The Cyber Security Authority (CSA) and the Ghana Association of Banks (GAB), led by their respective Institutional Heads, met on Thursday, April 7 2022, at the Cyber Security Authority Conference room in Accra to discuss the role of banks in ensuring a secure and resilient Ghana. Also present at the meeting were representatives from the Bank of Ghana (BoG) who were at the meeting as observers.
The parties exchanged views on further strengthening cybersecurity and discussed practical strategies for implementing the Cyber Security Act 2020 (ACT 1038), a possible revision to BoG’s Cyber and Information Security Directive, among various issues of mutual interest.
The parties recognised the importance of securing the banking sector and its financial system as a critical information infrastructure (CII). They further recognised that the Bank of Ghana is the regulator of the banking and financial services sector and that the CSA only regulates owners of CII with respect to cybersecurity activities. They agreed that security within the Banking sector could be improved if there is effective collaboration and partnerships with security institutions like the Financial Intelligence Centre (FIC), the Economic Organised Crime Office (EOCO), and the Criminal Investigations Department (CID), and the Cyber Security Authority amongst others.
After successful deliberations, recommendations, and suggestions, they agreed to collaborate more closely on certain critical areas and provide each other with all the necessary assistance for the efficient performance of their functions.
The meeting concluded with a Joint Statement of Cooperation outlining the areas of cooperation: the protection of CIIs, Incident response, multistakeholder engagement, capacity building, and the need to embed awareness.
The GAB and CSA reaffirmed their commitment to work together and agreed to:
Collaborate with the Bank of Ghana to review the existing banking sector cybersecurity directive based on the risk dimensions and align with the national directive and the Cybersecurity Act 2020 (Act 1038). Sign an MOU on capacity building and awareness creation; regularly engage, have professional exchanges and build an ecosystem of knowledge. The parties will further collaborate to sensitise the public on the latest trends in cyber threats and ways they can protect themselves Adopt a multi-stakeholder engagement strategy through partnerships to increase stakeholder knowledge of the law and foster a collaborative environment to support law enforcement and capacity building across sectors. Ensure sectorial CERTs are established and operationalised with clear mandates to enable the Authority have a general oversight in the area of Incident reporting and establish a thread and strategy to prepare for and minimise the risks of incidents reoccurring. Set up Industry Forum before the end of 2022 to increase the rate of information, intelligence sharing and engagements with other regulatory bodies.
John Awuah DR. Albert Antwi-Boasiako
Chief Executive Officer Ag. Director General
Ghana Association of Banks Cyber Security Authority