CBN Mandates Banks to Complete Cybersecurity Self-Assessment, Gives Deadline

• The CBN has mandated banks to complete a cybersecurity self-assessment within three weeks
• The assessment tool will evaluate governance, risk management, and cyber resilience
• The apex bank said institutions must submit accurate and verifiable data or face regulatory sanctions

Oluwatobi Odeyinka is a business editor at Legit.ng, covering energy, the money market, technology, and macroeconomic trends in Nigeria.

The Central Bank of Nigeria (CBN) has directed deposit money banks to complete a mandatory cybersecurity self-assessment within three weeks, as part of efforts to strengthen resilience across Nigeria’s financial system.

According to a letter dated March 30, 2026, and published on the apex bank’s website on Tuesday, other regulated institutions were given up to five weeks to comply with the directive.

CBN introduces cybersecurity assessment tool

In the notice addressed to banks, financial institutions, and payment service providers, the CBN introduced a Cybersecurity Self-Assessment Tool (CSAT) to evaluate the cyber risk exposure of regulated entities.

Read also

DataPro advises banks on compliance with CBN stress test directive

The regulator said the initiative aligns with its statutory mandate under the Banks and Other Financial Institutions Act 2020 and reflects its commitment to strengthening cybersecurity standards across the sector.

According to the apex bank, the tool is designed to provide a comprehensive view of institutions’ cybersecurity posture, covering key areas such as governance structures, risk management frameworks, technology systems, third-party risks, incident response capacity, and overall operational resilience.

Submission process, compliance requirements

The CBN said all affected institutions must complete and submit the assessment through a dedicated portal, with login details to be shared with Chief Information Security Officers and relevant officials.

It added that submissions must include all required documentation and reflect each institution’s position as of December 31, 2025.

The regulator warned that all information provided must be accurate, complete, and verifiable, stressing that false or misleading disclosures would be treated as regulatory breaches and could attract sanctions.

Read also

Poor network: NCC orders MTN, Airtel, others to pay airtime compensation to subscribers

CBN to validate submissions

The apex bank also disclosed that it would carry out off-site reviews and supervisory engagements to verify the accuracy of submissions.

It noted that insights generated from the exercise would support risk-based supervision and strengthen regulatory oversight of cybersecurity threats within Nigeria’s financial ecosystem.

Rising cyber risks in banking sector

The directive takes immediate effect and signals tighter regulatory scrutiny of cyber risks in the banking sector, especially amid growing digital transactions and increased exposure to cyber threats.

Earlier reports highlighted concerns about rising digital fraud in Nigeria’s financial system, with stakeholders warning that weak cybersecurity frameworks could undermine customer trust and slow the growth of digital banking.

A marketing professional in the financial services sector, Victor Ologun, told PUNCH that inadequate cyber defences continue to expose customers to increasing risks.

CBN directs IMPOs to open naira settlement accounts

The CBN has directed International Money Transfer Operators (IMTOs) to open Naira settlement accounts with authorised dealer banks.

Read also

NCC moves to curb Fraud: MTN, Airtel, others to flag suspicious phone numbers in real time

All remittance-related transactions must now be processed through these designated accounts.

The policy aims to improve transparency, monitoring, and efficiency in the foreign exchange market

Source: Legit.ng