CBN directs OFIs to comply with cyber security rules by January 2023

The Central Bank of Nigeria (CBN) has given January 1, 2022, as the deadline for Other Financial Institutions (OFIs) to comply with cyber security rules.

This was stated in a letter to OFIs, signed by Nkiru Asiegbu, director, Other Financial Institutions Supervision Department, and published on the CBN’s website.

OFIs comprise Microfinance Banks, (MFBs) Development Finance Institutions (DFIs), Primary Mortgage Banks (PMBs) and Finance Companies (FCs).

“As a result of the recent increase in the number and sophistication of cyber security threats against financial institutions, especially the Other Financial Institutions (OFIs), it has become mandatory for institutions to strengthen their cyber defence if they are to remain safe and sound,” the letter said.

Consequently, the central bank has issued a risk-based cybersecurity framework and guidelines for OFIs, which represent the minimum requirements to be put in place by all OFIs.

Read also: Reps summon finance, education ministers, CBN governor over education bank

“The effective date for full compliance with the provisions of the guidelines is January 1, 2023 and all OFIs are expected to comply on or before that date,” the CBN said in the letter.

According to the banking sector regulator, cyber security resiliencies are considered an organisation’s ability to maintain normal operations despite all cyber threats and potential risks in its environment. Resilience provides an assurance of sustainability for the organisation using its governance, interconnected networks and culture.

The guidelines outline the minimum requirements that OFIs are required to observe in the development and implementation of strategies, policies, procedures and related activities aimed at mitigating cyber risk.

The purpose of the guidelines is to, create a safer and more secure cyber environment that supports information system security and promote stability of the OFI sub-sector, contribute towards the prevention and combating of cybercrime in the OFI sub-sector; and to promote the adoption and implementation of best practices and appropriate cyber security standards by OFIs, among others.