CBN
Cyber Security Levy: CBN orders banks, PSPs to begin collection and remittance
The Central Bank of Nigeria (CBN) has ordered banks to enact the process of deduction of cyber security levy to be administered by the office of the National Security Adviser (NSA).
This was disclosed in a circular to different categories of banks, mobile money operators, payment service providers and others signed by the apex bank’s Director of payments system management, Chibuzor Efobi and Director of financial policy and regulation, Haruna .B. Mustafa.
According to the statement, the deduction and collection of the cyber security levy is sequel to the enactment of the 2024 cyber crime (prohibition, prevention etc) amendment Act of 2024 which provides for a 0.5% deduction of the value of all electronic transactions to the National Cyber Security Fund which would be administered by the office of the NSA.
Furthermore, the circular noted that the deduction would be described as Cyber security levy and the relevant financial institutions should begin deduction in two weeks following the secular.
It stated,
“Following the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and pursuant to the provision of Section 44 (2)(a) of the Act, a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the Second Schedule of the Act, is to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA).”
“Accordingly, all Banks, Other Financial Institutions and Payments Service Providers are hereby required to implement the above provision of the Act as follows:”
“Calculate the levy based on the total electronic transfer origination, then deducted and remitted by the financial institution.”
“The deducted amount shall be reflected in the customer’s account with the narration: ‘Cybersecurity Levy’.”
Penalty for non-compliance
Also, the apex banks warned that the penalty for defaulting is as prescribed in the amended Cyber Crime Prohibition and Prevention Act which is liable to a fine amounting to no less that 2% of the turnover of the defaulting business and others.
“Penalties for Non-compliance Section 44 (8) of the Act prescribes that failure to remit the levy is an offence and is liable on conviction to a fine of not less than 2% of the annual turnover of the defaulting business, amongst others.”
What this means
The Central Bank of Nigeria’s recent mandate for financial institutions to implement a cybersecurity levy represents a significant shift in the regulatory landscape of Nigeria’s digital economy.
- As per the directive, banks, mobile money operators, and payment service providers are required to deduct 0.5% from the value of all electronic transactions, funneling these funds into the National Cyber Security Fund.
- Managed by the Office of the National Security Adviser, this fund is designed to bolster the country’s defenses against cyber threats, which are increasingly prevalent in our interconnected digital world.
- This move underscores the government’s commitment to safeguarding digital assets and maintaining the integrity of financial transactions against potential cybercrimes.
However, this new levy also poses challenges and implications for consumers and businesses alike.
- For everyday users, the additional charge on transactions might raise concerns about the rising cost of digital services, potentially impacting consumer behavior and digital adoption rates.
- On the business side, companies are compelled to adjust their financial strategies to accommodate the levy, ensuring compliance while managing their operational costs.
- The stringent penalty for non-compliance—amounting to no less than 2% of the annual turnover for defaulting entities—further emphasizes the critical nature of this initiative.
- As this policy takes effect, its execution and the stakeholders’ adaptation will likely influence the broader trajectory of Nigeria’s digital finance ecosystem.
