A Cybersecurity Risk Management and Regulatory Compliance Framework for Financial Institutions

• Author(s): Adepeju Deborah Bello; Oghenemaiga Elebe; Nafiu Ikeoluwa Hammed; Gbenga Olumide Omoegun; Oladapo Fadayomi
• Paper ID: 1713553
• Page: 1180-1193
• Published Date: 31-08-2024
• Published In: Iconic Research And Engineering Journals
• Publisher: IRE Journals
• e-ISSN: 2456-8880
• Volume/Issue: Volume 8 Issue 2 August-2024

Abstract

Financial institutions remain among the most attractive targets for cyberattacks due to their central role in economic stability, extensive digitalisation, and custody of highly sensitive financial and personal data. The increasing sophistication of cyber threats, combined with stringent regulatory expectations, has created a complex environment in which institutions must simultaneously manage cybersecurity risk and demonstrate compliance with evolving regulatory frameworks. Despite the existence of numerous cybersecurity standards, regulatory guidelines, and risk management models, financial institutions continue to face challenges in aligning technical security controls with governance, risk, and compliance (GRC) requirements in a coherent and auditable manner. Fragmentation between cybersecurity operations and regulatory compliance functions often results in duplicated effort, compliance-driven security implementations, and limited organisational resilience. This paper presents a comprehensive cybersecurity risk management and regulatory compliance framework tailored for financial institutions. The framework integrates established cybersecurity risk management principles with regulatory compliance requirements, providing a structured approach that aligns governance, risk assessment, control implementation, monitoring, and reporting. Drawing on a systematic review of previous literature, international standards, and financial-sector regulatory practices, the framework emphasises proportional risk-based decision-making, continuous monitoring, and accountability across organisational levels. The study synthesises insights from cybersecurity governance, enterprise risk management, financial regulation, and operational resilience literature to bridge the gap between technical security controls and regulatory obligations. The proposed framework contributes to academic and practitioner discourse by offering a unified structure that supports both cybersecurity risk reduction and regulatory assurance. It is particularly relevant for banks, insurance companies, payment service providers, and other regulated financial entities operating in highly digitised and interconnected environments. The paper concludes by highlighting practical implications, implementation challenges, and directions for future empirical validation.

Keywords

Cybersecurity Risk Management; Financial Institutions; Regulatory Compliance; Information Security Governance; Operational Resilience; Financial Regulation

Citations

IRE Journals:
Adepeju Deborah Bello, Oghenemaiga Elebe, Nafiu Ikeoluwa Hammed, Gbenga Olumide Omoegun, Oladapo Fadayomi "A Cybersecurity Risk Management and Regulatory Compliance Framework for Financial Institutions" Iconic Research And Engineering Journals Volume 8 Issue 2 2024 Page 1180-1193 https://doi.org/10.64388/IREV8I2-1713553

IEEE:
Adepeju Deborah Bello, Oghenemaiga Elebe, Nafiu Ikeoluwa Hammed, Gbenga Olumide Omoegun, Oladapo Fadayomi "A Cybersecurity Risk Management and Regulatory Compliance Framework for Financial Institutions" Iconic Research And Engineering Journals, 8(2) https://doi.org/10.64388/IREV8I2-1713553