RismadarVoice Reporters, April 1, 2026
The Central Bank of Nigeria (CBN) has directed Deposit Money Banks to complete a mandatory cybersecurity self-assessment within three weeks, as part of efforts to strengthen resilience across the country’s financial system.
In a letter dated March 30, 2026, and published on its website Tuesday, the apex bank said other regulated institutions, including payment service providers, have a five-week deadline to comply.
The directive introduced a Cybersecurity Self-Assessment Tool (CSAT), designed to evaluate the cyber risk exposure of financial institutions and enhance regulatory oversight.
“The Central Bank of Nigeria… hereby notifies all Deposit Money Banks, Payment Service Banks, Microfinance Banks, Payment Service Providers, Finance Companies, and Development Finance Institutions of the deployment of its Cybersecurity Self-Assessment Tool,” the statement read.
According to the CBN, the CSAT will assess critical areas such as governance structures, risk management frameworks, technology systems, third-party risk exposure, incident response capabilities, and overall operational resilience.
Describing the tool as a “structured supervisory instrument,” the regulator said it would provide comprehensive insight into the cybersecurity posture of institutions and support risk-based supervision.
The bank added that all affected institutions must submit their assessments through a dedicated portal, with access details to be communicated to Chief Information Security Officers and other relevant officials. Submissions must reflect each institution’s position as of December 31, 2025, and include supporting documentation where necessary.
The CBN warned that inaccurate or incomplete disclosures would attract sanctions.
“Submission of false, misleading, or inaccurate information constitutes a regulatory breach and will attract appropriate sanctions,” the apex bank stated, adding that it would validate submissions through off-site reviews and supervisory engagements.
The directive takes immediate effect and signals tighter regulatory scrutiny amid rising cyber threats and increased reliance on digital financial services.
The move follows earlier concerns about growing digital fraud in Nigeria’s banking sector. In December 2025, stakeholders urged banks to strengthen their cybersecurity frameworks to rebuild customer trust and support the growth of digital banking.
A marketing professional in the financial services industry, Victor Ologun, noted that weak cyber defences continue to expose customers to significant risks.
