CBN Releases Cyber Security Guidelines to Manage Tech Services in Banks

The Central Bank of Nigeria (CBN) has recently released a Cyber Cyber-security Framework and Guideline aimed at managing the technology platforms and infrastructure used in managing Deposit Money Banks, DMBs and Payment Service Banks, PSBs.

According to the communique sent out to all DMBs and PSBs and signed by the Acting Director of Banking Supervision, CBN, Dr. Adetona Adedeji, the apex bank noted that financial Institutions leverage information technology to expedite the flow of funds among entities and for the provision of services to their customers.

It was therefore important to properly manage the technology infrastructure and platforms that support the operations of the financial institutions to safeguard the confidentiality, integrity and availability of information assets, as well as prevent financial loss and mitigate reputational risk.

The CBN further noted, “Cybersecurity threats have continued to evolve and become more complex, with increased frequency of threats such as phishing, ransomware, Distributed Denial-of-Service (DDoS) attacks, amongst others.”

“Consequently, financial institutions are required to proactively secure their critical information assets to ensure that they remain resilient in the face of these persistent threats. The prevalence of the use of emerging technology by financial institutions to deliver services to customers has also increased their attack surface”

The apex bank also stated that the current revised framework will now replace the initial Risk-based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Providers which was issued in October 2018.

According to the statement, the new guideline will take into consideration requirements of recent laws and regulations such as the Banks and Other Financial Institutions Act (BOFIA 2020), Nigerian Data Protection Act (NDPA) 2023.

It added that the new framework should be read in conjunction with all the provisions of all directives, notices, circulars and guidelines that the CBN may issue.

The CBN Risk-based Cybersecurity Framework and Guidelines for DMBs and PSBs, 2023, will apply to the following financial institutions jointly referred to as Supervised Financial Institutions (SFIs) – Commercial banks, Merchant banks, Non-Interest banks and Payment Service banks which are all under the purview of the Banking Supervision Department.