In Ghana, the Bank of Ghana has taken significant steps to enhance the cybersecurity landscape for the banking and financial services industry. One of these measures involves establishing the Financial Industry Command Security Operations Centre (FICSOC), which aims to prevent, rapidly detect, share information, and respond to cyber threats targeting the industry and the nation.
The development of this cybersecurity infrastructure began in November 2019 and is considered the first of its kind funded and owned by a Central Bank in Africa. It aligns with the Cyber and Information Security Directive (CISD) issued by the Bank in October 2018 and outlines the industry’s cybersecurity defense and response approach. The project was carried out in collaboration with Virtual InfoSec Africa (VIA), a Ghanaian information security company wholly owned by the Bank.
During the commissioning on May 24, 2023, Vice President Mahamudu Bawumia emphasized the importance of a robust cybersecurity infrastructure to maintain confidence in the financial sector, especially considering the increasing role of digital technology in financial services provision. He acknowledged the transformative potential of digital technologies for financial institutions but also highlighted the security vulnerabilities and cyber risks they bring.
The FICSOC Project, started by the Bank of Ghana in 2019, aims to facilitate threat intelligence-sharing, industry situational awareness, and incident response among regulated financial institutions. As of April 2023, all commercial banks in Ghana had been connected to the FICSOC, and cyber threat intelligence as FICSOC alerts and advisories were being communicated to these banks.
Vice President Bawumia commended the Bank of Ghana for its visionary leadership in safeguarding Ghana’s financial sector by designing and implementing protective policies. He acknowledged the significance of the FICSOC infrastructure as the first owned by a Central Bank in Africa. He predicted that other central banks in the sub-region would seek to learn from Ghana’s approach to cybersecurity defense in the financial sector.
While applauding the Bank’s proactive actions, Vice President Bawumia urged financial industry players to fully use the capabilities of the FICSOC while reinforcing their in-house security operations. He emphasized the FICSOC platform is not meant to compete with or replace the cybersecurity risk management of regulated institutions, including their Security Operations Centers (SOCs). Instead, it complements each institution’s cyber and information security management framework. Ultimately, the responsibility for cybersecurity risk management lies with each regulated financial institution, not the FICSOC operators or the Bank of Ghana.