CBN Issues New Guidelines For Financial Institutions From January 2023

CBN Issues New Guidelines For Financial Institutions From January 2023

The CBN circular comes days after reports surfaced that Momo Payment Service Bank Limited (Momo PSB), the fintech subsidiary of MTN Nigeria, suffered a “security breach” resulting in a loss of N22 billion.

The incident occurred barely a week after the PSB commenced operations.

          According to the CBN, all OFIs are expected to fully comply with the provisions of the guidelines by January 1, 2023.

It explained that threats such as ransomware, targeted phishing attacks, and advanced persistent threats (APT) have become prevalent, demanding that financial institutions, including OFIs, strengthen their cyber resilience and take proactive steps to secure their critical information assets.

As a result of the recent increase in the number and sophistication of cybersecurity threats against financial institutions, especially other financial institutions (OFIs), it has become mandatory for institutions to strengthen their cyber defenses if they are to remain safe and sound.

Consequently, the CBN hereby issues the attached risk-based cybersecurity framework and guidelines for OFIs, which represent the minimum requirements to be put in place by all OFIs.

The document comprises six parts;

 

*Cybersecurity governance and oversight

 

*Cybersecurity risk management system

 

*Cyber resilience assessment

 

*Cybersecurity operational resilience

 

*Cyber-threat intelligence

 

*Metrics monitoring and reporting.

The CBN said the guidelines specify the minimum requirements the OFIs need to observe in the development and implementation of strategies, policies, procedures, and related activities aimed at mitigating cyber risks.

OFIs should note that for a cybersecurity programme to be successful, it must be fully integrated into their business goals and objectives, and must be an integral part of the overall risk management processes. The framework provides a risk-based approach to cybersecurity risk.

 

The effective date for full compliance with the provisions of the guidelines is January 1, 2023, and all OFIs are expected to comply on or before that date.


Flourish Onyeka

2 Blog posts

Comments
Alphonsus Odumu 2 d

Central Bank of Nigeria News

 
 
ego glory 1 y

GOOD

 
 
Abiola Issa Mukaila 2 yrs

Okay

 
 
Praise Akinwole 2 yrs

Okay
Nice piece.