A new report by the Central Bank of Nigeria (CBN): Risk-Based Cybersecurity Framework and Guidelines for Other Financial Institutions (OFIs), is demanding financial operators including banks to up their preventive measures against cybercrimes targeting financial houses.
The framework provides a risk-based approach to managing cybersecurity risk. The document comprises six parts: Cybersecurity Governance and Oversight, Cybersecurity Risk Management System, Cyber Resilience Assessment, Cybersecurity Operational Resilience, Cyber-Threat Intelligence and Metrics, Monitoring & Reporting.
The new guidelines mandate banks to apply stronger cybersecurity measures in the face of spike in online crimes and increasing sophistication of cybersecurity threats against financial institutions. They have January 1, 2023 as the effective date for full compliance with the provisions of the guidelines.
“As a result of recent increase in the number and sophistication of cybersecurity threats against financial institutions, especially the Other Financial Institutions (OFIs), it has become mandatory for financial institutions to strengthen their cyber defenses if they are to remain safe and sound.
“Consequently, the Central Bank of Nigeria (CBN) hereby issues the attached Risk-Based Cybersecurity Framework and Guidelines for OFIs, which represents the minimum requirements to be put in place for all OFIs.
“The effective date for full compliance with the provisions of the guidelines is January 1, 2023 and all OFIs are expected to comply on or before that date,” the CBN’s Director, Other Financial Institutions Supervision Department, Nkiru Asiegbu stated in an official communication.
The CBN framework would appear to be a follow up to the one it issued in 2018: Risk-Based Cybersecurity Framework and Guidelines for Deposit Money Banks (DMBs) and Payment Service Providers (PSPs) as the minimum requirements to be put in place by all DMBs in their respective cybersecurity programmes with an effective compliance date of January 1, 2019 for all DMBs and PSPs.
According to the CBN, threats including ransomware, targeted phishing attacks and Advanced Persistent Threats (APT) have become prevalent, requiring greater cybersecurity measures by financial institutions.