The Cyber Security Authority (CSA) and the Ghana Association of Banks (GAB) has come together to dialogue on opportunities and agree on issues relating to the licensing and accreditation regulations of Cybersecurity Service Providers (CSPs) and the accreditation of Cybersecurity Establishments (CEs), and Cybersecurity Professionals (CPs).
The meeting which happened on March 1, 2023 touched on the importance and benefits of the regulations being implemented by the Authority, especially, to the banking sector, which is one of the most mature sectors for cybersecurity services.
Leading the discussions were the Director-General of the CSA, Dr. Albert Antwi-Boasiako and the Chief Executive Officer of the GAB, Mr. John Awuah.
Dr. Antwi-Boasiako stated that the essence of the exercise, which is primarily for the Authority to initiate the development of the cybersecurity industry, needed the support of the Association to sensitise its members on the ongoing licensing and accreditation regulatory exercise to safeguard critical information infrastructures and protect the gains made in the sector.
He noted that without the right regulatory environment, the banking sector, which is one of the most cyber-dependent sectors could be crashed by criminals and other malicious actors at the click of a button.
Therefore, there’s a need for understanding and collaboration among industry players to prepare properly for the regulatory regime.
He further noted that the regulatory exercise will serve as a credibility launchpad for professionals who take up contracts in other countries, provide professional visibility and serve as eligibility criteria for Industry Forum Membership, among other benefits. According to him, the banking industry, which is one of the largely compliant sectors is highly prone to attacks due to the surge in online activities. The regulatory interventions, he said, will foster threats and information sharing within the industry and oblige the sector to ensure proper cybersecurity practices in their operations. According to the Director-General, Ghana is taking giant strides in cybersecurity development, acknowledging that the country has the ability to lead, and it is well-positioned to serve as a trailblazer in this regard for other countries to emulate.
The parties acknowledged the significance of securing information assets in the financial industry that have been designated as Critical Information Infrastructure sector under Section 35 of the Cybersecurity Act, 2020 (Act 1038) and Gazette Notice No.132 dated, September 23, 2021.
Recognising the CSA as a lead public agency overseeing the development of cybersecurity in the country, Mr. Awuah expressed his gratitude to the Director-General of the CSA for leading a positive change in the sector and assured him of the support of the Banking industry.
According to him, the regulatory process of the CSA is one way of creating proper entry barriers to safeguard the banking ecosystem, especially the licensing of CSPs, accreditation of CEs and CPs. He underscored the fact that the exercise by the CSA is an important step in safeguarding the digital infrastructure of the country, particularly the Banking sector, ensuring that cybersecurity services are provided by qualified and competent individuals and organizations.
After successful deliberations, recommendations, and suggestions, the parties agreed to collaborate closely on key areas and provide each other with the necessary assistance for the performance of their functions.
The meeting concluded with the parties outlining areas of cooperation. They reaffirmed their commitment to work together and agreed on the following:
- CSA shall adopt a collaborative approach in regulating cybersecurity in the Banking Sector by engaging with the Bank of Ghana as the regulator of the sector in consultation with the GAB as relevant industry body;
- Banks to lead the registration exercise of their SOCs under Establishments and Professionals; and also encourage their vendors to register before the deadline (September 2023)
- Engage the BoG to utilise the future national register of licensed CSPs as a means of ascertaining a credible and competent CSP which would help strengthen compliance with BoG’s directive by BoG-regulated institutions.
- Collaborate with the BoG to provide assurance of a secured and resilient Financial Industry Command Security Operation Centre (FICSOC) to enhance compliance with BOG’s directive.
- CSA to ensure that all government CIIs that interface with banks are also subjected to high standards of operations and are compliant with the directives issued by the CSA
- Collaborate to create public awareness and educate the financial sector on the necessity for the licence and accreditation exercise, the Cybersecurity Act 2020 (Act 1038), cybercrime, and other related issues.
- Grow and build transnational collaboration and global work for licenced Ghanaians working as Cybersecurity Professionals.
- Establish Cybersecurity Incident and Threat Information Sharing, as well as prospective research and development collaboration and partnerships.
- Maintain seamless, effective, clear, and timely communication to enhance the partnership strategy.