The Central Bank of Nigeria (CBN) has introduced a mandatory Cybersecurity Self-Assessment Tool (CSAT) for all regulated financial institutions in a bid to bolster the resilience of Nigeria’s banking sector against rising cyber threats.
This is disclosed in a statement signed by Olubunmi Ayodele-Oni for Director, Compliance Department at the apex bank.
This initiative is part of the CBN’s statutory responsibilities under the Banks and Other Financial Institutions Act (BOFIA) 2020.
The CSAT will serve as a critical supervisory instrument to assess the cybersecurity frameworks of banks and other financial entities. Specifically, it focuses on risk management practices, incident response strategies, and controls related to third-party technologies.
What the statement is saying
According to the statement, the CSAT is designed as a supervisory instrument to provide the CBN with “comprehensive information on the cybersecurity posture of regulated institutions.”
- “It covers key areas including cybersecurity governance, risk management practices, technology and third-party risk controls, incident response capabilities, and overall operational resilience,” the statement says.
- “Insights derived from the CSAT will support risk-based supervision and enhance regulatory oversight of cybersecurity risks across the financial system.”
According to the apex bank, all the referenced institutions are required to complete and submit the CSAT through a dedicated submission portal.
- “Access credentials to the portal and detailed guidance on completion of the tool will be communicated to your Chief Information Security Officers and other relevant officials.”
Get up to speed
The development follows earlier move by the CBN to curb fraudulent transactions within the banking system.
- Earlier in March, the CBN had introduced stricter controls on suspected fraudulent transactions, BVN enrolment, and data access within the banking system
- According to a circular dated March 12, 2026, titled “Addendum to the Revised Regulatory Framework for Bank Verification Number (BVN) Operations and Watch-List for the Nigerian Banking Industry 2021”, the CBN said the amendments are aimed at strengthening fraud monitoring, improving identity management within the financial system, and safeguarding the integrity of banking transactions.
- Under the guidelines, financial institutions are required to establish and maintain a temporary watch-list for BVNs linked to suspected fraudulent transactions reported within the banking system.
CBN said BVN may remain on this temporary Watch-list for a maximum period of twenty-four (24) hours, during which the BVN owner shall be contacted to provide clarification regarding the identified transaction(s).
More insights
The apex bank says CSAT tool must be completed and submitted via a dedicated portal, with institutions required to submit their reports by the following timelines:
- Deposit Money Banks (DMBs): 3 weeks to comply
- Other institutions (e.g., MFBs, PSPs, Fintechs): 5 weeks to comply
Reports must reflect the institution’s status as of December 31, 2025. Institutions will also undergo validation exercises, including off-site reviews, to ensure the integrity of the data provided.
The CBN has issued a stern warning against the submission of false or misleading information, which will result in regulatory sanctions.
What you should know
Nairametrics reported that the Central Bank of Nigeria has issued a landmark framework for automated financial crime detection that puts this country ahead of Europe and America in one crucial respect.
Every Bank, Fintech & Payment Company in Nigeria has 18 months to prove it can meet the standard.
There is a particular kind of regulatory document that arrives looking like paperwork and turns out to be something far more consequential.
