A week ago
The Bank of Ghana (BoG) has introduced a robust new directive aimed at tightening the oversight on outsourcing activities by banks, Specialized Deposit Taking Institutions (SDIs), financial holding companies, and development finance institutions. The directive, which comes with a compliance deadline of July 1, 2025, underscores the BoG’s commitment to maintaining high governance standards within the financial sector. Institutions that fail to comply will face penalties of 1,000 penalty units, equivalent to GH₵12,000.
The directive addresses concerns about the increasing trend among regulated financial institutions (RFIs) to outsource certain functions as a cost cutting measure, potentially compromising risk management and governance frameworks. The Bank of Ghana has clearly outlined which functions may or may not be outsourced, emphasizing that critical strategic functions those central to the stability and independence of these institution must remain in-house.
According to the directive, RFIs are prohibited from outsourcing key roles, including board and senior management responsibilities, strategic oversight, corporate planning, and decision-making functions. This restriction extends to anti-money laundering (AML) and counter-terrorism financing (CTF) functions, customer verification for account openings, internal audit, risk management, and cybersecurity roles. Such critical functions must be directly handled by the institutions to avoid conflicts of interest and maintain a clear chain of accountability.
The directive also specifies that while RFIs can outsource certain non-core functions, they must inform the BoG at least ten working days before entering into such agreements. For core functions, however, RFIs are required to secure prior written approval from the BoG, as stipulated by section 60 (12) of Act 930. These steps are designed to ensure that any outsourcing arrangements for essential functions do not undermine the institution’s ability to make independent decisions and manage risks effectively.
To help regulated institutions navigate this transition, the BoG has set guidelines for a materiality assessment framework, which will assist institutions in identifying which functions are core and thus restricted from outsourcing. Furthermore, banks and SDIs are required to prevent the disclosure of sensitive customer information to third parties without customer consent. This data protection measure adds another layer of security, reflecting the BoG’s emphasis on safeguarding customer privacy amidst third-party collaborations.
The directive acknowledges that some financial activities, such as agreements with payment card networks (e.g., Visa, MasterCard) and inter-institutional clearing and settlement arrangements, will not be considered outsourcing. This exemption allows for necessary collaborations that facilitate secure financial transactions without compromising regulatory standards.
To support the transition, the BoG mandates that institutions review existing contracts and make necessary adjustments by June 30, 2025, or at the time of contract renewal, whichever comes first. RFIs must also submit their materiality assessment frameworks to the BoG by June 2, 2025, ensuring they are equipped to comply well ahead of the deadline. Failure to comply will result in the administrative penalty of GH₵12,000, with the potential for additional sanctions under Act 930 and Act 1032 if further violations occur.
This directive from the Bank of Ghana represents a significant step toward enforcing stronger risk management practices and governance standards. By maintaining control over high-stakes functions, Ghana’s financial institutions will be better positioned to protect against strategic, reputational, and operational risks. This move demonstrates the BoG's proactive approach in building a resilient financial sector capable of supporting Ghana's growing economy while ensuring consumer trust and regulatory compliance.
Source: Citi Newsroom, November 13, 2024
Total Comments: 0