The Central Bank of Nigeria (CBN) on Monday directed commercial banks to charge 0.5 percent cybersecurity levy on electronic transactions.
The announcement by the CBN through a circular jointly signed by Chibuzor Efobi, director of payments system management, and Haruna Mustafa, director of financial policy and regulation, has stirred debate among stakeholders in the financial industry and the general public.
What is cybersecurity?
Cybersecurity refers to the practice of protecting computer systems, networks, programmes, and data from digital attacks, unauthorised access, damage, or theft. It encompasses various technologies, processes, and practices designed to safeguard information and ensure the confidentiality, integrity, and availability of data.
Is cybersecurity levy new in Nigeria?
The cybersecurity levy is not new. It was in the Cybercrime Act 2015. In the 2015 version of the levy, it was imposed specifically on businesses deemed capable of handling the financial burden, such as banks, other financial institutions, listed companies, and telecommunications companies. Moreover, this levy was voluntary and offered as a tax deduction. However, with the recent 2024 amendment, which hasn’t been officially disclosed to the public, the levy’s scope has broadened significantly. It appears that the levy now applies to all businesses, regardless of their size or financial capability.
What does the Act 2015 say about cybercrime levy?
The Act establishes a fund known as the National Cybersecurity Fund, referred to as “The Fund.” Under the provisions of the Act, various sources contribute to the Fund, which is held in the Central Bank of Nigeria. These include a levy imposed on specific businesses engaged in electronic transactions, grants from donor agencies, contributions from individuals and organizations, appropriations by the National Assembly, and other accruing assets.
The Act also ensures that all funds channelled into the National Cybersecurity Fund are exempted from income tax, encouraging contributions from stakeholders. Additionally, contributions made to the Fund are tax-deductible, providing further incentive for participation.
Businesses identified under the Act are required to remit the levy—set at 0.005 percent of electronic transactions—directly into the Fund within a stipulated period of 30 days. This direct contribution mechanism aims to streamline the funding process and ensure timely resource allocation.
Moreover, the Act stipulates that a portion of the Fund, not exceeding 40 percent, maybe allocated towards programmes addressing the pressing issue of countering violent extremism (CVE).
What does the CBN say?
“Following the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and under the provision of Section 44 (2)(a) of the Act, “a levy of 0.5 percent (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the second schedule of the Act, is to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA),” CBN said.
“Deductions shall commence within two weeks from the date of this circular for all financial institutions and the monthly remittance of the levies collected in bulk to the NCF account domiciled at the CBN by the 5th business day of every subsequent month.”
The CBN said non-compliance with levy remittance constitutes an offence, subject to penalties including a fine of not less than two percent of the defaulting business’s annual turnover, among other consequences.
“Finally, all institutions under the regulatory purview of the CBN are hereby directed to note and comply with the provisions of the Act and this circular,” the CBN said.
Banking transactions exempted
There are about 16 items exempted from cybersecurity levy based on the 2024 Act. These include loan disbursements and repayments, salary payments, intra-account transfers within the same bank or between different banks for the same customer, and intra-bank transfers between customers of the same bank.
Other financial institutions instructions to their correspondent banks, interbank placements, banks’ transfers to CBN and vice-versa, inter-branch transfers within a bank, cheque clearing and settlements, letters of credits, banks’ recapitalisation-related funding – only bulk funds movement from collection accounts
Savings and deposits, including transactions that involve long-term investments like treasury bills, bonds, and commercial papers.
Government social welfare programmes transactions e.g. pension payments, non-profit and charitable transactions, including donations to registered non-profit organisations or charities
Educational institutions’ transactions, including tuition payments and other transactions involving schools, universities, or other educational institutions
Transactions involving the bank’s internal accounts such as suspense accounts, clearing accounts, profit and loss accounts, inter-branch accounts, reserve accounts, nostro and vostro accounts, and escrow accounts.
