The Central Bank of Nigeria (CBN) has unveiled a comprehensive Cybersecurity Framework and Guideline designed to enhance the management of technology platforms and infrastructure utilized by Deposit Money Banks (DMBs) and Payment Service Banks (PSBs).
In a communique addressed to all DMBs and PSBs and signed by the Acting Director of Banking Supervision, Dr. Adetona Adedeji, the CBN emphasized the critical role of information technology in facilitating financial transactions and customer services within the banking sector.
The apex bank highlighted the necessity of effectively managing technology infrastructure to safeguard information assets, ensure confidentiality, integrity, and availability, and mitigate financial loss and reputational risk.
Addressing the evolving and complex nature of cybersecurity threats, including phishing, ransomware, and Distributed Denial-of-Service (DDoS) attacks, the CBN underscored the proactive measures required by financial institutions to fortify their defenses and maintain resilience.
The revised framework replaces the earlier Risk-based Cybersecurity Framework and Guidelines for DMBs and Payment Service Providers issued in October 2018.
It incorporates provisions aligned with recent laws and regulations such as the Banks and Other Financial Institutions Act (BOFIA 2020) and the Nigerian Data Protection Act (NDPA) 2023.
The CBN emphasized the importance of integrating the new framework with existing directives, notices, circulars, and guidelines issued by the regulator.
The guidelines apply to various financial institutions, collectively referred to as Supervised Financial Institutions (SFIs), including commercial banks, merchant banks, non-interest banks, and payment service banks, all falling under the purview of the Banking Supervision Department.
