The Bank of Ghana (BoG) has issued a detailed outsourcing directive that aims to enhance governance, risk management, and operational efficiency within banks, Specialized Deposit-Taking Institutions (SDIs), financial holding companies, and development finance institutions.
This directive is part of the BoG’s continued effort to regulate and strengthen the financial sector, particularly in response to the growing trend of outsourcing activities by these institutions to reduce operational costs and improve service delivery.
Under the new directive, financial institutions are required to comply by July 1, 2025, or face an administrative penalty of GH₵12,000, equivalent to one thousand penalty units.
The penalty will be imposed if the institutions fail to meet the specified standards and guidelines for outsourcing operations.
A significant aspect of the directive is the classification of functions that regulated financial institutions (RFIs) may and may not outsource.
Certain strategic functions, such as decision-making related to credit approval, anti-money laundering (AML) compliance, Know Your Customer (KYC) procedures, and internal auditing, must remain in-house to preserve the integrity and independence of key governance and operational roles.
Additionally, high-risk functions such as cyber and information security management and risk management should not be outsourced, ensuring that these critical areas remain under the direct control of the financial institutions.
The directive also defines what does not constitute outsourcing arrangements. For example, engagements with payment card schemes like Visa and MasterCard, as well as clearing and settlement arrangements between clearing houses and their members, are excluded from the outsourcing restrictions.
To ensure the effective implementation of the directive, BoG has instructed that regulated institutions review their existing contracts and make necessary adjustments to align with the new rules. They are expected to do this either at the time of contract renewal or by June 30, 2025, whichever comes first.
The institutions are also required to submit a materiality assessment framework to the Bank of Ghana by June 2, 2025, to evaluate which functions are core and non-core.
The Bank of Ghana has also outlined the procedure for financial institutions to follow when entering into outsourcing agreements.
For non-core functions, no prior approval from BoG is needed, provided the outsourcing arrangement complies with the relevant provisions of Act 930 and other applicable laws.
However, for outsourcing of core functions, such as those related to strategic management, compliance, and customer data management, BoG’s prior written approval is required, as stipulated under Section 60 (12) of Act 930.
BoG emphasized the importance of safeguarding customer data, stating that no outsourcing arrangement should result in the disclosure of customer information to third parties without the prior written consent of the customer.
Financial institutions must also ensure that they develop a clear materiality assessment framework to differentiate between core and non-core functions and to guide their outsourcing decisions.
The directive aims to mitigate several risks associated with outsourcing, such as strategic, operational, and reputational risks, by ensuring that critical functions remain under the oversight and control of the regulated financial institutions.
By strengthening these controls, BoG aims to protect the stability and resilience of Ghana’s financial sector while ensuring that outsourcing practices do not compromise the quality of service or the security of customer information.
Failure to comply with the new outsourcing rules will lead to an administrative penalty of GH₵12,000, in addition to other potential sanctions as per the provisions of Act 930 and Act 1032.
The directive reflects BoG’s commitment to maintaining high standards of governance in the banking and financial sectors, ensuring that Ghana’s financial institutions operate in a secure, transparent, and efficient environment.
