Financial Institutions To Publish Bank-Specific Cyber Security Policies - BoG

The Bank of Ghana would soon require financial institutions to publish bank-specific cyber security policies in line with the provisions in the Payment Systems and Services Bill which is expected to be passed by Parliament soon.

The Governor of the Bank of Ghana Dr Ernest Addison, who announced this on Wednesday, said the Financial Institutions would also be required to implement an integrated approach by adopting enterprise-wide frameworks of cyber risk management in line with business objectives.

Dr Addison said this in a speech read on his behalf at the first summit on digital banking and cyber security organised by Standard Chartered Bank.

The summit brings together cyber security experts to share experiences and examine critical issues on digital banking and its associated cyber security risks and how to counter cyber threats in the industry.

Dr Addison said the Central Bank would continue to exercise firm oversight of the payment system, monitor risks associated with digital innovation and develop appropriate regulatory responses without stifling innovation.

He said while digitization of banking operations had engineered innovative financial products and expanded the scope of financial services alongside improved payments and settlement systems, the growth of technology-driven electronic payments are also associated with cyber related risks such as insecure card data systems and identity theft.

It is in this direction that the Bank has prepared a banking sector Cyber and Information Security guidelines to protect consumers and create a safer environment for online and e-payments products.

Among others, the guidelines seek to create a secure environment for transactions within the cyberspace and guarantee trust and confidence in ICT systems.

It also provides an assurance framework for the design of security policies in compliance to global security standards and best practices by way of cyber and information security assessments, and protect banks, customers and clients against the potentially devastating consequences of cyber-attacks.

Dr Addison said an integrated approach to cyber security management would support financial institutions achieve both business and security focused objectives, as well as regulatory compliance in an efficient and effective way.

However, he said, regulatory compliance by itself is not cyber security; adding that the onus lies on banks to examine the state of their security systems, identify gaps and design appropriate mechanisms to counter possible cyber threats.

“Today’s world is completely different from a decade ago as changes in information and communication technology increase exponentially. Consequently, financial institutions need to undertake cyber security-related due diligence and assessments, identify proper detective controls, and enforce third party and insider risk programmes,” he said.

Mrs Mansa Nettey, Chief Executive Officer Standard Chartered Bank Ghana, said advances in technology had ushered in new challenges and threats, including cybercrime.

“All organisations, which have adopted digitisation, increasingly have to deal with these threats which are becoming sophisticated. What is even more alarming is that the rate of advancement seems to have outpaced developments in cyber security,” she said.

She said it was unfortunate that regulation of cyber security was not harmonised and was not developing as fast, leading individual organisations to try their own solutions to cyber threats.

“This is why Standard Chartered Bank has chosen to lead the way by putting together the subject matter to discuss and share best practices in combating cybercrime and enhanced cyber security for digital financial services,” Mrs Nettey said.

She said cyber security was one area that the banks needed to work with each other to protect themselves from the threat of cyber-crime by engaging each other, sharing information and best practices and collaborating more.

“This is one area that we cannot afford to compete with each other as an industry. We can protect ourselves from the threat of cyber-crime by engaging each other, sharing information and best practices and collaborating more. For us at standard charted combating cybercrime is a fiduciary responsibility,” Mrs Nettey added.