BoG to ensure the accreditation of the Financial Sector Sectorial CERT pursuant to Section 44 of the Cybersecurity Act, 2020 to facilitate incident reporting and information sharing on cybersecurity incidents among banks.  

Again, they will collaborate and contribute to the establishment of the Industry Forum pursuant to Section 81 of Act 1038.

Both the CSA and GAB resolved to work closely with the BoG and other relevant agencies to ensure alignment of the various regulatory responsibilities of Banks to facilitate effective cybersecurity development in the banking sector.