Do you know CBN guidelines on cybersecurity in Nigeria? What’s the role of CBN in cybersecurity? We’ll explore these in this article. Let’s begin.
• CBN is the lead regulator for all financial institutions in Nigeria. The issue of cybersecurity has been brought to the fore in modern-day digital operations.
• It’s crucial for key stakeholders and financial regulators to come up with concerted approaches to combating cybersecurity challenges.
• Importantly, in a circular dated July 2022, the CBN released Guidelines For Improved Cybersecurity In The Financial Sector. The Guidelines essentially apply to ‘OFI’s, i.e. other financial institutions.
• Additionally, the Banks And Other Financial Institutions Act has defined OFIs to include Fintech services.
• The focus of this post is to explore these guidelines as they relate to tackling cybersecurity issues in Nigeria.
• The Guidelines largely cover six areas ranging from, cybersecurity governance and oversight, cybersecurity risk management system, resilience assessment, operational resilience, cyber threat intelligence and metrics as well as monitoring and reporting.
What Are The CBN Guidelines?
• OFIs need an effective corporate governance structure detailing security responsibilities for different departments. Here, a Chief Security Information Officer is appointed. Therefore, as a CISO takes the duty of ensuring daily cyber security protection. The CSIO is responsible for making quarterly reports on the company’s cybersecurity status to the MD Chief Executive Officer.
• OFIs routinely conduct risk assessment, mitigation, monitoring, and reporting checks to effectively ascertain the readiness of a potential cybersecurity attack.
• It is mandatory for OFIs to submit a self-assessment cyber security report signed by the Senior Management to the CBN Director, OFI Department not later than the 31st of March of every year.
• The OFIs are also required to develop monitoring and intelligence measures as well as reporting strategies to ensure compliance with CBN Guidelines as well as other key regulations on cybersecurity in Nigeria.
• It’s important to note however that the due date for compliance with these guidelines as stipulated by CBN was January 2023, and Fintechs who have not complied with these guidelines are exposed to possible sanctions from the CBN.
References
1 Wasilat Azeez, “CBN issues guidelines, asks financial institutions to comply by January” available at https://www.thecable.ng/cybersecurity-cbn-issues-guidelines-asks-financial-institutions-to-comply-by-january-2023/ampaccessed on Feb 21 2023
2 https://www.thisdaylive.com/index.php/2022/06/30/cbn-sets-january-2023-deadline-for-financial-institutions-to-tighten-noose-on-cybercrimes/amp/ Accessed on Feb 21 2023
Other Informative Articles On Our Website You Might Like
Do you seek redress or consultation on legal matters?
At Scotts Legal, our desire is to help startups scale, make money while building sustainable businesses
Follow us on our social media handles:
Constantly get our news updates and informative articles.