The Bank of Ghana has established a Financial Industry Command Security Operations Centre (FICSOC) to prevent and respond to cyber threats aimed at the financial services sector.

The project was undertaken by Virtual InfoSec Africa, a Ghanaian information security company, in collaboration with the Central Bank.

The Bank of Ghana initiated the FICSOC Project in 2019 aimed at ‘threat intelligence-sharing, industry situational awareness and incident response among its regulated financial institutions’.

Since April, all commercial banks had been connected to the FICSOC and reporting of cyber threat intelligence, in the form of FICSOC alerts and advisories, is being communicated to these banks, says the Central Bank.

Speaking at the opening last week , the country’s Vice President Mahamudu Bawumia underscored the importance of a robust cyber security infrastructure for maintaining confidence in the financial sector.

He said: “The use of digital technologies continues to transform business models of financial institutions with new revenue and value-producing opportunities. Whilst these digital technologies support banking services and enable banking strategies, the underlying security vulnerabilities pose key cyber risks among these institutions."

“Cyber security risks may impair operational capabilities and threaten the viability of financial institutions. Likewise, the contagion of cyber risk in a financial system is heightened by the extent of interconnectedness and therefore, any severe cyber-attack could threaten the stability of the financial system,” he noted.

Bawumia commended the Governor, board and management of the Bank of Ghana for their efforts in protecting the financial sector.

“The commissioning of this important edifice and infrastructure, which I understand is the first of its kind funded and owned by a Central Bank in Africa, is a remarkable feat by the Bank of Ghana. It is without doubt that, very soon, other central banks in the sub-region will visit the Bank of Ghana to study your approach to cybersecurity defence in the financial sector,” he said.

“My expectation, and that of government, is that financial institutions will be better equipped to deal with severe and emerging cyber threats targeting the banking industry, including zero-day threats and advanced persistent threats and exploits, and allow them to make informed decisions regarding the response to those threats.

“I wish to stress that the FICSOC platform is neither in competition with, nor a replacement for, regulated institutions' cyber security risk management (including their SOC operations), but rather complements each financial institution's cyber and information security management framework. Hence, the responsibility for cyber and information security risk management ultimately lies with each regulated financial institution, not FICSOC operators or the Bank of Ghana.”