By Elizabeth Adegbesan
THE Central Bank of Nigeria (CBN) has mandated Deposit Money Banks (DMBs) and Payment Service Providers (PSPs) to conduct background checks on employees who implement, enforce and review their technical and physical security controls in order to tackle fraud perpetrated by bank staff.
In a letter signed by the Director Banking Supervision, CBN, Ahmad Abdullahi, the apex bank stated that the provisions of the guidelines represent the minimum requirements to be put in place by all DMBs in their respective cyber security programmes.
Appendix III, section two of the guidelines stated: “the management of a DMB/PSP shall identify all employees whose job description is to implement, enforce and review its physical and technical security control; this includes but not limited to IT system, IT security administrators, security guards, etc.
“Conduct background checks on employees who implement policies, procedures, used to protect sensitive information, and plausibly know ways of circumventing those controls e.g IT system administrators and security guards.
“Ensure that risk associated with this category of employee is regularly assessed as part of the enterprise risk assessment framework. Background check shall be periodically conducted to gather reliable information about such employee.
“Ensure that mandatory vacation/leave is adopted to thwart opportunity for fraudulent activities, and keyman risk.
“Ensure that the right assigned to all users is based on the principles of separation of duties and least privileges”.