Financial institutions race to meet CBN deadline on new cyber-security standard
Financial Institutions Race to Meet CBN Cybersecurity Deadline
By Emeka Anaeto
Business Editor
Nigerian financial institutions are working to comply with a mandate from the Central Bank of Nigeria (CBN) requiring a new cybersecurity baseline by June 10, 2026.
Sources within the industry have indicated that while many commercial banks are progressing towards this deadline, a significant number of smaller institutions remain unprepared. This lack of readiness poses risks to the overall financial system that the new standard aims to mitigate.
According to recent information, only tier-1 banks and a select few other financial entities are expected to meet the CBN’s deadline. Smaller institutions face challenges, primarily due to the absence of Chief Information Security Officers (CISOs) and adequate cybersecurity infrastructure.
The CBN’s new standards address Essential Anti-Money Laundering (AML), Combating Financial Terrorism (CFT), and Counter-Proliferation Financing (CPF) solutions. On March 10, 2026, the CBN issued Circular BSD/DIR/PUB/LAB/019/002, mandating that all regulated financial institutions submit their implementation roadmaps by the June deadline.
Cybersecurity expert Seun Runsewe noted that the circular encompasses 12 functional areas. Each area necessitates not only the procurement of systems but also the establishment of a governance framework.
“Realistically, most leading banks are likely to meet the deadline because they have CISOs, internal teams, and vendors already in place,” Runsewe stated. However, she raised concerns about the hundreds of microfinance banks, finance houses, and primary mortgage banks that constitute a substantial portion of regulated institutions in the country.
“Most of these institutions lack a CISO and a functioning automated AML solution. Many are starting from nearly zero with the deadline approaching,” she added.
Runsewe warned of broader implications of any cybersecurity weaknesses within smaller institutions. “These entities share infrastructure with larger banks—such as the NIBSS and BVN networks. A vulnerability in one microfinance bank could compromise the entire ecosystem, ultimately affecting larger banks as well.”
In light of these concerns, the urgency for all financial institutions to enhance their cybersecurity capabilities is clear as the June deadline approaches.
