By Boluwatife Oshadiya | April 1, 2026
Key Points
- CBN mandates banks to complete cybersecurity assessment within three weeks
- New tool evaluates risk exposure, governance, and incident response capacity
- Regulator warns of sanctions for false or incomplete disclosures
Main Story
The Central Bank of Nigeria (CBN) has directed Deposit Money Banks to complete a mandatory cybersecurity self-assessment within three weeks, as part of efforts to strengthen resilience across the financial system.
In a circular dated March 30, 2026, the apex bank introduced a Cybersecurity Self-Assessment Tool (CSAT) designed to evaluate institutions’ exposure to cyber risks. Other regulated entities, including microfinance banks and payment service providers, were given a five-week deadline.
The CBN stated that the directive aligns with its mandate under the Banks and Other Financial Institutions Act (BOFIA) 2020 and reflects growing concerns over cyber threats in Nigeria’s increasingly digital financial ecosystem.
The CSAT will assess governance structures, risk management frameworks, technology systems, third-party risks, and incident response capabilities.
“The CSAT is a structured supervisory instrument designed to obtain comprehensive information on the cybersecurity posture of regulated institutions,” the CBN said.
The regulator also warned that submissions must be accurate and verifiable, stressing that false disclosures would attract sanctions.
The Issues (Optional)
Nigeria’s financial sector has faced rising cyber fraud incidents in recent years, driven by rapid digital adoption and weak institutional safeguards. Analysts warn that gaps in cybersecurity infrastructure could undermine trust in digital banking and slow financial inclusion efforts.
What’s Being Said
“Weak cyber defences are exposing customers to increasing risks,” said Victor Ologun, a financial services marketing professional.
“This move by the CBN is necessary to enforce accountability and improve system-wide resilience,” added fintech analyst Tunji Andrews.
What’s Next
- Banks must submit assessments reflecting their status as of December 31, 2025
- CBN will conduct off-site reviews and supervisory validations
- Further regulatory actions may follow based on assessment outcomes
The Bottom Line:
The CBN’s directive signals a shift toward stricter cyber risk oversight, forcing Nigerian banks to confront systemic vulnerabilities as digital transactions continue to surge.
%20has%20directed%20Deposit%20Money%20Banks%20to%20complete%20a%20mandatory%20cybersecurity%20self-assessment%20within%20three%20...){kind=link}