Nigeria Central Bank don set tough cybersecurity timeline for banks
Di CBN talk say dis move dey in line with dia statutory mandate under di Banks and Oda Financial Institutions Act 2020.
Di Central Bank of Nigeria don order banks to complete one compulsory cybersecurity self-assessment within three weeks as part of efforts to strengthen resilience across di financial system.
For one letter wey dem date March 30, 2026, and wey dem publish for dia website on Tuesday, di apex bank talk say, “Institutions must submit dia completed CSAT within dis timelines: i. Three (3) weeks – Deposit Money Banks (DMBs); ii. Five (5) weeks – All oda regulated institutions.”
Di directive, wey dem address to banks, selected oda financial institutions, and payment service providers, introduce one Cybersecurity Self-Assessment Tool wey go evaluate di cyber risk exposure of regulated entities.
Di CBN talk say dis move dey in line with dia statutory mandate under di Banks and Oda Financial Institutions Act 2020 and dia broader commitment to improve cybersecurity standards for di sector.
“Di Central Bank of Nigeria, as e dey follow dia statutory mandate under di Banks and Oda Financial Institutions Act (BOFIA) 2020 and as e don commit to strengthen cybersecurity resilience across di financial sector, dey hereby notify all Deposit Money Banks, Payment Service Banks, Microfinance Banks, Payment Service Providers, Finance Companies, and Development Finance Institutions about di deployment of dia Cybersecurity Self-Assessment Tool,” di letter read.
According to di regulator, di CSAT na supervisory instrument wey dem design to give comprehensive view of financial institutions’ cybersecurity posture. E explain say di tool go assess critical areas, including governance structures, risk management frameworks, technology systems, third-party risk exposure, incident response capacity, and overall operational resilience.
“Di CSAT na structured supervisory instrument wey dem design to get comprehensive information on di cybersecurity posture of regulated institutions,” di CBN talk.
Di bank add say di insights wey dem go generate from dis exercise go support risk-based supervision and enhance regulatory oversight of cybersecurity threats inside Nigeria financial ecosystem.
To make sure say compliance dey, di apex bank talk say all affected institutions must complete and submit di assessment through one dedicated portal, and dem go send access credentials to dia Chief Information Security Officers and oda relevant officials.