The Central Bank of Nigeria (CBN) has recently released a Cyber Cyber-security Framework and Guidelines aimed at managing the technology platforms and infrastructure used in managing Deposit Money Banks, DMBs and Payment Service Banks, PSBs.
According to the circular on the monetary policy guidelines to all Deposit Money Banks (DMBs) and Payment Services Banks (PSBs) and signed by the apex bank’s Acting Director of Banking Supervision, CBN, Dr. Adetona Adedeji, requires the financial institutions to leverage information technology (IT) to facilitate the flow of funds and provision of services to their customers.
This, therefore, makes it obligatory for the financial institutions should properly manage the technology infrastructure and platforms that support the operations of the financial institutions to safeguard the confidentiality, integrity and availability of information assets, as well as prevent financial loss and mitigate reputation risk.
The circular stated: “Cybersecurity threats have continued to evolve and become more complex, with increased frequency of threats such as Phishing, Ransomware, Distributed Denial-of-Service (DDoS) attacks, amongst others.
“Consequently, financial institutions are required to proactively secure their critical information assets to ensure that they remain resilient in the face of these persistent threats. The prevalence of the use of emerging technology by financial institutions to deliver services to customers has also increased their attack surface”, it added.
The apex bank also clarified that the current revised framework would replace the initial Risk-based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Providers which was issued in October 2018.
In addition, the circular stated that the new guidelines took into consideration requirements of recent laws and regulations such as the Banks and Other Financial Institutions Act (BOFIA 2020), Nigerian Data Protection Act (NDPA) 2023 and that it should be read in conjunction with all the provisions of all directives, notices, circulars and guidelines that the CBN may issue.
The CBN Risk-based Cybersecurity Framework and Guidelines for DMBs and PSBs, 2023, will apply to Supervised Financial Institutions (SFIs) – Commercial banks, Merchant banks, Non-Interest Banks and Payment Service Banks, which are all under the purview of the Banking Supervision Department of the apex bank.
