Nigeria’s Central Bank Mandates Other Financial Institutions To Fully Comply With Cybersecurity Guidelines


The Central Bank of Nigeria (CBN) has issued guidelines for improved cyber security in the Nigerian financial sector, especially among the Other Financial Institutions (OFIs), setting January 1, 2023, as the deadline for compliance by all impacted institutions.

This was disclosed by Mrs. Nkiru Asiegbu, Director of OFI’s Supervision Department in a recently released circular.

The regulator stressed that the safety and soundness of OFIs required that they operate in a safe and secure environment as the avoidance of financial loss and reputation risks among others.

According to the circular, “As a result of recent increase in the number and sophistication of cybersecurity threats against financial institutions, especially Other Financial Institutions (OFIs), it has become mandatory for institutions to strengthen their cyber defences if they are to remain safe and sound.

Nigeria’s Central Bank Mandates Other Financial Institutions To Fully Comply With Cybersecurity Guidelines

“Consequently, the CBN hereby issues the attached Risk-Based Cybersecurity Framework and Guidelines for OFIs, which represent the minimum requirements to be put in place by all OFIs.” The Bank said. “The effective date for full compliance with the provisions of the guidelines is January 1, 2023.”

It added, “In recent times, threats such as ransomware, targeted phishing attacks and Advanced Persistent Threats (APT) have become prevalent, demanding that financial institutions, including OFIs strengthen their cyber resilience and take proactive steps to secure their critical information assets to ensure their safety and soundness.”

The Bank defined Cybersecurity resiliencies considered as an organization’s ability to maintain normal operations despite all cyber threats and potential risks in its environment.

The guidelines outline the requirements the OFIs were requested to observe in the development and implementation of strategies, policies, procedures and related activities aimed at mitigating cyber risks.

The OFIs were directed to ensure a more sound cyber environment that “supports information system security and promote stability of the OFIs sub-sector.”

Given financial institutions’ reliance on Information and communication technology (ICT) in their everyday operations and the growth in cybersecurity threats and assaults against financial institutions, it was necessary to establish a cybersecurity strategy to reduce the risks.