PenCom raises digital security for pension documents
PenCom
Nike Popoola
The National Pension Commission (PenCom) has introduced stricter requirements for the execution and protection of electronic documents in Nigeria’s pension industry, directing Pension Fund Administrators (PFAs) and Pension Fund Custodians (PFCs) to adopt stronger digital security measures to safeguard records against fraud and tampering.
According to a circular signed by the Director of the Surveillance Department, A. M. Saleem, electronically signed documents must be automatically locked immediately after execution using a cryptographic hash to prevent any subsequent alteration.
The Commission stated that the new framework is designed to strengthen the integrity, authenticity and security of electronic transactions within the Contributory Pension Scheme (CPS), while enhancing confidence in digital processes across the industry.
Under the new requirements, every electronic signing event must generate a comprehensive audit trail. The audit log is expected to capture the precise Internet Protocol (IP) address of the signer, the exact date and time of execution, the device identifier used for the transaction, as well as the One-Time Password (OTP) logs associated with the signing process.
PenCom said the detailed audit records would improve transparency and accountability by providing verifiable evidence of every electronic transaction, making it easier to investigate disputes and detect any attempted manipulation of pension records.
The regulator noted that the mandatory use of cryptographic hashing would ensure that once a document has been signed, any attempt to modify its contents would immediately become evident, thereby protecting the integrity of pension-related documents throughout their lifecycle.
Industry observers believe the enhanced security requirements align with global best practices in digital governance and cybersecurity, particularly as the pension industry increasingly relies on electronic platforms to deliver services to Retirement Savings Account holders.
The Commission further directed operators to ensure full compliance with the new requirements before the implementation date.
According to the circular, the directive will take effect from January 1, 2027.
PenCom also advised stakeholders seeking clarification on the implementation of the circular to direct their enquiries to the Director of the Surveillance Department.
The new guidelines form part of the Commission’s broader efforts to strengthen operational resilience, improve digital trust and protect contributors’ data as technology continues to play a central role in the administration of Nigeria’s pension system.
