In a speech read on his behalf at the opening of the digital banking and cyber security summit organized by the Standard Chartered Bank Ghana Limited, Governor of the Bank of Ghana, Dr. Ernest Addison indicated that, banks in Ghana will soon be made to publicise their specific cyber security policies.
This directive according to Dr. Ernest Addison, is in conformity with provisions in the Payment Systems and Services Bill which is currently before Parliament for passage.
He said, the spat of cyber-attacks on banks are on the increase, especially in the Western countries and many industry players are of the view that, the Ghanaian banks and other financial institutions are not adequately protected and safe.
According to him, the central bank would continue to exercise firm monitoring policies on the payment system, which would monitor risks associated with digital innovation and develop appropriate regulatory responses without hampering innovation.
Saying “as policy makers and regulators, we will continue to exercise firm oversight of the payment systems, monitor risks associated with digital innovation and develop appropriate regulatory responses without stifling innovation.
Among others, the guidelines seek to create a secure environment for transactions within the cyberspace and guarantee trust and confidence in ICT systems, provide an assurance framework for the design of security policies in compliance to global security standards and best practices by way of cyber and information security assessments, and protect banks, customers and clients against the potentially devastating consequences of cyberattacks.”
He further indicated that, the current banking sector Cyber and Information Security guidelines is expected to protect consumers and create a safer environment for online and e-payments products.
“Financial Institutions would also be required to implement an integrated approach by adopting enterprise-wide frameworks of cyber risk management in line with business objectives.
It is anticipated that the integrated approach to cyber security management, would support financial institutions achieve both business and security focused objectives, as well as regulatory compliance in an efficient and effective way,” the governor noted.
He therefore said, regulatory compliance by itself is not cyber security. Saying the onus lies on banks to examine the state of their security systems, identify gaps and design appropriate mechanisms to counter possible cyber threats.
“Today’s world is completely different from a decade ago as changes in information and communication technology increase exponentially. Consequently, financial institutions need to undertake cyber security-related due diligence and assessments, identify proper detective controls, and enforce third party and insider risk programmes,” Dr. Addison said.