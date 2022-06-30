The Central Bank of Nigeria (CBN) has directed Other Financial Institutions (OFIs) to ensure that they comply fully with the provisions of its risk based cybersecurity framework and guidelines on or before January 1, 2023. OFIs include microfinance banks, development finance institutions, primary mortgage banks and finance companies. In a letter to all OFIs posted on its website yesterday, the apex bank said that it issued the guidelines and framework “as a result of recent increase in the number and sophistication of cybersecurity threats against financial institutions, especially the OFIs.” CBN further stated that “in recent times, threats such as ransomeware, targeted phishing attacks and Advanced Persistent Threats (APT) have become prevalent, demanding that financial institutions, including OFIs, strengthen their cyber reliance and take proactive steps to secure their critical information assets to ensure their safety and soundness.” It said that OFIs should note that for a cybersecurity programme to be successful, such a programme “must be fully integrated into their business goals and objectives and must be an integral part of the overall risk management processes.” According to the apex bank, the responsibility for the provision of oversight, leadership and resources to ensure that cybersecurity governance becomes an intergral part of corporate governance, lies with the Board of Directors of OFIs. It further stated that every OFI should appoint or designate a Chief Information Security Officer (CISO), whose responsibilities would include, among others, the day-today cybersecurity activities and the mitigation of cybersecurity risks in the OFI. In addition, CBN stated: “Every OFI with more than 30 employees shall establish an Information Security Steering Committee (ISSC). However, for Unit Tier II MFBs, the Information Technology Steering Committee (ITSC) can perform the function of the Information Security Steering Committee.”

