New self-assessment tool targets risk gaps across banks, fintechs, and microfinance institutions as regulator tightens oversight…..
Nigeria’s financial sector is facing heightened regulatory scrutiny after the Central Bank of Nigeria directed banks and other financial institutions to submit detailed reports on their cybersecurity frameworks within strict deadlines.
In a circular issued to Deposit Money Banks, Payment Service Banks, microfinance institutions, fintechs, and other regulated entities, the apex bank announced the rollout of a Cybersecurity Self-Assessment Tool (CSAT) aimed at evaluating the industry’s resilience to growing digital risks.
Under the new directive, Deposit Money Banks are required to complete and submit the assessment within three weeks, while other financial institutions have up to five weeks to comply.
The CBN said the tool is designed to provide a comprehensive view of each institution’s cybersecurity posture, covering key areas such as governance structures, risk management systems, technology controls, third-party risk exposure, incident response mechanisms, and overall operational resilience.
According to the regulator, insights gathered from the CSAT will strengthen risk-based supervision and enhance its ability to monitor and manage cybersecurity threats across the financial system.
To facilitate compliance, access to the submission portal and detailed guidelines will be provided to Chief Information Security Officers and other designated officials within affected institutions.
The bank also specified that all submissions must reflect data as of December 31, 2025, and be supported by relevant documentation where necessary.
In a clear warning, the CBN stressed that all information provided must be accurate, complete, and verifiable. It cautioned that any false or misleading disclosures would constitute a violation under the Banks and Other Financial Institutions Act and could attract regulatory sanctions.
Beyond submissions, the apex bank disclosed plans to carry out validation exercises, including off-site reviews and supervisory engagements, to confirm the integrity of the data provided.
The directive takes immediate effect, signalling the urgency of the CBN’s push to reinforce cybersecurity defenses and safeguard Nigeria’s financial ecosystem against increasingly sophisticated cyber threats.
