The Central Bank of Nigeria (CBN) has launched a Cybersecurity Self-Assessment Tool (CSAT) for banks and other regulated financial institutions as part of measures to strengthen cybersecurity resilience and improve oversight within the country’s financial system.
In a circular issued on March 30, 2026, the apex bank directed Deposit Money Banks, Payment Service Banks, Microfinance Banks, Payment Service Providers, Finance Companies and Development Finance Institutions to complete and submit the assessment within specified timelines.
The CSAT is designed as a supervisory framework to evaluate the cybersecurity preparedness of institutions, focusing on governance structures, risk management practices, technology controls, third-party risk exposure, incident response capabilities and overall operational security.
Brandspur Banking News Desk reports that the initiative is aligned with the provisions of the Banks and Other Financial Institutions Act, and forms part of the regulator’s broader strategy to mitigate cyber risks and enhance the stability of Nigeria’s financial ecosystem.
According to the CBN, the data collected through the assessment will support risk-based supervision, enabling the regulator to better identify vulnerabilities, monitor compliance levels and strengthen its oversight mechanisms across the industry.
The apex bank mandated affected institutions to submit their completed assessments through a designated online portal, with login credentials and procedural guidelines to be shared with Chief Information Security Officers and other authorised personnel within each institution.
Under the directive, Deposit Money Banks are required to complete and submit their returns within three weeks, while other financial institutions have a five-week deadline to comply with the exercise. All submissions must include supporting documentation and reflect the institutions’ cybersecurity posture as of December 31, 2025.
The CBN warned that all information provided must be accurate, verifiable and consistent with regulatory expectations, noting that any false, misleading or incomplete submissions will attract sanctions in line with existing regulatory frameworks.
It also stated that it will conduct verification processes, including off-site reviews and additional supervisory engagements, to validate the integrity of the information submitted by institutions.
The introduction of the CSAT underscores the increasing importance of cybersecurity within Nigeria’s financial services sector, particularly as digital banking, fintech adoption and electronic payment systems continue to expand, exposing institutions to evolving cyber threats.
By implementing the assessment tool, the CBN aims to ensure that financial institutions maintain robust cybersecurity frameworks capable of protecting customer data, safeguarding transactions and maintaining confidence in the financial system.
The directive takes immediate effect, with the regulator urging all affected institutions to comply strictly within the stipulated timelines as part of efforts to reinforce systemic resilience and operational security across the financial industry.
