CBN issues new guidelines for financial institutions from January 2023
The Central Bank of Nigeria (CBN) has issued Cyber Security Guidelines for Other Financial Institutions (OFIs).
The apex bank made this known in a circular dated June 29, 2022 and signed by Nkiru Asiegbu, Director, Other Financial Institutions Supervision Department.
According to the CBN, all AIFs should fully comply with the provisions of the guidelines by January 1, 2023.
He explained that threats such as ransomware, targeted phishing attacks and advanced persistent threats (APTs) have become commonplace, requiring financial institutions, including OFIs, to build their cyber resilience and take proactive steps to secure their critical information.
“Due to the recent increase in the number and sophistication of cybersecurity threats against financial institutions, especially other financial institutions (OFIs), it has become mandatory for institutions to strengthen their cyber defenses if they are to remain healthy and healthy. save,” the circular reads.
“Therefore, CBN is hereby issuing the attached Risk-Based Cybersecurity Framework and Guidelines for OFIs, which represent the minimum requirements to be put in place by all OFIs.
“The effective date for full compliance with the provisions of the guidelines is January 1, 2023, and all AIFs must comply on or before that date.”
CBN instructs banks to cut fees to attract millennials, Gen-Z
The CBN said the guidelines specify the minimum requirements that OFIs must adhere to in developing and implementing strategies, policies, procedures and related activities aimed at mitigating cyber risks.
“OFIs should note that for a cybersecurity program to be successful, it must be fully integrated with their business goals and objectives and must be an integral part of overall risk management processes,” he added.
“The framework provides a risk-based approach to cybersecurity.
“The document consists of six parts: Cybersecurity Governance and Oversight, Cybersecurity Risk Management System, Cybersecurity Resilience Assessment, Cybersecurity Operational Resilience, Cyber Threat Intelligence and Metrics, Monitoring and Reporting.
The CBN circular comes days after reports surfaced that Momo Payment Service Bank Limited (Momo PSB), the fintech subsidiary of MTN Nigeria, suffered a “security breach” resulting in a loss of N22 billion.
The incident occurred barely a week after the PSB began operations.