CBN Orders Banks, Fintechs To Submit Cybersecurity Reports.

 

The Central Bank of Nigeria has instructed all banks and financial technology companies to provide detailed reports on their cybersecurity systems within a few weeks.

 This directive aims to strengthen supervision and protect the country’s financial sector from increasing digital threats.

The apex bank issued a circular to Deposit Money Banks, Payment Service Banks, Microfinance Banks, fintechs, and other regulated financial institutions, introducing a Cybersecurity Self-Assessment Tool (CSAT).

 The tool is meant to check how prepared these institutions are to handle cyber risks.

According to the circular, Deposit Money Banks must submit their assessments within three weeks, while other financial institutions have up to five weeks to comply.

 The CSAT will gather information on governance structures, risk management, technology controls, third-party risks, incident response, and overall operational resilience.

The Central Bank also noted that Chief Information Security Officers and other relevant officials will receive access to the submission portal along with detailed instructions.

 All reports must reflect data as of December 31, 2025, and must include supporting documents where needed.

The regulator warned that all information provided must be accurate and verifiable.

 Submitting false or misleading data will be considered a breach under the Banks and Other Financial Institutions Act (BOFIA) 2020 and could lead to penalties.

The Central Bank said it plans to verify the submissions through off-site reviews and supervisory checks to ensure the reports are correct. 

The directive is effective immediately, reflecting the bank’s drive to improve cybersecurity readiness across Nigeria’s financial sector.