Collaboration, not Top-Down Regulation key to Strengthening Cybersecurity – Says BoG’s Head of Information Security
Acting Head of Information Security at the Bank of Ghana (BoG), Daniel Klu, has underscored the importance of deeper industry collaboration in strengthening cybersecurity across Ghana’s financial and payments ecosystem. Speaking during a panel session at the Payments Industry Cybersecurity Summit 2025, he cautioned that rigid, top-down regulatory approaches are less effective than inclusive frameworks developed with active input from all stakeholders.
“We have come to realize that security is strengthened by good collaboration,” he said. Mr Klu noted that the Bank of Ghana’s Cyber and Information Security Directive, alongside other initiatives, have helped bring banks, fintechs, payment service providers and telecommunications firms into one coordinated system. This, he explained, has significantly improved the industry’s ability to manage cyber risks.
He cited a recent widespread incident within mobile network systems which, although initially perceived as a telecoms problem, swiftly spilled into the banking and mobile payments space. “We had to quickly bring everybody together around the table,” he recalled. “This was resolved because the banks and the mobile networks came around the table and were talking.”
According to him, cybersecurity regulations must not be developed in isolation. “Strengthening cybersecurity in payment systems would require regulations that are not disjointed from the ecosystem, but bringing the ecosystem on board in creating those regulations,” he stressed. Imposed policies, he argued, often lead to weak compliance because some institutions may neither understand the requirements nor possess the capacity to implement them.
Mr Klu further revealed that the introduction of earlier directives, including the cybersecurity research committee directive, was met with feedback highlighting inadequate engagement with the sector. Some institutions, he said, lacked the resources or expertise to comply, while others resorted to workarounds to avoid penalties. This, he added, defeats the purpose of regulation.
“For us, strengthening cybersecurity in payment systems requires a lot of collaboration,” he emphasised, adding that directives must be shaped with the collective input of regulated entities to remain effective. “No one person has the answers. It’s important that we share information.”
Speaking further, he affirmed that the central bank would continue to prioritise collaborative regulation as a central strategy, noting that it has already proven successful in enhancing cyber readiness across Ghana’s financial landscape.
