The Bank of Ghana (BoG), on Tuesday March 24, 2026, launched the revised Cyber and Information Security Directive (CISD 2026), aimed at strengthening the resilience of Ghana’s financial sector against emerging cyber threats.
The launch was attended by the Chief of Staff, the Minister for Communications, Digital Technology and Innovation, heads of regulatory institutions, bank executives, fintech partners, and industry associations.
Speaking at the event, the Governor of the Bank of Ghana, Dr. Johnson Pandit Asiama, described the revised Directive as a major milestone in safeguarding the country’s digital financial landscape.
He said the theme, “A Safer and More Resilient Digital Financial Industry,” reflected the Bank’s commitment to protecting the confidentiality, integrity, and availability of data within the financial ecosystem.
Dr. Asiama noted that innovations such as mobile money, cloud computing, and artificial intelligence had significantly improved financial access but had also introduced sophisticated cybersecurity risks.
“The threats we face today are no longer isolated IT incidents; they are national security concerns,” he said.
He recalled that the first Cyber and Information Security Directive issued in 2018 laid important foundations, but the rapidly evolving threat environment required a more robust and future‑ready framework.
The Governor highlighted that Sections 41 to 48 of the Cybersecurity Act, 2020 (Act 1038) designate the Bank’s Financial Industry Command Security Operations Centre (FICSOC) as the Sectoral CERT for the financial industry, giving BoG a legal mandate to actively coordinate and defend the sector against cyber threats.
Key Elements of the CISD 2026
Dr. Asiama outlined several new pillars introduced in the Directive, including, AI Machine Learning Governance – establishing a structured framework to ensure fairness, transparency, and security in the increasing use of AI for financial services and
Cloud Computing Security – permitting only controlled, risk‑based adoption of cloud services for non‑sensitive operations while insisting on data sovereignty as mandated by national law.
There are also a Proportionality Framework, which scales requirements according to the size and risk profile of institutions to avoid overburdening smaller banks, board-Level Accountability – requiring boards to include at least one member with proven expertise in cyber risk management and expanded FICSOC Coverage – onboarding Other Financial Institutions, fintechs, and partner regulators to ensure an industry‑wide defensive shield.
Dr. Asiama further announced plans to implement a sustainable shared services model to support the continuous operation and enhancement of FICSOC.
“To keep this critical national infrastructure cutting‑edge, we must adopt a shared responsibility model,” he said.
He urged industry players to treat cybersecurity not as a compliance requirement but as a strategic business priority, adding that the Directive represents a collective pact to secure the digital future of Ghana’s financial system.
Delivering the keynote address, Dr. Zakari Mumuni, First Deputy Governor of the Bank, emphasised that cybersecurity has become a central pillar of national and economic security in an increasingly interconnected world.
He said the 2018 Directive provided a strong foundation, but rapid digital transformation, growing reliance on third‑party services, and the sophistication of cyber threats necessitated a comprehensive update.
“This new Directive is both practical and forward‑looking, shaped through extensive collaboration with industry players, international partners, and subject matter experts,” he stated.
Dr. Mumuni commended stakeholders across the financial sector for their partnership and reaffirmed the Bank’s commitment to safeguarding financial stability in the digital age.
He expressed confidence that the Directive would enhance cyber preparedness and strengthen Ghana’s overall security posture.
Source: businesspostonline
