The Central Bank of Nigeria (CBN) has issued guidelines for better cyber security in the Nigerian financial sector, particularly among Other Financial Institutions (OFIs).
Mrs. Nkiru Asiegbu, Director of OFI’s Supervision Department, issued a circular to that effect on Wednesday, setting January 1, 2023, as the deadline for compliance by all affected institutions.
The circular comes just days after MTN Nigeria’s Payment Service Bank (PSB) MoMos claimed in a filing against 18 commercial banks that it had been defrauded of N22 billion ($53 million) after only one month in operation.
The MoMo PSB claims the funds were transferred in error to 8,000 accounts held by customers of the 18 banks.
To address issues as MTN, CBN said, “As a result of recent increase in the number and sophistication of cybersecurity threats against financial institutions, especially Other Financial Institutions (OFIs), it has become mandatory for institutions to strengthen their cyber defences if they are to remain safe and sound.
“Consequently, the CBN hereby issues the attached Risk-Based cybersecurity Framework and Guidelines for OFIs, which represent the minimum requirements to be put in place by all OFIs.
“The effective date for full compliance with the provisions of the guidelines is January 1, 2023.”
It added, ‘In recent times, threats such as ransomware, targeted phishing attacks and Adanced Persistent Threats (APT) have become prevalent, demanding that financial institutions, including OFIs strengthen their cyber resilience and take proactive steps to secure their critical information assets to ensure their safety and soundness.”
The guidelines outline the requirements the OFIs were requested to observe in the development and implementation of strategies , policies, procedures and related activities aimed at mitigating cyber risks.
The OFIs were directed to ensure a more sound cyber environment that “supports information system security and promote stability of the OFIs sub-sector.”