Pension

PenCom Orders Pension Operators to Strengthen Cybersecurity, Tighten Digital Record Protection

Published

on

The National Pension Commission (PenCom) has introduced new cybersecurity requirements for pension fund operators as part of efforts to protect contributors’ records, curb fraud and improve the integrity of digital transactions within Nigeria’s pension industry.

Under the new framework, all licensed Pension Fund Administrators (PFAs) and Pension Fund Custodians (PFCs) will be required to implement advanced cryptographic controls designed to prevent unauthorised alterations to pension-related documents and enhance auditability across the sector.

The directive, contained in a circular signed by the Director of Surveillance Department, A.M. Saleem, will take effect on January 1, 2027, giving operators a transition period to upgrade their information technology infrastructure and compliance systems.

A key feature of the framework is the introduction of cryptographic hashing for electronically signed pension documents. Once a document is signed, it must be automatically secured with a digital hash, creating a unique electronic fingerprint that reveals any subsequent modification.

PenCom said the measure is intended to strengthen data integrity and reduce the risk of record manipulation by both internal and external actors.

“With this cyber lockdown, PenCom moves to stop pension record tampering once and for all, ensuring the absolute protection of contributors’ hard-earned savings,” Saleem said.

The commission also directed operators to maintain comprehensive audit trails for electronic transactions. The requirements include capturing metadata such as Internet Protocol (IP) addresses, transaction timestamps, device information and One-Time Password (OTP) authentication logs linked to electronic signing activities.

According to the regulator, the enhanced tracking framework will improve transparency, support investigations and provide verifiable evidence in the event of disputes or suspected fraud.

PenCom has given PFAs and custodians until January 2027 to achieve full compliance with the new standards, warning that failure to meet the requirements could attract regulatory sanctions.

Industry Implications

The latest directive forms part of broader efforts by PenCom to strengthen governance and risk management within Nigeria’s pension industry, which manages pension assets valued at more than N25 trillion.

The move follows the commission’s revised Information and Communication Technology guidelines issued in 2025, as well as its collaboration with the Independent Corrupt Practices and Other Related Offences Commission to tackle pension fraud.

The new requirements will likely increase technology and compliance spending among pension operators in the short term. However, the measures could strengthen investor confidence in the pension system by improving data security, operational resilience and regulatory oversight.

The framework will also aligns with growing global adoption of cybersecurity standards and digital governance practices aimed at protecting financial records and reducing operational risks in the financial services sector.

 

Top Reads

Exit mobile version