{"id":7954,"date":"2026-04-01T12:56:59","date_gmt":"2026-04-01T12:56:59","guid":{"rendered":"https:\/\/ograsset.com\/?p=7954"},"modified":"2026-04-01T12:57:02","modified_gmt":"2026-04-01T12:57:02","slug":"cbn-sets-tough-cybersecurity-timeline-for-banks","status":"publish","type":"post","link":"https:\/\/ograsset.com\/index.php\/2026\/04\/01\/cbn-sets-tough-cybersecurity-timeline-for-banks\/","title":{"rendered":"CBN sets tough cybersecurity timeline for banks"},"content":{"rendered":"\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"780\" height=\"436\" src=\"https:\/\/ograsset.com\/wp-content\/uploads\/2026\/04\/image-6.jpeg\" alt=\"\" class=\"wp-image-7955\" srcset=\"https:\/\/ograsset.com\/wp-content\/uploads\/2026\/04\/image-6.jpeg 780w, https:\/\/ograsset.com\/wp-content\/uploads\/2026\/04\/image-6-300x168.jpeg 300w, https:\/\/ograsset.com\/wp-content\/uploads\/2026\/04\/image-6-768x429.jpeg 768w\" sizes=\"auto, (max-width: 780px) 100vw, 780px\" \/><\/figure>\n\n\n\n<h1 class=\"wp-block-heading\"><strong>CBN sets tough cybersecurity timeline for banks<\/strong><\/h1>\n\n\n\n<p>The Central Bank of Nigeria has directed banks to complete a mandatory cybersecurity self-assessment within three weeks as part of efforts to strengthen resilience across the financial system.<\/p>\n\n\n\n<p>In a letter dated March 30, 2026, and published on its website on Tuesday, the apex bank said, \u201cInstitutions are required to submit their completed CSAT within the following timelines: i. Three (3) weeks \u2013 Deposit Money Banks (DMBs); ii. Five (5) weeks \u2013 All other regulated institutions.\u201d<\/p>\n\n\n\n<p>The directive, addressed to banks, selected other financial institutions, and payment service providers, introduced a Cybersecurity Self-Assessment Tool to evaluate the cyber risk exposure of regulated entities.<\/p>\n\n\n\n<p>The CBN stated that the move was in line with its statutory mandate under the Banks and Other Financial Institutions Act 2020 and its broader commitment to improving cybersecurity standards in the sector.<\/p>\n\n\n\n<p>\u201cThe Central Bank of Nigeria, in furtherance of its statutory mandate under the Banks and Other Financial Institutions Act (BOFIA) 2020 and consistent with its commitment to strengthening cybersecurity resilience across the financial sector, hereby notifies all Deposit Money Banks, Payment Service Banks, Microfinance Banks, Payment Service Providers, Finance Companies, and Development Finance Institutions of the deployment of its Cybersecurity Self-Assessment Tool,\u201d the letter read.<\/p>\n\n\n\n<p>According to the regulator, the CSAT is designed as a supervisory instrument to provide a comprehensive view of financial institutions\u2019 cybersecurity posture. It explained that the tool would assess critical areas, including governance structures, risk management frameworks, technology systems, third-party risk exposure, incident response capacity, and overall operational resilience.<\/p>\n\n\n\n<p>\u201cThe CSAT is a structured supervisory instrument designed to obtain comprehensive information on the cybersecurity posture of regulated institutions,\u201d the CBN said.<\/p>\n\n\n\n<p>The bank added that insights generated from the exercise would support risk-based supervision and enhance regulatory oversight of cybersecurity threats within Nigeria\u2019s financial ecosystem. To ensure compliance, the apex bank said all affected institutions must complete and submit the assessment through a dedicated portal, with access credentials to be communicated to their Chief Information Security Officers and other relevant officials.<\/p>\n\n\n\n<p>\u201cAll submissions must be fully completed and accompanied by relevant supporting documentation, where applicable,\u201d it stated, noting that the data to be provided must reflect institutions\u2019 positions as of December 31, 2025.<\/p>\n\n\n\n<p>The CBN also issued a warning against false or incomplete disclosures, stressing that accuracy and transparency would be strictly enforced.<\/p>\n\n\n\n<p>\u201cSupervised institutions are reminded that all information submitted to the CBN must be accurate, complete, and verifiable. Submission of false, misleading, or inaccurate information constitutes a regulatory breach and will attract appropriate sanctions,\u201d the letter added.<\/p>\n\n\n\n<p>It also disclosed plans to validate submissions through off-site reviews and supervisory engagements to confirm the data\u2019s reliability.<\/p>\n\n\n\n<p>The directive, which takes immediate effect, signals tighter regulatory scrutiny of cyber risks in the banking sector amid rising digital transactions and increasing exposure to cyber threats.<\/p>\n\n\n\n<p>The PUNCH earlier in December 2025 reported that banks in Nigeria were urged to strengthen their cybersecurity systems as rising digital fraud continued to erode customer trust and slow the growth of the country\u2019s digital banking sector.<\/p>\n\n\n\n<p>A marketing professional in Nigeria\u2019s financial services industry, Victor Ologun, said weak cyber defences are exposing customers to increasing risks.<\/p>\n\n\n\n<p><em>Source:<\/em><a href=\"https:\/\/punchng.com\/cbn-sets-tough-cybersecurity-timeline-for-banks\/\"><em>https:\/\/punchng.com\/cbn-sets-tough-cybersecurity-timeline-for-banks\/<\/em><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CBN sets tough cybersecurity timeline for banks The Central Bank of Nigeria has directed banks to complete a mandatory cybersecurity self-assessment within three weeks as part of efforts to strengthen resilience across the financial system. In a letter dated March 30, 2026, and published on its website on Tuesday, the apex bank said, \u201cInstitutions are&#8230; <\/p>\n<div class=\"clear\"><\/div>\n<p><a href=\"https:\/\/ograsset.com\/index.php\/2026\/04\/01\/cbn-sets-tough-cybersecurity-timeline-for-banks\/\" class=\"excerpt-read-more\">Read More \u2192<\/a><\/p>\n","protected":false},"author":2,"featured_media":7955,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-7954","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-fit-row"],"jetpack_featured_media_url":"https:\/\/ograsset.com\/wp-content\/uploads\/2026\/04\/image-6.jpeg","_links":{"self":[{"href":"https:\/\/ograsset.com\/index.php\/wp-json\/wp\/v2\/posts\/7954","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ograsset.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ograsset.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ograsset.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ograsset.com\/index.php\/wp-json\/wp\/v2\/comments?post=7954"}],"version-history":[{"count":2,"href":"https:\/\/ograsset.com\/index.php\/wp-json\/wp\/v2\/posts\/7954\/revisions"}],"predecessor-version":[{"id":7957,"href":"https:\/\/ograsset.com\/index.php\/wp-json\/wp\/v2\/posts\/7954\/revisions\/7957"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ograsset.com\/index.php\/wp-json\/wp\/v2\/media\/7955"}],"wp:attachment":[{"href":"https:\/\/ograsset.com\/index.php\/wp-json\/wp\/v2\/media?parent=7954"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ograsset.com\/index.php\/wp-json\/wp\/v2\/categories?post=7954"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ograsset.com\/index.php\/wp-json\/wp\/v2\/tags?post=7954"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}