Na serious matter dey ground for Nigeria banking sector as Central Bank of Nigeria don drop new directive. The matter na about cybersecurity, and CBN say make all banks and financial institutions complete one new self-assessment tool wey dem just deploy. This tool dem call am Cybersecurity Self-Assessment Tool (CSAT), and e dey meant to check how strong these institutions dey against online thieves and hackers.
CBN release circular on March 30, 2026, and dem dey talk say this directive align with their power under BOFIA 2020. The whole idea na to evaluate cybersecurity posture of all regulated institutions. Na serious talk o. The apex bank say insights wey dem go get from this CSAT go help for risk-based supervision and go make regulatory oversight for cybersecurity risks better across the financial system.
“Accordingly, all the referenced institutions are required to complete and submit the CSAT through a dedicated submission portal,” the circular state. CBN talk say dem go provide access to the submission portal and guidance to chief information security officers and other relevant officials of the affected institutions. Dem no dey play with this matter at all.
One important thing wey CBN emphasize na say all submissions must reflect data as of December 31, 2025. Dem also talk say make institutions include supporting documentation where necessary. But CBN warn say if anybody submit false, misleading, or inaccurate information, dem go treat am as regulatory breach. And punishment go follow according to BOFIA 2020. Na serious warning be that.
CBN also note say validation exercises go happen after submissions. This one include off-site reviews and supervisory engagements to verify the accuracy of wetin institutions submit. Dem no just want paper work; dem want to see say everything correct.
This move come as fintech companies like Opay and Moniepoint just begin charge N50 EMTL deduction on N10,000 transfers after ending free banking. So cybersecurity matter dey mix with other financial changes wey dey happen. EFCC also dey talk about N18bn airline fraud wey involve bank, six fintechs, and microfinance firms. So the timing of this CBN directive no be coincidence.
For international side, American Express just sign deal to become official payments partner of NFL, replacing Visa wey don dey with NFL since 1995. But that one na foreign matter. For our Naija, the focus dey on making sure our money safe for bank and fintech apps.
The CBN directive show say cybersecurity no be matter wey dem dey take play. As more people dey use online banking and fintech apps, the risk dey increase. Banks and financial institutions wey no take this matter serious fit find themselves in trouble. CBN dey watch.
Some people wey sabi the matter dey talk say this CSAT tool go help identify weak points before hackers fit exploit am. E better to find problem before e happen than to wait make thief don enter house before you start to look for key. That na wetin this self-assessment dey aim to do.
The circular no specify deadline for submission, but dem talk say “all the referenced institutions are required to complete and submit.” So dem dey expect say everybody go comply sharp sharp. No be matter wey fit wait till tomorrow.
As fintech companies like Opay dey grow for Nigeria, this kind of regulation dey important. Many people dey trust these apps with their money, so the security must dey strong. CBN dey try make sure say whether na traditional bank or new fintech, the protection dey the same standard.
The tool go cover different aspects of cybersecurity wey include network security, data protection, incident response, and staff training. E no be just about having antivirus for computer; e dey about whole system wey fit withstand attack.
For those wey dey wonder wetin BOFIA 2020 be, na Banks and Other Financial Institutions Act wey give CBN power to regulate and supervise financial institutions. So this cybersecurity directive dey within their legal right. Dem no just dey talk anyhow.
The financial sector for Nigeria don see plenty changes these past years. From cashless policy to fintech boom, now cybersecurity dey take center stage. CBN dey show say as technology dey advance, regulation must follow am. No be to wait make problem happen before you start to run up and down.
This directive go affect plenty institutions – from big banks wey don dey for hundred years to new fintech startups wey just enter market. All of dem must comply. The playing field must dey level when e come to security.
Some bank officials wey we talk to for background dey say dem dey already work on their cybersecurity, but this CBN directive go make dem double their efforts. Dem dey see am as opportunity to strengthen their systems, not just as another regulatory burden.
The matter dey important because if hackers manage to break into one financial institution, e fit affect confidence for whole system. People go begin fear to keep money for bank or use fintech apps. That one go bad for economy.
CBN dey try balance innovation with protection. Dem want fintech to grow and bring financial inclusion, but dem also want make sure say people their money safe. E no be easy balance, but na wetin regulation dey about.
As dem dey implement this CSAT, dem go likely discover different levels of preparedness across institutions. Some go dey ahead, some go dey behind. But the important thing na say everybody must meet the standard wey CBN set.
The circular no mention specific penalties for those wey no comply, but dem refer to BOFIA 2020. That law get provisions for sanctions wey include fines and even license withdrawal for serious cases. So dem no dey play.
For ordinary Nigerians wey dey use banking services, this news dey mean say dem go sleep with two eyes closed knowing say their money dey better protected. But e also mean say banks and fintechs go need to invest more in security measures.
The timing of this directive come as Nigeria dey push for more digital economy. From BVN to NIN linkage, now cybersecurity assessment. Everything dey connect to make the financial system more secure and trustworthy.
International bodies like IMF and World Bank don been talk about importance of cybersecurity for financial systems. So CBN directive dey align with global standards. Nigeria no dey alone for this matter.
As dem dey implement this CSAT, e go require cooperation between CBN and financial institutions. Dem need to work together to identify risks and find solutions. No be matter of regulator versus regulated; na matter of collective security.
The tool go likely evolve over time as new threats emerge. Cybersecurity no be one-time thing; e dey require continuous monitoring and improvement. What work today may not work tomorrow as hackers dey always find new ways.
For now, the focus dey on getting all institutions to complete the self-assessment. After that, CBN go analyze the results and decide next steps. But one thing clear: cybersecurity don become priority matter for Nigeria financial sector.
Do you have a news tip for NNN? Please email us at editor @ nnn.ng
