Online fraud and identity theft have gradually become one of the biggest cybersecurity menaces faced by banks and financial institutions today.
Against the devastating financial impact of cybercrime, the Nigerian government is focusing its efforts on effectively battling hackers and putting in place appropriate measures and guidelines for the private sector.
Recently, the Central Bank of Nigeria (CBN) announced a new set of cybersecurity rules that will help guide Payment Service Providers (PSPs) and Deposit Money Banks (DMBs) in their efforts to keep hackers at bay.
New Guidelines Aim to Combine Growth with Cybersecurity
As Lexology.com reported on 9 July 2018, the draft guidelines were released under the Central Bank of Nigeria Act, as well as the Banks and Other Financial Institutions Act. Under this legislation, it is within the CBN’s mandate to regulate the financial services industry in the country.
The new rules have come at just the right moment, as the country’s Fintech industry is experiencing a welcome growth. Payments network Payant has announced that it has processed more than N1 billion in less than two years, while mobile phone users in the country have risen to 147 million and internet users have climbed over 100 million.
Deposit Money Banks have played a pivotal role in the country’s economy. According to information by the World Bank, their assets amounted to less than 10% of the country’s GDP in 1975, but swiftly rose in recent years to peak at almost 45% of the national GDP in 2009 and then fall at a bit less than 20% in 2015, succumbing to the global financial crisis.
The new framework aims to better regulate the sector by introducing minimum cybersecurity requirements. According to the new rules, the Board of Directors is tasked with promoting and overseeing the company’s internal cybersecurity strategy, while senior management officials will be responsible for its implementation.
Integrating Cyber Risk Management and Incident Response Policies
Furthermore, each organization must designate a Chief Information Security Officer to ensure the smooth day-to-day implementation of the policies. All DMBs and PSPs will have to integrate cyber risk management procedures within their broader risk management policies.
This includes identifying external threats, such as hackers, as well as internal risks, like careless or compromised users, to optimize data security across databases. The new rules also emphasize the importance of frequent checks and assessments to identify potential vulnerabilities or emerging threats, as well as developing a strategy to tackle security breaches and mitigate their consequences.
Despite some initial confusion caused by inaccurate reports in the press, the new framework will not apply to Payment Service Banks, which fall under a different regulatory field. The CBN is taking a different approach with regard to Payment Service Banks and is currently focused on fostering their growth.
That is part of the national strategy to reduce the number of Nigerians without a bank account to a maximum of 20% by 2020. As the World Bank 2017 report demonstrated, currently over 60 million Nigerians are without access to a bank account – and the government is focused on drastically lowering that figure.
The new DMB and PSP framework has already come into effect in early 2019, after a preparation period. By the end of the year, it will become clear whether it has yielded the desired results in increasing cybersecurity and awareness.