1 minute read
REGULATION OF PUBLIC DISCLOSURE IN AFRICA’S BANKING AND FINANCIAL SERVICES SPACE
governance requirements. Disclosure of cybersecurity incidents to the public can promote transparency and accountability and allow stakeholders to evaluate the cybersecurity risk profile for financial institutions. This also encourages financial institutions to invest in cybersecurity risk and improve their cybersecurity posture. In light of the increasing cybersecurity risks in the banking and financial sector, it is important
to regulate public disclosure.
Advertisement
The Cybersecurity Act 2020 in Ghana includes provisions that require mandatory reporting of cyber incidents to the designated responsible bodies. Similar regulatory frameworks have been introduced in other African countries to improve cybersecurity governance and public disclosure.
In the Central Bank of Nigeria’s Cybersecurity Guidelines for Deposit Money Banks and Payment Service Providers, for example, financial institutions are required to report cybersecurity incidents to the Central Bank of Nigeria as well as to other regulatory bodies. Financial institutions are also required to perform regular assessments of cybersecurity risks and implement effective cybersecurity control measures.
THESE REGULATIONS SHOULD INCLUDE THE FOLLOWING:
Timeline: Regulators should specify a timeline for companies to disclose cybersecurity incidents. The timeline should be reasonable and allow companies enough time to investigate and assess the impact of the incident.
Content: The regulations should specify what information is to be disclosed, such as the details of the incident or the mitigation measures taken. Disclosure should be concise, clear and accessible to all parties.
Enforcement: The regulations should state the consequences for non-compliance. The severity of the incident should determine the consequences. This will act as a disincentive to non-compliance.
Collaboration: Regulators should encourage companies to collaborate with regulators when a cybersecurity incident occurs. This collaboration can reduce the impact of an incident and help prevent it from recurring.
In Conclusion
The banking and financial service industry in Africa must enhance governance requirements to increase board and executive responsibility for cybersecurity. In order to combat the increasing complexity and frequency of cyber threats, it is essential that governance requirements are enhanced. This will ensure that cybersecurity risks can be treated as enterprise-wide risks, and that executives and board members have the skills and knowledge necessary to oversee cybersecurity. The public disclosure of cybersecurity requirements is a key aspect of enhancing governance. Regulation of public disclosure can promote transparency and accountability in Africa’s financial and banking services sector and allow stakeholders to assess the cybersecurity risk profile of financial institutions. Effective cybersecurity governance and public reporting will be critical as the industry continues its digital transformation. This will ensure the security and resilience of the financial system.
