NNPC logo NNPC Liquidity Tower Sign in

Security & Governance

Assurance-first controls for every treasury operation.

A multi-layer institutional defence architecture spanning identity, request integrity, transaction governance, and audit observability — designed to meet the most demanding enterprise risk and compliance standards.

Access Control Tower Review Execution Workflow
5Governance control domains
100%Action audit coverage
ZeroUnauthorised execution target
Security and governance leadership

Governance stack designed for regulator and board-level scrutiny

Identity Access Policy Audit Continuity
Control Domains

Five defence layers protecting every treasury action

Each domain addresses a specific risk surface — working together to create a comprehensive, overlapping defence architecture with no single points of failure.

Identity and access management

Identity & Access Management

Multi-factor authentication, session hardening, RBAC permission scopes, and IP reputation filtering — ensuring only authorised principals access treasury functions with appropriate privileges.

  • MFA enforcement for all treasury users
  • Role-based permission scoping
  • Session timeout and re-authentication
  • IP allowlisting and reputation checks
Transaction governance and approval controls

Transaction Governance

Mandate-bound approval chains, four-eyes enforcement, and delegation controls that prevent any single operator from unilaterally executing treasury movements beyond their authorised scope.

  • Tiered approval with mandate enforcement
  • Four-eyes separation by value and type
  • Time-bound escalation with hard deadlines
  • Delegation expiry and limit controls
Audit and observability framework

Audit & Observability

A tamper-resistant event ledger capturing every action, every decision, and every access event with full identity and context — structured for both internal review and external audit assurance.

  • Immutable action event timeline
  • Decision context and justification storage
  • Structured audit pack export
  • Real-time governance monitoring dashboard
Global governance collaboration

Governance that scales with enterprise complexity

Controls are mapped to operational reality so teams can maintain speed while preserving assurance quality as volume, entities, and oversight demands grow.

  • Assurance visibility from boardroom to operations desk
  • Standardized evidence quality across every action class
  • Policy alignment for both internal and external review
Security Architecture

Technical defences at every system layer

Beyond policy controls, the platform implements technical security measures at the infrastructure, application, and data levels to eliminate exploitable vulnerabilities.

A

Request & Input Integrity

Every inbound request is validated for authenticity, origin, and content before processing. Injection, forgery, and tampering attacks are structurally prevented.

  • CSRF token validation on all state changes
  • Input sanitisation and strict type validation
  • Content Security Policy header enforcement
  • Rate limiting on sensitive auth endpoints
  • SQL injection prevention via parameterised queries
B

Data Integrity & Encryption

Sensitive data is encrypted at rest and in transit. Credential storage follows bcrypt hashing standards, and all platform communications are enforced over TLS.

  • bcrypt password hashing with adequate cost factor
  • TLS 1.2+ enforced for all connections
  • Encrypted credential and token storage
  • Secure key management practices
C

Session & Continuity Controls

Session lifecycle is actively managed — with enforced timeouts, re-authentication gates, and anomalous session detection to prevent hijacking and unauthorised continuation.

  • Absolute and idle session timeout enforcement
  • Session token rotation after authentication
  • Concurrent session conflict detection
  • Graceful re-authentication flow for sensitive operations

Aligned with regulatory and standards frameworks:

CBN Risk Management ISO 27001 Principles OWASP Top 10 COSO Internal Control NNPC Compliance Policy PCI-DSS Aligned
"Security is not a feature layer — it is the operating foundation. Every control on this platform exists by design, not by addition."
NNPC Liquidity Tower — Security & Governance Architecture

Governance you can demonstrate to any auditor

The platform is designed so that every control can be evidenced on demand — from access logs to approval chains to execution records — without bespoke extraction effort.

Enter Control Tower Request Governance Briefing