Last week, the Bank of Ghana (BoG) launched the Financial Industry Command Security Operations Centre (FICSOC) Project after about three years of working with financial institutions in the country to create a secure cyber environment in the financial sector.
"The use of digital technologies continues to transform business models of financial institutions with new revenue and value-producing opportunities. Whilst these digital technologies support banking services and enable banking strategies, the underlying security vulnerabilities pose key cyber risks among these institutions," Ghana's Vice President Mahamudu Bawumia, said.
"Cybersecurity risks may impair operational capabilities and threaten the viability of financial institutions. Likewise, the contagion of cyber risk in a financial system is heightened by the extent of interconnectedness and therefore, any severe cyber-attack could threaten the stability of the financial system," he added.
In 2019, BoG initiated the FICSOC Project to provide threat intelligence-sharing, industry situational awareness and incident response among its regulated financial institutions. Officials of the BoG say as of April 2023, all commercial banks had been connected to the FICSOC and reporting of cyber threat intelligence in the form of FICSOC alerts and FICSOC advisories is being communicated to these banks.
Bawumia maintained that FICSOC is not a competitor or a replacement for existing regulated institutions' offering cybersecurity risk management in the country. According to him, "[it] rather complements each financial institution's cyber and information security management framework. Hence, the responsibility for cyber and information security risk management ultimately lies with each regulated financial institution, not FICSOC operators or the Bank of Ghana."
Before the commencement of the FICSOC project, BoG issued the Cyber and Information Security Directive (CISD) for banks and other Bank of Ghana-regulated financial institutions in 2018. The directive required these institutions to implement the required Information Security Management Systems (ISMS) controls to ensure the delivery of a safer digital financial industry.
"The implementation of the directive was phased over 36 months, and through effective monitoring and supervision among regulated banks," according to Ernest Addison, Governor of BoG.