Reported by: Oahimire Omone Precious | Edited by: Oravbiere Osayomore Promise.
Abuja, Nigeria — The Central Bank of Nigeria (CBN) has directed all banks and regulated financial institutions to complete a newly introduced Cybersecurity Self-Assessment Tool (CSAT) as part of a strategic effort to strengthen cyber resilience across the country’s financial sector. The directive, issued in a circular dated March 30, 2026, comes amid rising concerns about increasing cyber threats in an increasingly digital financial environment.
The circular, signed by a senior compliance official on behalf of the CBN’s Director of Compliance, mandates that deposit money banks, payment service banks, microfinance banks, payment service providers, finance companies, and development finance institutions complete and submit the CSAT within specified timelines. Deposit money banks have been given a three-week deadline from the issuance date, while other regulated institutions have five weeks to comply.
The introduction of the CSAT aligns with the Central Bank’s authority under the Banks and Other Financial Institutions Act 2020, which empowers the regulator to ensure the safety and soundness of the financial system. The tool is designed to provide a structured framework that assesses the cybersecurity posture of institutions, capturing detailed information about governance arrangements, risk management practices, technology and third-party risk controls, and incident response mechanisms.
Under the directive, all submissions must reflect data as of December 31, 2025, and be accompanied by relevant documentation. The CBN warned that providing false, misleading, or inaccurate information would be treated as a regulatory breach under the Banks and Other Financial Institutions Act and could attract sanctions, including operational restrictions or penalties. The regulator also plans to conduct validation exercises, including off-site reviews and supervisory engagements, to verify the completeness and accuracy of submissions.
To facilitate compliance, the CBN has established a dedicated portal where institutions will upload their completed CSAT reports. Guidance on portal access and submission procedures has been provided to chief information security officers and other responsible officials of affected institutions. This process underscores the CBN’s expectation that financial institutions proactively manage cyber risks as part of their corporate governance responsibilities.
Industry stakeholders have welcomed the initiative, viewing it as a timely measure to strengthen Nigeria’s digital financial infrastructure. Experts note that with the rapid growth of mobile banking, electronic payments, and other digital banking platforms, financial institutions face increasing cyber risks, including phishing, malware, and ransomware attacks. The CSAT is seen as a proactive regulatory measure to ensure institutions are adequately prepared to mitigate these threats.
The CSAT also complements existing regulatory instruments developed by the CBN to enhance cybersecurity governance in the financial sector. These include risk-based cybersecurity frameworks and guidelines issued in recent years, which establish minimum standards for risk management, monitoring, and third-party oversight. By integrating the CSAT into its supervisory framework, the CBN aims to monitor institutional cyber readiness and improve resilience across the sector.
Regulators emphasize that the CSAT is not only a compliance exercise but also a strategic tool for institutions to strengthen internal cyber risk frameworks. Institutions are expected to use insights from the assessment to enhance governance structures, risk management processes, and operational continuity, ensuring better protection for customer data and financial assets.
The directive also reflects broader reforms and regulatory focus within the financial sector, including efforts to enhance digital finance inclusion, consumer protection, and systemic resilience. The CBN aims to ensure that as the financial sector evolves digitally, institutions remain prepared to address risks that could threaten operational stability and customer confidence.
As the compliance period progresses, financial institutions are expected to prioritize the CSAT process and align internal governance and technical capabilities with regulatory expectations. The outcomes of this first round of assessments will likely inform the CBN’s supervisory strategies and set standards for ongoing cybersecurity oversight across Nigeria’s financial sector.
📩 Stone Reporters News | 🌍 stonereportersnews.com
✉️ info@stonereportersnews.com | 📘 Facebook: Stone Reporters | 🐦 X (Twitter): @StoneReportNew | 📸 Instagram: stonereportersnews
Add comment
Comments