Claim: The Financial Industry Command Security Operations Centre (FICSOC) is the first to be established across Africa – Vice President Dr Mahamudu Bawumia.
Verdict: False. Nigeria and Egypt have similar systems that detect, report, respond to, and share information on cyber threats against banks in their respective countries.
On Wednesday, May 24, 2023, Vice President of the Republic of Ghana and New Patriotic Party (NPP) presidential aspirant, Dr Mahamudu Bawumia, commissioned the Financial Industry Command Security Operations Centre (FICSOC) built and run by the Bank of Ghana (BoG).
“I commissioned a world-class state-of-the-art Financial Industry Command Security Operations Centre (FICSOC) established and operated by the Bank of Ghana. The first of its kind in Africa,” he claimed.
The centre has been built as a threat information exchange platform intended to enhance collaboration and coordination among banking and financial industry players to manage cybersecurity threats. The platform monitors, prevents shares information, responds to, and detects cyber threats targeted at banks and financial institutions in Ghana.
To create a more secure digital financial landscape, the Bank of Ghana (BoG) has made a major move by building a unique and modern command centre, the Financial Industry Command Security Operations Centre (FICSOC).
With an emphasis on ensuring the banking sector’s integrity and resilience against cybersecurity, this innovative facility acts as a primary point for organising security threats and intelligence sharing for banks in the country.
The Bank of Ghana issued the Cyber and Information Security Directive (CISD), directed at banks and other financial institutions under its control, in October 2018 in response to the growing cybersecurity risks. All regulated financial companies are required to establish thorough Information Security Management Systems (ISMS) controls under the CISD.
Is Ghana the only country to establish an intelligence-sharing cybersecurity system for banks?
To verify this claim, DUBAWA compared the Bank of Ghana’s FICSOC to similar systems established in some African countries. Other African nations had taken significant steps to strengthen their bank’s digital security before Ghana took the initiative to protect its financial institutions from cyber-attacks.
In Nigeria, its Central Bank (CBN) in 2018 established the Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Providers to provide guidelines for banks and payment service providers to enhance their cybersecurity measures. The framework emphasises the need for promptly reporting impending and challenging cyber threats to the CBN’s Director of Banking Supervision.
The Central Bank of Nigeria has made significant progress in enhancing cybersecurity for the country’s financial sector. The 2021 Nigerian National Cybersecurity Policy and Strategy (NCPS) identified the banking, finance, and insurance sector as one of its thirteen critical information infrastructure sectors.
The Risk-Based Cybersecurity Framework and Guidelines for Other Financial Institutions (OFI) also doubles as a cybersecurity guideline for other financial institutions in Nigeria. Its objectives are to support the OFI subsector in preventing and combating cybercrimes, promoting the adoption and use of best practices, creating a safer and more secure cybersecurity environment to support OFI operations, and ultimately fostering and preserving public confidence in the OFI subsector.
Checks by DUBAWA indicated that the Central Bank of Egypt (CBE) had established a centre to protect, respond to, and share information on banks in the country against cybersecurity threats. The CBE announced that its Computer Emergency Response Center for the Financial Sector (EG-FinCIRT) had received accreditation from the Global Forum for Security Incident Response Teams (FIRST) as a cybersecurity enabler for banks in the country.
In 2022, The United Nations Economic Commission for Africa (UNECA) partnered with the Republic of Togo to establish the African Centre for Coordination and Research in Cybersecurity. The centre included the African Cybersecurity Center, which will monitor, detect, and share cybersecurity intelligence with African governments, policymakers, law enforcement, and security agencies.
The Cybersecurity Summit on March 23 and 24, 2022, in Lomé, Togo, brought into force the Lomé declaration on cybersecurity and the fight against cybercrime which is a declaration to fight cyber threats in African countries and promote cybersecurity in all sectors, especially the banking industry.
The establishment of the Financial Industry Command Security Operations Centre (FICSOC) by the Bank of Ghana is not the first cybersecurity threat intelligence sharing platform in Africa. Nigeria and Egypt have similar systems that detect, report, respond and share information on cyber threats against banks in those countries. Togo is leading the way to Africa’s cybersecurity research hub. Hence, the claim is FALSE.
This report was produced under the Department of Communication Studies and DUBAWA’s project aimed at improving fact-checking competency and practice among Ghanaian media organisations with support from UNESCO IPDC.