Central Bank of Nigeria (CBN) has rolled out a cybersecurity self-assessment tool (CSAT) that all banks and regulated fintech firms must complete as part of efforts to strengthen cyber resilience across the financial sector.
Gatekeepers News reports that in a circular dated March 30, the apex bank said the CSAT is designed to help assess the cybersecurity readiness of institutions it supervises under the Banks and Other Financial Institutions Act (BOFIA) 2020.
According to the directive, deposit money banks are required to submit their completed assessments within three weeks, while other financial institutions, including payment service banks, microfinance banks, payment service providers, finance companies and development finance institutions, have five weeks to comply.
The tool evaluates areas such as cybersecurity governance, risk management practices, incident response capabilities, third-party technology risk controls, and overall operational resilience. Insights from the submissions will support risk-based supervision and enhanced oversight of cybersecurity risks in Nigeria’s financial system.
CBN also warned that submitting false or misleading information will be treated as a regulatory breach and may attract sanctions in line with existing law.
This move aligns with broader efforts by the CBN to tighten oversight of digital financial services and improve compliance frameworks for banks and fintechs as the financial ecosystem continues to evolve.
