• Home
  • PenCom orders cybersecurity overhaul for…

PenCom orders cybersecurity overhaul for Nigeria’s pension industry

The National Pension Commission has introduced a major regulatory overhaul designed to strengthen cybersecurity and safeguard digital records across Nigeria’s multi-trillion-naira pension industry.

Under the new directive, all licensed Pension Fund Administrators and Pension Fund Custodians will be required to deploy advanced cryptographic security measures to protect sensitive data from both internal and external cyber threats.

According to a circular signed by the Director of the Surveillance Department, A. M. Saleem, the new requirements will take effect on January 1, 2027.

The transition period gives operators until January 1, 2027, to fully upgrade their information technology infrastructure and comply with the new cybersecurity requirements or risk stiff regulatory sanctions.

At the core of the new policy is a strict prohibition on post-signature alterations to pension documents. Under the guidelines, every electronically signed pension-related document must be immediately secured with a cryptographic hash, creating a unique digital fingerprint.

PenCom said the mechanism ensures that any attempt to alter or tamper with a document after it has been signed will invalidate the cryptographic hash, making the modification instantly detectable and preserving the integrity of the original record.

Speaking on the development, Saleem said, “With this cyber lockdown, PenCom moves to stop pension record tampering once and for all, ensuring the absolute protection of contributors’ hard-earned savings.”

Beyond securing signed documents, the new rules require every electronic transaction to generate a comprehensive and tamper-proof audit trail.

Under the directive, pension operators must deploy logging systems that automatically record key metadata for every electronic signing event. This includes the signer’s Internet Protocol address, the exact date and time the document was signed, details of the device used to complete the transaction, and complete One-Time Password logs linked to the signing process.

The commission said the records are intended to strengthen accountability, improve traceability, and support forensic investigations in the event of disputes or suspected fraud.

PenCom said the detailed audit trails would strengthen transparency and accountability across the pension industry by providing investigators with verifiable evidence to resolve disputes and detect any attempts to manipulate pension records.

The commission directed all licensed operators to achieve full compliance before the January 1, 2027 implementation date, urging stakeholders requiring further clarification on the new framework to engage its Surveillance Department ahead of the rollout.