CBN issues cybersecurity guidelines for financial Institutions

Spread the love



The Central Bank of Nigeria (CBN) has issued guidelines for improved cyber security in the Nigerian financial sector, especially among the Other Financial Institutions (OFIs).

The circular to that effect which was issued by the Director of OFIs Supervision Department, Mrs. Nkiru Asiegbu, on Wednesday, set January 1, 2023, for compliance by all affected institutions.

The circular is coming days after MTN Nigeria’s Payment Service Bank (PSB) MoMos claimed it had been defrauded over N22 billion ($53 million) in a filing against 18 commercial banks after just one month in operation.

The MoMo PSB claims the funds were transferred in error to 8,000 accounts maintained by the 18 banks’ customers.

READ ALSOCBN policies damaging Nigeria’s business environment, World Bank warns

To address issues such as MTN, CBN said, “As a result of recent increase in the number and sophistication of cybersecurity threats against financial institutions, especially Other Financial Institutions (OFIs), it has become mandatory for institutions to strengthen their cyber defences if they are to remain safe and sound.

“Consequently, the CBN hereby issues the attached Risk-Based cybersecurity Framework and Guidelines for OFIs, which represent the minimum requirements to be put in place by all OFIs.

“The effective date for full compliance with the provisions of the guidelines is January 1, 2023.”

It added, ‘In recent times, threats such as ransomware, targeted phishing attacks and Advanced Persistent Threats (APT) have become prevalent, demanding that financial institutions, including OFIs strengthen their cyber resilience and take proactive steps to secure their critical information assets to ensure their safety and soundness.”

The guidelines outline the requirements the OFIs were requested to observe in the development and implementation of strategies, policies, procedures and related activities aimed at mitigating cyber risks.

The OFIs were directed to ensure a sounder cyber environment that “supports information system security and promotes stability of the OFIs sub-sector.”