Other Research Assessment

Country
Nigeria

Source
Article in Mondaq

Title
Cybersecurity Regulation In The Nigerian Fintech Industry by Bolakale Mallick

About
Dated Dec 2019 | Article which summarises the CBN Guidelines | It doesn't state the penalties on Fintech orgs if they don't comply with the CBN guidelines

Key findings
General points: Part 1. Organisations must appoint a CISO - and incorporate cyber risk management according to a report orgs take on average 197 days to become aware of data breach and take 69 days to contain it. | Part 2. Bad / Lazy attitude to cybersecurity vulnerabilities and risk management by Fintech orgs - very few carry out assessments / audits and even less take steps to fix vulnerabilities. According to Serianu Report , 81% of discovered cybersecurity incidents in Nigeria are left unresolved, therefore CBN framework mandated organisations to develop cyber risk management programs and a detailed road map to address identified gaps to be reported annually to CBN by 31st Mar. | Compelling organisations to disclose true and accurate information is a challenge. Article suggests that Fintech organisations in Nigeria aren't fully aware or accepting of the cybersecurity risks. | Part 3 - Inter-connectivity within the Fintech organisations is a risk - how trust worthy are the service providers to the Fintech organisations? | Organisations must develop Cyber Threat Intelligence (CTI) programmes and work in collaboration with the Nigeria Electronic Fraud Forum (NEFF). | Part 4 - There is a plethora of regulations - to simplify this, CBN guidelines requires Fintech organisations to put metrics & monitoring processes in place to ensure compliance & provide feedback on effectiveness on controls and appropriate management decisions. | Fintech orgs are required to report all cybersecurity incidents no later than 24hrs after incident is detected to Dir of Banking Supervision CBN. | Part 5. - CBN guidelines mandate the board and senior management of Fintech orgs to comply with the relevant statutes and regulations such as Nigerian Cybercrime Prevention Act 2015 and all CBN directives. | Conclusion - CBN Guideline is a step in the right direction - and will facilitate security of Fintech industry and so increase investor confidence.

Website
https://www.mondaq.com/Nigeria/Technology/872530/Cybersecurity-Regulation-In-The-Nigerian-Fintech-Industry