- Nigeria’s financial institutions are under pressure to meet the CBN’s deadline for implementing a new cybersecurity framework
- While major commercial banks are expected to comply, many smaller institutions, such as microfinance banks and finance houses, are struggling
- Experts warn that the failure of smaller institutions to meet the standard could expose the entire banking system to cyber risks
Legit.ng journalist Victor Enengedi has over a decade’s experience covering energy, MSMEs, technology, banking and the economy.
Financial institutions across Nigeria are struggling to comply with the June 10, 2026 deadline set by the Central Bank of Nigeria (CBN) for adopting a new cybersecurity framework aimed at strengthening the financial system.
Sources within the industry revealed that while most top commercial banks are making significant progress toward meeting the requirements, many smaller financial institutions are far behind schedule.
Source: UGC
This delay, experts warn, could leave the entire banking ecosystem vulnerable to cyber threats and financial crimes the policy was designed to prevent.
Vanguard investigations show that only tier-one banks and a limited number of other operators are likely to fully comply before the deadline.
Many smaller institutions, particularly microfinance banks and finance houses, are reportedly struggling because they lack critical cybersecurity leadership roles such as Chief Information Security Officers (CISOs).
The new framework focuses on improving systems used for Anti-Money Laundering (AML), Combating the Financing of Terrorism (CFT), and Counter-Proliferation Financing (CPF).
On March 10, 2026, the CBN issued Circular BSD/DIR/PUB/LAB/019/002, making it mandatory for all regulated financial institutions to implement minimum standards for automated AML/CFT/CPF systems.
Under the directive, every institution supervised by the apex bank must submit an implementation roadmap to the CBN no later than June 10, 2026.
Experts warn of industry-wide risks
Cybersecurity specialist Seun Runsewe explained that the CBN’s directive goes beyond simply buying software solutions.
According to her, the framework covers 12 major operational areas that require strong governance structures and technical oversight.
Read also
Lagos unveils 19 winners for N10bn MSME fund as cooperative businesses set for major boost
She noted that leading commercial banks are in a better position to comply because they already have established cybersecurity teams, CISOs, and technology vendors supporting their operations.
However, she expressed serious concern about smaller financial institutions, including nearly 900 microfinance banks, over 100 finance houses, and several primary mortgage banks, where most regulated operators fall.
She said:
“Most don’t have a CISO, let alone a functioning automated AML solution. Many are starting from near zero with the deadline already on top of them”.
According to Runsewe, many of these institutions are starting almost from scratch, without dedicated cybersecurity leadership or functioning automated AML systems, despite the fast-approaching deadline.
She also warned that the weakness of smaller operators could threaten the entire financial system because all institutions are connected through shared platforms such as NIBSS, BVN infrastructure, and agency banking networks.
Recall that the Association of Chief Audit Executives of Banks in Nigeria had raised fresh concerns about cyber fraud targeting bank accounts.
Source: UGC
CBN directs IMTOs to open naira settlement accounts
Meanwhile, Legit.ng earlier reported that the CBN directed International Money Transfer Operators (IMTOs) to open naira settlement accounts with authorised dealer banks.
All remittance-related transactions must now be processed through these designated accounts.
The policy aims to improve transparency, monitoring, and efficiency in the foreign exchange market.
Source: Legit.ng