CSA, GAB hold consultative meeting to ensure digital ecosystem for the financial sector

The Cyber Security Authority (CSA) and the Ghana Association of Banks (GAB) have expressed willingness in working together to ensure a secured digital ecosystem for the financial sector in the country.

The two institutions led by their respective Institutional Heads, met on Thursday, April 7 2022, at the Cyber Security Authority Conference room in Accra to discuss the role of the bank in ensuring a resilient system devoid of systematic errors among other relevant topics.

Also present at the meeting were representatives from the Information Security Office of the Bank of Ghana (BoG).

The parties exchanged views on ways to strengthen cybersecurity and discussed practical strategies for implementing the Cybersecurity Act 2020 (Act 1038), a possible revision to BoG’s Cyber and Information Security Directive, among various issues of mutual interest.

The parties recognised the importance of securing the banking sector especially critical systems as they have been designated as critical information infrastructure (CII) pursuant to Section 35 of the Cybersecurity Act, 2020.

They further recognised that the Bank of Ghana is the regulator of the banking and financial services sector and that the CSA only regulates owners of CII with respect to cybersecurity activities as provided in Section 3 (c) of Act 1038 and that all the members of the GAB are designated as owners of critical information infrastructure, hence the need to strengthen collaboration between the GAB, CSA and the BoG.

They agreed that security in the Banking sector could be improved if there is effective collaboration and partnerships with other institutions like the Financial Intelligence Centre (FIC), the Economic Organised Crime Office (EOCO), the Criminal Investigations Department (CID), and the Cyber Security Authority, amongst others.

After successful deliberations, CSA and GAB agreed to collaborate more closely on certain critical areas and provide each other with all the necessary assistance for the efficient performance of their functions.

Also to work closely with BoG and other relevant agencies to ensure alignment of the various regulatory responsibilities of Banks to facilitate effective cybersecurity development in the banking sector.

After successful meeting, both parties concluded on areas of cooperation: the protection of CIIs, Incident response, multi-stakeholder engagement, capacity building and awareness creation.

They therefore reaffirmed their commitment to work together and agreed to:

1. Collaborate with the Bank of Ghana to review the existing financial sector cybersecurity directive based on the current cyber risk profile of the financial sector and to align with the Cybersecurity Act 2020 (Act 1038).
2. Sign an MOU on capacity building and awareness creation on cyber risks in the banking sector. The parties will further collaborate to sensitise the public on the latest trends in cyber threats and ways they can protect themselves.
3. Adopt a multi-stakeholder approach through partnerships and joint activities to increase stakeholder knowledge, understanding and compliance of the Cybersecurity Act, 2020 and to promote collaboration with other agencies to improve cybersecurity in the financial sector.
4. Work closely with the BoG to ensure the accreditation of the Financial Sector Sectorial CERT pursuant to Section 44 of the Cybersecurity Act, 2020 to facilitate incident reporting and information sharing on cybersecurity incidents among banks.
5. Collaborate and contribute to the establishment of the Industry Forum pursuant to Section 81 of Act 1038.