CBN Tells Banks, PSPs To Begin Cyber Security Levy Collection

Tinubu Orders Osayande To Investigate CBN, Related Affairs

Banks are required by the Central Bank of Nigeria (CBN) to implement the cyber security levy deduction procedure, which will be overseen by the National Security Adviser’s (NSA) office.

The apex bank’s directors of payments system management, Chibuzor Efobi, and financial policy and regulation, Haruna.B. Mustafa, revealed this in a circular to various types of banks, mobile money operators, payment service providers, and others.

A 0.5% deduction of the value of all electronic transactions to the National Cyber Security Fund, which would be administered, is provided by the 2024 cyber crime (prohibition, prevention, etc.) amendment Act of 2024, which is the reason for the deduction and collection of the cyber security levy, according to the statement.Furthermore, the circular noted that the deduction would be described as Cyber security levy and the relevant financial institutions should begin deduction in two weeks following the secular. 

It stated,

“Following the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and pursuant to the provision of Section 44 (2)(a) of the Act, a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the Second Schedule of the Act, is to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA).”

“Accordingly, all Banks, Other Financial Institutions and Payments Service Providers are hereby required to implement the above provision of the Act as follows:”

“Calculate the levy based on the total electronic transfer origination, then deducted and remitted by the financial institution.”

“The deducted amount shall be reflected in the customer’s account with the narration: ‘Cybersecurity Levy’.”

Penalty for non-compliance 

Also, the apex banks warned that the penalty for defaulting is as prescribed in the amended Cyber Crime Prohibition and Prevention Act which is liable to a fine amounting to no less that 2% of the turnover of the defaulting business and others.  

“Penalties for Non-compliance Section 44 (8) of the Act prescribes that failure to remit the levy is an offence and is liable on conviction to a fine of not less than 2% of the annual turnover of the defaulting business, amongst others.” 

What this means

The Central Bank of Nigeria’s recent mandate for financial institutions to implement a cybersecurity levy represents a significant shift in the regulatory landscape of Nigeria’s digital economy.

  • As per the directive, banks, mobile money operators, and payment service providers are required to deduct 0.5% from the value of all electronic transactions, funneling these funds into the National Cyber Security Fund.
  • Managed by the Office of the National Security Adviser, this fund is designed to bolster the country’s defenses against cyber threats, which are increasingly prevalent in our interconnected digital world.
  • This move underscores the government’s commitment to safeguarding digital assets and maintaining the integrity of financial transactions against potential cybercrimes.

However, this new levy also poses challenges and implications for consumers and businesses alike.

  • For everyday users, the additional charge on transactions might raise concerns about the rising cost of digital services, potentially impacting consumer behavior and digital adoption rates.
  • On the business side, companies are compelled to adjust their financial strategies to accommodate the levy, ensuring compliance while managing their operational costs.
  • The stringent penalty for non-compliance—amounting to no less than 2% of the annual turnover for defaulting entities—further emphasizes the critical nature of this initiative.
  • As this policy takes effect, its execution and the stakeholders’ adaptation will likely influence the broader trajectory of Nigeria’s digital finance ecosystem.