Nigeria: Risk-Based Cybersecurity Framework and Guidelines for Other Financial Institutions adopted

On 29 June 2022, the Central Bank of Nigeria has issued the Risk-Based Cybersecurity Framework and Guidelines for Other Financial Institutions, applicable to all entities defined as Other Financial Institutions (OFIs). The Guidelines set out the cybersecurity rules applicable to OFIs, defining the cybersecurity governance responsibilities of the various position-holders in an organisation, including the Board of Directors, Senior Management, and the Chief Information Security Officer. Further, the Guidelines set out the obligations of OFIs concerning risk management, developing cybersecurity strategies and frameworks, as well as assessment and reporting. The Guidelines will enter into effect on 1 January 2023.