Microfinance Licence and Regulations in Ghana (2026): What Every Institution and Investor Needs to Know
The Bank of Ghana has issued new Guidelines on the Revised Microfinance Sector Framework (Bank of Ghana Notice No. BG/GOV/SEC/2026/03) which overhauls the sector’s entire institutional architecture for the first time since 2011. The reforms affect every microfinance institution currently operating in Ghana, and it comes with hard deadlines.
Frequently Asked Questions (FAQs)
What is Ghana’s revised microfinance sector framework?
It is a new regulatory framework issued by the Bank of Ghana on 27th January 2026 through Notice No. BG/GOV/SEC/2026/03. It replaces the four-tier structure that has governed Ghana’s microfinance sector since 2011 and introduces four new institutional categories: Microfinance Banks, Community Banks, Credit Unions, and Last-Mile Providers. Every microfinance institution currently operating in Ghana must transition into the new framework by 31st December 2026.
What are the new microfinance license categories and their primary market?
The new license categories are as follows:
| Category | Supervised by | Primary market |
| Microfinance Banks | Bank of Ghana | MSMEs, formal and informal groups, individual clients |
| Community Banks | Bank of Ghana | Rural and urban communities; local financial ecosystems |
| Credit Unions | Bank of Ghana (if assets ≥ GH₲60m); otherwise CUA | Member-based savings and credit; cooperative financial services |
| Last-Mile Providers | Delegated to CUA; self-supervision | Micro-credit, susu collection, VSLAs, ROSCAs, FNGOs |
The ARB Apex Bank will provide centralised banking services including liquidity support, cheque clearing, specie management, and shared technology platforms, to all four categories.
What are Microfinance Banks (MFBs) under the new framework?
MFBs are the highest tier under the new framework. They are licensed deposit-taking institutions regulated under the Banks and Specialised Deposit-Taking Institutions Act, 2016 (Act 930), with their primary market being MSMEs, formal and informal groups, and individual clients.
What is the minimum capital requirement for a microfinance bank in Ghana?
An existing institution transitioning into the Microfinance Bank category must meet a minimum capital requirement of GH₲50 million.
A new entrant seeking a microfinance bank licence must meet a higher threshold of GH₲100 million.
These figures represent the currently prescribed thresholds and may be revised by the Bank of Ghana from time to time.
Can a foreigner own a microfinance bank in Ghana?
Yes. The Microfinance Bank category is open to both Ghanaian and foreign ownership, subject to Bank of Ghana approval.
| Shareholder category | Maximum shareholding |
| Individual | 40% |
| Family / related party | 50% |
| Registered group | 70% |
| Corporate body | 100% |
Which existing institutions can transition into an MFB?
Four categories of existing institution are eligible: Savings and Loans Companies, Finance Houses, Deposit-taking Microfinance Companies, and Micro-Credit Companies.
What is the deadline for microfinance compliance in Ghana?
The final compliance deadline for all existing institutions is 31st December 2026. However, there are earlier interim deadlines that are equally binding.
Eligible institutions must notify the Bank of Ghana of their chosen transition pathway by 30th June 2026, and submit a progress update by 30th September 2026. Institutions pursuing mergers, acquisitions, or asset and liability transfers must submit signed agreements to the Bank of Ghana by 30th September 2026.
What happens if a microfinance institution in Ghana does not comply with the new framework?
Failure to meet any of the stipulated deadlines whether for notification, progress reporting, or substantive compliance will trigger sanctions by the Bank of Ghana. Those sanctions may include restrictions on business operations and, ultimately, regulatory action that could affect the institution’s continued existence.
What is a Community Bank under Ghana’s new microfinance framework?
Community Banks are the successor to the existing Rural and Community Bank (RCB) structure. All existing Rural Banks were required to convert into Community Banks by 31st March 2026.
Who can own a Community Bank?
At least 30% of shares in a community bank must be held by identified individuals and groups within the bank’s community of operation who are Ghanaian citizens or residents. The maximum shareholding limits reflect this community-first design:
| Shareholder category | Maximum shareholding |
| Individual | 25% |
| Family / related party | 35% |
| Registered group | 40% |
| Corporate body | 50% |
What is the minimum capital requirement for a Community Bank in Ghana?
| Institution type | Minimum capital (GH₲) |
| Standard Community Bank (rural/peri-urban) | GH₲ 5 million |
| New Urban Community Bank | GH₲ 10 million |
Credit Unions
What are the applicable guidelines for Credit Unions under the new framework
The Bank of Ghana has assumed direct supervisory responsibility over qualifying Credit Unions, bringing larger CUs into the formal prudential supervisory regime that previously applied only to banks and specialised deposit-taking institutions.
The threshold is GH₲60 million in total assets, held consistently for a continuous period of at least one year. A Credit Union that meets this threshold will, upon the recommendation of the Credit Unions Association of Ghana (CUA) and/or the Apex Bank, be licensed and supervised by the Bank of Ghana as a deposit-taking institution under Act 930. Licensing is scheduled to commence from Q2 2026.
Once licensed, a qualifying Credit Union may subject to Bank of Ghana approval undertake deposit-taking business beyond its traditional member-based services. The governance and risk management framework for licensed CUs will be prescribed by the Bank of Ghana.
Credit Unions below the GH₲60 million threshold will be classified as Last-Mile Providers and operate under delegated supervision by the CUA.
What is a Last-Mile Provider under Ghana’s new microfinance framework?
A Last-Mile Provider (LMP) is a formally recognised category of microfinance institution under the new framework, covering FNGOs, susu collectors, micro-credit enterprises, and Credit Unions whose total assets fall below the GH₲60 million Bank of Ghana supervision threshold. LMPs operate under delegated supervision by the Credit Unions Association of Ghana (CUA) or through self-supervision. No minimum capital requirement has been prescribed for LMPs.
What does Ghana’s microfinance reforms mean for investors
Ghana’s 2026 microfinance reforms change the investment landscape in three concrete ways.
First, the MFB category opens the sector to foreign ownership subject to Bank of Ghana approval.
Second, the minimum capital requirements are driving genuine consolidation across the sector. For well-capitalised investors and acquirers, there is a real window of opportunity here particularly among institutions that cannot independently meet the GH₲50 million MFB threshold and need a strategic partner.
Third, and most importantly for due diligence purposes: an institution’s transitional compliance status is now a material risk factor.
The complete compliance timeline
| Deadline | Who it applies to | Required action |
| 31st March 2026 | All existing Rural Banks | Convert into Community Banks |
| Q2 2026 | Qualifying Credit Unions (≥ GH₲60m assets) | Bank of Ghana licensing commences |
| 30th June 2026 | All eligible MFB-transitioning institutions | Formally notify Bank of Ghana of chosen transition option |
| 30th June 2026 | All RCBs with paid-up capital below new CB minimum | Formally notify Bank of Ghana of capitalisation pathway |
| 30th September 2026 | Institutions pursuing mergers, acquisitions, or transfers | Submit signed agreements to Bank of Ghana |
| 30th September 2026 | All eligible MFB and CB institutions | Submit progress update to Bank of Ghana |
| 31st December 2026 | All existing institutions | Full transition and compliance with all applicable minimum capital and regulatory requirements |
Minimum Capital Requirements
| Category | Institution type | Minimum capital (GH₲) |
| Microfinance Bank (MFB) | Existing institution transitioning | GH₲ 50 million |
| Microfinance Bank (MFB) | New entrant | GH₲ 100 million |
| Community Bank (CB) | Standard CB (rural/peri-urban) | GH₲ 5 million |
| Community Bank (CB) | New Urban CB | GH₲ 10 million |
| Credit Union (CU) | BoG-supervised (assets ≥ GH₲60m) | To be prescribed by Bank of Ghana |
| Last-Mile Provider (LMP) | All LMP categories | None prescribed |
The content published on on O-Laryea Law's website and social media channels is intended for general informational purposes only and does not constitute legal advice. No lawyer-client relationship is created by reading or relying on this content. For advice specific to your circumstances, please contact O-Laryea Law directly.
Reach us at contactus@olaryealaw.com or visit www.olaryealaw.com. T: 0302766494
Bank Of Ghana Issues New Corporate Governance Guidelines For Payment Service Providers In Ghana
Ghana’s digital financial ecosystem is experiencing rapid growth, with Dedicated Electronic Money Issuers (DEMIs) managing millions of mobile wallets and Payment Service Providers (PSPs) offering gateways, merchant solutions, and interoperability services. This growth has expanded financial inclusion and enhanced convenience but has also created a pressing need for robust governance frameworks to ensure accountability, resilience, and public trust.
In June 2025, the Bank of Ghana (BoG) issued the Corporate Governance Guidelines for Payment Service Providers, 2025, which take effect on 31st December 2025. These guidelines apply to all institutions licensed under the Payment Systems and Services Act, 2019 (Act 987), including DEMIs, PSPs, Payment Schemes, and Payment and Financial Technology Service Providers (PFTSPs). BoG’s primary objective is to entrench trust, transparency, and accountability in the digital financial sector, safeguard financial stability, and reinforce public confidence.
This article provides a summary of the Guidelines, focusing on the responsibilities of Boards, Key Management Personnel (KMPs), and Shareholders, as well as the disclosure, compliance, and reporting obligations of regulated institutions.
Key Guidelines
Directors and Key Management Personnel
The Guidelines place significant emphasis on the appointment and oversight of directors and KMPs. KMPs include the Chief Executive Officer or Managing Director, Technology and Systems Manager, Compliance and Anti-Money Laundering (AML) Reporting Officer, Finance Manager, Chief Legal Officer, and managers of significant business units.
Qualification
No individual may be appointed, elected, or accept a position as director or KMP without the prior written approval of the Bank of Ghana. This requirement ensures that only fit and proper persons with the requisite integrity, competence, and financial soundness are entrusted with leadership roles in the sector.
Regarding the appointments of KMP, institutions must submit a detailed due diligence report on nominees. Acting KMP appointments are restricted to existing staff and cannot exceed six months.
Disqualification
The Bank of Ghana will reject appointments where a nominee has been adjudged to be of unsound mind, declared insolvent, entered into a debt arrangement and has suspended payment of the debt, convicted of fraud or dishonesty, removed from office by a competent authority, holds a similar role in another licensed institution under Act 987, or is below the age of eighteen.
Resignation
Resignations by directors or KMPs must be formally communicated to the Bank of Ghana within ten (10) days of the effective date.
Sound Corporate Governance Standards
The Board
Every regulated institution must establish a Board with the mandate to provide strategic direction, make key decisions, and exercise effective oversight of operations.
Among its roles, the Board must ensure robust risk management, compliance, and internal controls. It must also approve acquisitions and divestments of 10% or more of the company’s value (5% for DEMIs), as well as major investments.
Charter of the Board
The Board must operate under a Board Charter, which serves as its governing framework. The Charter should set out the Board’s authority, define directors’ responsibilities, directors’ code of ethics, and specify the Board’s composition and structure. It must also outline quorum requirements, the frequency of meetings, and the processes for appointment, tenure, re-election, resignation, or removal and remuneration of directors.
The Charter must be reviewed at least once every three years.
Board Structure and Composition
Each regulated institution must maintain a Board of at least three members, two of whom, including the CEO, must be resident in Ghana. The Bank of Ghana may direct the appointment of additional directors depending on the institution’s risk profile. Members of the Board must be appointed by the shareholders of the institution and approved by the Bank of Ghana.
Boards must have a majority of non-executive directors, with DEMIs and EPSPs required to ensure that at least one-third are independent directors.
To avoid conflicts of interest, no more than one-third of Board members may be related persons, and no two related individuals may serve as Board Chair and CEO simultaneously. The roles of Board Chair and CEO must always be separate, with the Chair being a non-executive director.
Independent Director
An independent director may not hold more than five percent of the institution’s shares, may not have been employed by the institution or related entities within the previous two years, and must have no close relatives employed as KMPs or significant financial dealings with the institution in that period.
Board Meeting
Board meetings must be scheduled annually and held at least quarterly. Directors must attend no fewer than two-thirds of meetings within a financial year. The quorum for the Board meetings is two-thirds (2/3) of members, majority of whom shall be non-executive directors. Minutes must be documented, signed by the Chair and Board Secretary, securely stored, and submitted to the Bank of Ghana within ten days of approval.
The Board must conduct regular performance evaluations of itself, its Chairperson, and individual directors, with an externally facilitated review at least every three years
Roles of Key Management Personnel
The Guidelines underscore the importance of KMPs in ensuring that regulated institutions are managed transparently, efficiently, and in alignment with regulatory expectations.
At the helm is the Managing Director (MD) or Chief Executive Officer (CEO), who is responsible for day-to-day management. The CEO must define and communicate responsibilities across the executive team, implement Board-approved policies, manage income and expenditure within approved budgets, and provide the Board with timely financial updates. The CEO must also develop and execute a talent management and succession plan for critical roles.
The Technology and Systems Manager
Supporting the CEO are other key officers. The Technology and Systems Manager is responsible for the security, reliability, and performance of the institution’s IT infrastructure, ensuring its timely maintenance and upgrades.
The Compliance and Risk Manager
The Compliance and Risk Manager ensures adherence to legal and regulatory requirements, implements risk mitigation strategies, and advises the Board on emerging compliance issues.
The AML Reporting Officer
The AML Reporting Officer focuses specifically on anti-money laundering, counter-terrorism financing, and proliferation (AML/CFT&P) compliance, reporting regularly to the Board and liaising with regulators and authorities.
The Chief Finance Officer
The Chief Finance Officer manages financial planning and reporting, monitors performance against budgets, and ensures timely prudential reporting to the Bank of Ghana.
Together, these roles form a comprehensive governance structure, ensuring operational integrity and the sound management of regulated institutions.
Specialized Board Committees
At minimum, an Audit Committee and a Risk and Compliance Committee must be constituted, each chaired by an independent director. The Audit Committee oversees internal and external audit functions, while the Risk and Compliance Committee advises on the institution’s risk appetite and monitors management’s implementation of risk strategies.
Tenure is limited; non-executive directors may serve a maximum of four years per term, renewable for not more than two additional terms, while the Board Chair may be renewed only once.
Alternate Director
Where a director is absent from Ghana or unable to act for a period not exceeding six months, they may appoint another director or another person approved by Board resolution to serve as an alternate director, in accordance with section 181 of the Companies Act, 2019 (Act 992).
Disclosure and Transparency
Regulated institutions must, by 31st March each year, submit to the Bank of Ghana a list of significant shareholders, directors, and KMPs as of 31st December of the preceding year, including details of major shareholdings, voting rights, and any related party transactions.
Corporate Governance Certification
Directors are required to undertake corporate governance certification every four years from the National Banking College or another institution recognized by the Bank of Ghana.
Cooling-Off Period
To prevent conflicts of interest, former Bank of Ghana officers, directors, or senior executives may not be appointed as directors or consultants of a regulated institution until at least two years have elapsed since the end of their service. Similarly, audit professionals who have provided services to institutions within the ecosystem may not be appointed as directors or CEOs until two years have passed since their last engagement.
Conclusion
The Corporate Governance Guidelines for Payment Service Providers, 2025, represent a significant step toward building a resilient and transparent digital financial services sector in Ghana. By setting clear expectations for board composition, management accountability, risk oversight, and disclosure, the Bank of Ghana is signalling its commitment to safeguarding financial stability and protecting consumers.
For DEMIs, PSPs, and other regulated entities, these Guidelines are more than a compliance requirement, they are a framework for embedding sound governance practices that can enhance institutional credibility, attract investment, and support long-term growth. Institutions that proactively align their policies, board structures, and internal controls with the Guidelines will be better positioned to manage risk, foster public trust, and thrive in an increasingly competitive and regulated market.
An Overview Of Data Protection Law In Ghana
As digital technology becomes increasingly central to business, governance, and everyday life, the need to safeguard personal data has gained global significance. Recognizing the risks associated with the misuse of personal information, Ghana has taken proactive steps to establish a legal framework that ensures data protection and privacy rights for its citizens and residents. The cornerstone of this framework is the Data Protection Act, 2012 (Act 843).
This article explores the key provisions, principles, and implications of Ghana’s data protection laws, offering insight into how the country is addressing privacy in the digital age.
The Legal Framework: Data Protection Act, 2012 (Act 843)
Data protection is the process of safeguarding important information from corruption, compromise, or loss. Ghana’s Data Protection Act, 2012 (Act 843) was enacted to regulate the processing of personal information, particularly in the context of digital communication and record-keeping. The Act establishes the rights of individuals regarding their personal data and imposes obligations on organizations that collect, store, or process such data.
The main objectives of the Act include safeguarding the privacy of individuals, regulating the collection, use, and disclosure of personal data, and ensuring transparency and accountability in data handling practices.
Core Principles of Data Protection
The concept of data protection is underpinned by certain key principles organizations are required to follow to ensure personal data is collected, used, managed, and stored in a responsible manner. While these principles may vary slightly according to various legislations, they are generally influenced by the globally accepted General Data Protection Regulation (GDPR).
In Ghana, Act 843 sets out eight key principles that govern the processing of personal data as provided under Sections 17 to 33. These are accountability, lawfulness of processing, specification of purpose, compatibility of further processing, quality of information, openness, data security safeguards and data subject participation.
The above principles represent the core obligations of data controllers under Act 843 and are designed to promote accountability and protect individuals' privacy. They require organizations to handle personal data responsibly, lawfully, and in a transparent manner, collecting it only for specific purposes, keeping it accurate and secure, and ensuring individuals are informed and can exercise their rights over their own data.
The Role of the Data Protection Commission
Section 1 of Act 843 establishes the Data Protection Commission (DPC) as the regulatory authority responsible for implementing, monitoring and enforcing data protection laws in Ghana.
Its responsibilities include:
- Registering data controllers and data processors;
- Promoting awareness of data protection rights and responsibilities;
- Investigating complaints and enforcing compliance;
- Issuing guidelines, codes of conduct, and sanctions where necessary.
Rights of Data Subjects
Under Section 39 of Act 843, individuals whose personal data is collected or processed—referred to as data subjects—are granted several rights to protect their privacy and ensure transparency. These include the right to be informed when their data is being collected, the right to access and correct their personal data, the right to object to certain forms of processing, the right to withdraw consent at any time, and the right to lodge a complaint with the Data Protection Commission if they believe their rights have been violated.
Who Must Comply
The Data Protection Act, 2012 (Act 843) applies to all data processors and controllers operating in Ghana, including but not limited to financial institutions, healthcare providers, telecommunications companies, and educational institutions. It also extends to entities based outside Ghana that process personal data relating to individuals within the country.
Registration with the Data Protection Commission
Every organization that handles personal data, i.e., data processors and controllers, is required to register with the Data Protection Commission (DPC).
To begin the registration process, the data controller or processor must complete a registration form provided by the DPC. This form requires key information about the organization, including its legal status, nature of operations, categories of personal data collected, the purpose for processing, and security measures in place to protect the data. Applicants must also submit supporting documents such as a certificate of incorporation, business license, TIN, and proof of payment of the applicable registration fee.
Upon approval, the Commission issues a Certificate of Registration, authorizing the organization to lawfully process personal data. This registration is valid for one year and must be renewed annually.
Offences and Penalties
The Data Protection Act, 2012 (Act 843) imposes both civil and criminal liabilities for non-compliance with its provisions. Offences under the Act include failure to register with the Data Protection Commission (DPC), the unlawful disclosure of personal data, failure to implement appropriate data security measures, and obstruction of investigations conducted by the Commission. Depending on the nature and severity of the offence, penalties may be in the form of fines, imprisonment or both.
Additionally, the Commission is empowered to impose administrative sanctions such as the suspension or cancellation of an organization’s registration.
Conclusion
Ghana’s Data Protection Act, 2012 (Act 843) plays a crucial role in promoting data privacy and security in an increasingly digital environment. As organizations and public institutions increasingly rely on personal data, complying with the law is not only mandatory but also vital for establishing trust with clients and the public.
Whether you are a business operator, employee, or individual, it is important to be aware of your rights and responsibilities under the Act to ensure responsible handling and use of personal data.