Nigeria: Central Bank adopted directive on deployment of cybersecurity self-assessment tool

On 30 March 2026, the Central Bank of Nigeria issued a directive announcing the deployment of a Cybersecurity Self-Assessment Tool (CSAT) for regulated financial institutions, including payment service providers. The measure requires institutions to complete and submit the CSAT through a dedicated portal, providing information on cybersecurity governance, risk management, third-party controls, incident response, and operational resilience, with supporting documentation based on data as of 31 December 2025. The directive sets submission deadlines of five weeks for payment service providers, mandates accuracy and verifiability of submissions, and cautions that false or misleading information will attract sanctions under the Banks and Other Financial Institutions Act of 2020.