LAGOS — Nigerian financial institutions are under intense pressure to meet the Central Bank of Nigeria’s June 10, 2026, deadline for adopting a new cybersecurity framework. Industry sources say major commercial banks are largely on track. However, smaller institutions are seriously behind.
The CBN issued the mandatory cybersecurity circular on March 10, 2026. It requires all regulated financial institutions to implement a new baseline standard for Anti-Money Laundering, Combating the Financing of Terrorism, and Counter-Proliferation Financing systems.
Vanguard investigations found that only tier-one banks and a limited number of other operators are expected to fully comply before the deadline. Many microfinance banks and finance houses are struggling. The main reason is the absence of qualified Chief Information Security Officers in their organisations.
A cybersecurity expert in the banking sector said the problem is not lack of awareness but lack of capacity. “Most microfinance banks simply do not have the internal expertise or the budget to build a full cybersecurity function from scratch in three months,” the source said.
Why This Matters
Experts warn that non-compliance by smaller institutions creates a weak link in the entire financial system. Cybercriminals often target smaller, less-protected institutions as entry points into broader banking networks. One breach in a microfinance bank can cascade into wider system exposure.
In addition, the CBN framework specifically targets digital fraud, money laundering, and terrorism financing channels. Nigeria loses billions of naira annually to electronic fraud. The new standard is designed to cut those losses by raising defences across all institutions.
Furthermore, the CBN has already deployed its Cybersecurity Self-Assessment Tool to help institutions measure their current readiness. The tool covers cybersecurity governance, risk management, and incident response capabilities. Institutions can use it to identify gaps before the deadline.
Consequences of Non-Compliance
The CBN has the authority to impose financial penalties on institutions that miss the June 10 deadline. Repeat offenders risk having their licences reviewed. Banking sector sources say the regulator is expected to take a firm stance given the scale of electronic fraud in Nigeria.
Meanwhile, the Securities and Exchange Commission and the EFCC are also tightening digital oversight. All three agencies are working together to track and freeze illicit digital wallets. The coordinated approach signals a broader crackdown on financial crime.
Industry groups are calling on the CBN to grant a 90-day extension for smaller institutions. They argue that the timeline is too tight for microfinance banks with limited technical resources. The CBN has not yet responded publicly to these calls.
Discover more from News247 Nigeria
Subscribe to get the latest posts sent to your email.
