In a letter to the OFIs which was accompanied by a copy of the new framework, the CBN explained that the guidelines have become imperative amid increasing cybersecurity threats currently facing financial institutions in the country.
OFIs, which are basically third party financial services providers, are particularly susceptible to these cybersecurity threats. And that’s due to the fact that they mainly rely on information communication technology (ICT) to conduct their daily business activities.
Some examples of the threats that Nigerian OFIs are currently faced with include: ransomware attacks, targeted phishing and advanced persistent threat.
In view of these threats, the apex bank said the new cybersecurity framework will henceforth serve as the cybersecurity measures that must be put in place by the OFIs. It also stressed that the deadline for full compliance to the guidelines is January 1st, 2023.
“Consequently, the Central Bank of Nigeria (CBN) hereby issues the Attached Risk-Based Cybersecurity Framework and Guidelines for OFIs, which represents the minimum requirements to be put in place by all OFIs. The effective date for full compliance with the provisions of the guidelines is January 1, 2023 and all OFIs are expected to comply on or before that date,” said a part of the letter by the CBN, as seen by Business Insider Africa.
The CBN further noted that the main aims of the framework are:
- To create a safer and more secure cyber environment that will support information system security and ultimately ensure stability of OFIs.
- Contribute towards fighting/preventing cybercrime in the OFIs sector.
- Promote the adoption of best practices and appropriate cybersecurity standards by OFIs.
- Promote and maintain public trust in OFIs.
- Promote a cybersecurity culture and continuous awareness.
