BoG moves to broaden FICSOC scope, revise Cybersecurity Directive

The Bank of Ghana (BoG) is expanding its Financial Industry Command Security Operations Centre (FICSOC). This expansion will include all regulated financial institutions. It will also involve sister regulators like the National Insurance Commission (NIC), National Pensions Regulatory Authority (NPRA), and the Securities and Exchange Commission (SEC).

This initiative aims to strengthen the country’s financial cybersecurity. The move comes amid rising threats to the digital infrastructure of the financial sector. Dr. Zakari Mumuni, First Deputy Governor of the Central Bank, spoke at a FICSOC event on May 7, 2025.

He highlighted that the digital revolution has transformed financial services. However, it has also increased risks that need addressing. According to BoG's latest fraud report, nearly GH¢10 million was lost to cyber fraud in 2024.

This amount is up from GH¢8.9 million in 2023. Dr. Mumuni emphasized that deeper integration within the financial industry is essential. Connecting platforms across institutions can provide seamless services and reach unbanked individuals in Ghana.

However, he warned about cybersecurity risks associated with digital inclusion. Each new opportunity for empowerment can attract malicious actors. Cyber risks are unique and require collective action.

Dr. Mumuni noted that FICSOC has improved threat monitoring and incident coordination. The next step is enhancing integration and collaboration among stakeholders. He urged financial institutions, regulators, and technology providers to work together.

A breach in one part of the ecosystem can affect many others. Collaboration is crucial; no single institution can tackle these threats alone. Sharing intelligence and aligning standards will help protect industry integrity.

The Bank of Ghana has invested significantly in cybersecurity over the years. These efforts aim to build trust and resilience for collective progress. To address emerging threats, BoG is revising its Cyber and Information Security Directive (CISD).

Originally issued in 2018, this updated directive will consider new risks from artificial intelligence and data privacy issues. It will reflect different institutional sizes while ensuring innovation protection.

Dr. Mumuni stressed that collaboration strengthens individual institutions' cyber capabilities without replacing them. He acknowledged that cybersecurity must evolve continuously alongside emerging threats.

As part of its enhanced role, BoG has been designated by the Cyber Security Authority as Sectoral Computer Emergency Response Team (CERT) lead for finance. This role allows it to coordinate national responses to cyber threats effectively.