JamzNG Latest News, Gist, Entertainment in Nigeria
The Central Bank of Nigeria (CBN) has issued a deadline for Deposit Money Banks, and other financial institutions under its regulations to complete mandatory cyber security self-assessments as part of efforts to strengthen the country’s financial system.
In a letter dated March 30, 2026, and published on its website on Tuesday, the apex bank said, “Institutions are required to submit their complete CSAT within the following timeframes: i. Three (3) weeks – Deposit Money Banks (DMBs); ii. Five (5) weeks – All other regulated institutions.”
The directive, which will take effect immediately, introduces a Cybersecurity Self-Assessment Tool to evaluate the cyber risk exposure of regulated entities.
It read in part: “The Central Bank of Nigeria, in furtherance of its statutory mandate under the Banks and Other Financial Institutions Act (BOFIA) 2020 and consistent with its commitment to strengthening cyber security resilience in the financial sector, hereby notifies all Deposit Money Banks, Payment Services Banks, Microfinance Banks, Payment Service Providers, Finance Companies and Development Finance Institutions on the implementation of the Cybersecurity Self-Assessment Tool.”
According to the regulator, CSAT is designed as a supervisory instrument to provide a comprehensive view of financial institutions’ cyber security posture. It explains that the tool will assess key areas, including governance structures, risk management frameworks, technology systems, third party risk exposure, incident response capacity and overall operational resilience.
“CSAT is a structured monitoring instrument designed to obtain comprehensive information on the cyber security posture of regulated institutions,” the CBN said.
READ ALSO: CBN completes recapitalization exercise, raises N4.65tr to strengthen financial system resilience
The bank added that the insights generated from this exercise will support risk-based supervision and enhance regulatory oversight of cybersecurity threats in the Nigerian financial ecosystem.
To ensure compliance, the apex bank said all affected institutions must complete and submit assessments through a dedicated portal, with access credentials to be communicated to the Chief Information Security Officer and other relevant officials.
“All applications must be fully completed and accompanied by relevant supporting documentation, if applicable,” he said, noting that the data to be provided must reflect the institution’s position as of December 31, 2025.
The CBN also issued a warning against false or incomplete disclosures, and emphasized that accuracy and transparency will be strictly enforced.
“Supervised agencies are reminded that all information submitted to the CBN must be accurate, complete, and verifiable. Submission of false, misleading, or inaccurate information is a violation of regulations and will be subject to appropriate sanctions,” the letter added.
They also revealed plans to validate input through off-site reviews and supervisory engagement to ensure data reliability.
