The banking industry has endorsed tighter cybersecurity rules introduced by the Bank of Ghana, warning that vulnerabilities in any part of the financial ecosystem could expose the entire system to risk.
Chief Executive Officer of the Ghana Association of Banks (GAB), John Awuah, Cyber at the Information Security Directive 2026 event said lenders are prepared to work closely with regulators and other stakeholders to implement the revised Cyber and Information Security Directive 2026.
“We are very excited as a community of banks with the level of engagement that we had with the Central Bank towards the development of this directive and as key stakeholders in the cyber security architecture, the community of banks stand ready to work with the Central Bank and all the other key players within the cyber ecosystem to ensure that, as the Governor said, we have a common defence for the cyber security of the country,” he said.
The directive expands regulatory oversight beyond traditional banks to include fintech firms, payment service providers and other actors, reflecting growing concerns about systemic risks as digital financial services deepen.
Awuah said the shift is necessary given the interconnected nature of the sector. “Because in cyber security, one small broken chain can be the entry route for a cyber miscreant to gain access to the bigger architecture,” he said. The industry previously operated under a 2018 framework that focused largely on banks, but the updated directive broadens coverage to the wider financial ecosystem, including smaller institutions and technology partners.
Awuah said banks increasingly view technology as core to their operations rather than a support function, requiring sustained investment in systems to safeguard customer deposits and maintain trust.“As banks, we see technology not as our business enabler. We see technology as our business,” he said.
The new framework also aligns with efforts by the central bank to strengthen the Financial Industry Command Security Operations Center, which serves as a sector-wide monitoring and response hub.
Industry leaders say collaboration will be key to the directive’s success, with Awuah emphasizing that cybersecurity must become embedded in operational strategy rather than treated as a compliance requirement. “It’s not going to be a compliance matter. It’s going to be part of the banking system DNA in how we operate,” he said.
The measures come as regulators across Africa step up oversight of digital finance, seeking to balance innovation with safeguards against cyber threats that could undermine confidence in financial systems.
