The recent disclosure by the Economic and Organised Crime Office (EOCO) that a Ghanaian national, popularly referred to as Abu Trica, faces up to 20 years’ imprisonment in the United States for allegedly masterminding an $8 million romance scam has once again reignited public outrage over cyber fraud. Predictably, public discourse has focused on the individual accused.
Yet this focus risks obscuring a more profound policy failure: the persistent weaknesses within Ghana’s financial system that allow cyber fraud to pass undetected until foreign authorities intervene. Cyber fraud is often framed as an online crime. In truth, it is fundamentally a financial crime. No scam of this magnitude can succeed without banks—accounts must be opened, funds must be received, transferred, layered, withdrawn, or converted. At every stage, the formal banking system is involved. The real question, therefore, is not merely who committed the crime, but how the system failed to stop the money early.
Banks as Gatekeepers of Financial Integrity
In advanced financial systems, banks are legally designated as gatekeepers. This role is not optional. It is codified in law and reinforced through regulation and sanctions. Ghana’s own banking laws reflect this principle. Section 3 of the Banks and Specialised Deposit-Taking Institutions Act, 2016 (Act 930) mandates the Bank of Ghana to ensure “the safety, soundness and stability of the banking system.” Financial integrity is inseparable from this mandate. Further, Act 930 places a clear responsibility on banks to conduct their operations in a manner that does not expose the system to abuse. Section 56 empowers the Bank of Ghana to take supervisory action where a bank’s practices “are unsafe, unsound or pose a threat to depositors or the financial system.” Cyber-enabled fraud clearly falls within this scope.
AML/CFT Obligations: Clear in Law, Weak in Practice
The Bank of Ghana’s Anti-Money Laundering/Combating the Financing of Terrorism (AML/CFT) Guidelines are explicit about banks’ responsibilities. They require institutions to adopt a risk-based approach, under which customers and transactions must be assessed according to their risk profile. Crucially, the Guidelines state that institutions must apply “enhanced due diligence where the risk of money laundering or terrorist financing is higher.” This includes situations involving unusual transaction patterns, large foreign inflows, or activities inconsistent with a customer’s known economic background. In plain terms, a customer with no discernible income stream suddenly receiving large or repeated foreign transfers should automatically trigger heightened scrutiny. The law does not merely permit this—it requires it. Yet cases like the alleged $8 million romance scam suggest that such scrutiny is often delayed or ineffective. Funds move through multiple accounts, sometimes across several banks, before action is taken. By then, the damage is done.
Transaction Monitoring: Where the System Falls Short
The weakness lies not only in customer onboarding but in continuous transaction monitoring. The BoG’s Risk Management Directive requires banks to maintain systems capable of “identifying, measuring, monitoring and controlling risks inherent in their activities.” This includes operational and financial crime risks. However, many banks still rely heavily on rule-based thresholds—flagging only single large transactions—rather than advanced behavioural analytics. Fraud networks understand this and deliberately structure transactions to avoid detection, sending funds in smaller tranches or cycling them rapidly across accounts. Romance scams are particularly adept at exploiting this gap. The sophistication of these schemes means that only dynamic, behaviour-based monitoring systems can detect them early. Static compliance tools are no longer sufficient.
Reporting Obligations and the Role of the Financial Intelligence Centre
Under Ghana’s AML framework, banks are required to file Suspicious Transaction Reports (STRs) with the Financial Intelligence Centre (FIC) whenever they “know, suspect or have reasonable grounds to suspect” that funds are the proceeds of crime. This threshold is intentionally low. Suspicion, not proof, is enough to trigger reporting. The law is designed to err on the side of caution. The challenge, however, is that delayed reporting undermines the entire system. If reports are filed after funds have already been withdrawn or transferred abroad, the preventive function of the AML regime collapses. At that point, enforcement becomes reactive rather than preventive.
Accountability: The Missing Deterrent
The Payment Systems and Services Act, 2019 (Act 987) further strengthens the regulatory framework by placing responsibility on payment service providers including banks to ensure the integrity of electronic transactions. Act 987 requires providers to operate systems that are “safe, efficient and secure” and empowers the Bank of Ghana to issue directives where payment systems are used in a manner that threatens financial stability or consumer protection. In an era where cyber fraud is increasingly digital and cross-border, this Act gives regulators ample authority to demand stronger controls. The question is not whether the Bank of Ghana has the legal tools but whether they are being used forcefully enough. One of the most uncomfortable realities is the issue of enforcement intensity. In Europe and North America, banks have paid billions of dollars in fines for AML failures. Senior managers have lost jobs. Reputational damage has been severe. In Ghana, enforcement actions are less visible and penalties are often modest. Without meaningful deterrence, compliance risks being treated as a box-ticking exercise rather than a core governance issue. This creates a permissive environment—one that fraudsters quickly identify and exploit.
Why This Matters Beyond One Case
Persistent cyber fraud has broader consequences. It damages Ghana’s international reputation, threatens correspondent banking relationships, and increases scrutiny on legitimate transactions. The cost is borne not only by the state, but by ordinary businesses and citizens who face delays, higher compliance costs, and reduced trust in the financial system. Ironically, the gains from cyber fraud accrue to a few individuals, while the losses are socialised across the economy. If Ghana is serious about tackling cyber fraud, reform must move beyond rhetoric: The Bank of Ghana must visibly enforce its AML/CFT directives using the full powers granted under Acts 930 and 987. Banks must invest in modern, behaviour-based transaction monitoring systems, not merely compliance software. KYC must evolve into continuous customer risk assessment, as envisaged under BoG’s risk-based supervision framework. Intelligence sharing across banks, coordinated through the FIC, must become the norm rather than the exception.
Conclusion: Prevention Is the Real Test
High-profile arrests make headlines, but they do not fix systems. Prevention is quieter, harder, and far more effective. As long as illicit funds can move faster than oversight, cyber fraud will persist—regardless of how many individuals are prosecuted. Ghana’s laws are clear. The Bank of Ghana’s mandates are explicit. Banks’ responsibilities are well defined. The challenge lies in implementation, enforcement, and accountability. Cybercrime thrives where money moves faster than control. In Ghana’s fight against cyber fraud, banks are not peripheral actors—they are the front line. The only remaining question is whether policy action will finally reflect that reality.
