Pension
PenCom Orders Pension Operators to Strengthen Cybersecurity, Tighten Digital Record Protection
Published
2 hours agoon

The National Pension Commission (PenCom) has introduced new cybersecurity requirements for pension fund operators as part of efforts to protect contributors’ records, curb fraud and improve the integrity of digital transactions within Nigeria’s pension industry.
Under the new framework, all licensed Pension Fund Administrators (PFAs) and Pension Fund Custodians (PFCs) will be required to implement advanced cryptographic controls designed to prevent unauthorised alterations to pension-related documents and enhance auditability across the sector.
Read Also:
The directive, contained in a circular signed by the Director of Surveillance Department, A.M. Saleem, will take effect on January 1, 2027, giving operators a transition period to upgrade their information technology infrastructure and compliance systems.
A key feature of the framework is the introduction of cryptographic hashing for electronically signed pension documents. Once a document is signed, it must be automatically secured with a digital hash, creating a unique electronic fingerprint that reveals any subsequent modification.
PenCom said the measure is intended to strengthen data integrity and reduce the risk of record manipulation by both internal and external actors.
“With this cyber lockdown, PenCom moves to stop pension record tampering once and for all, ensuring the absolute protection of contributors’ hard-earned savings,” Saleem said.
The commission also directed operators to maintain comprehensive audit trails for electronic transactions. The requirements include capturing metadata such as Internet Protocol (IP) addresses, transaction timestamps, device information and One-Time Password (OTP) authentication logs linked to electronic signing activities.
According to the regulator, the enhanced tracking framework will improve transparency, support investigations and provide verifiable evidence in the event of disputes or suspected fraud.
PenCom has given PFAs and custodians until January 2027 to achieve full compliance with the new standards, warning that failure to meet the requirements could attract regulatory sanctions.
Industry Implications
The latest directive forms part of broader efforts by PenCom to strengthen governance and risk management within Nigeria’s pension industry, which manages pension assets valued at more than N25 trillion.
The move follows the commission’s revised Information and Communication Technology guidelines issued in 2025, as well as its collaboration with the Independent Corrupt Practices and Other Related Offences Commission to tackle pension fraud.
The new requirements will likely increase technology and compliance spending among pension operators in the short term. However, the measures could strengthen investor confidence in the pension system by improving data security, operational resilience and regulatory oversight.
The framework will also aligns with growing global adoption of cybersecurity standards and digital governance practices aimed at protecting financial records and reducing operational risks in the financial services sector.
You may like

NIMC Enrolment Hits 136 Million as Nigeria Begins Implementation of New Digital Identity Law

PenCom Orders Mandatory Retiree Verification to Safeguard N31.3tn Pension Assets

PenCom Deploys Digital Platform on Pension Data Recapture

Total Pension Assets in Nigeria Hit N19.53 Trillion in January

Unremitted Pension: PenCom Slams N184m Fine on Failing employers

How 15,634 Retirees Withdraw N7.79BN to Exit Pension Scheme







