The Central Bank of Nigeria (CBN) has ordered banks operating in the country to start charging a cybersecurity levy on transactions that will be remitted to and administered by the office of the National Security Adviser (NSA).
The NSA is Mr. Nuhu Ribadu, first Chairman of the Economic and Financial Crimes Commission (EFCC).
Active bank accounts in Nigeria increased to 151 million in December 2022, according to data from the Nigeria Inter-Bank Settlement System Plc (NIBSS) earlier this year.
A CBN circular on Monday said the implementation of the levy would start two weeks time.
This new directive is coming barely a week after the Federal Government directed Deposit Money Banks to deduct 0.375 per cent stamp duty charge on all mortgaged-backed loans and bonds.
Signed by the apex bank’s Director of payments system management, Chibuzor Efobi and Director of financial policy and regulation, Haruna .B. Mustafa, the new memo was addressed to different categories of banks, mobile money operators, payment service providers and others.
The memo said the deduction and collection of the cyber security levy was sequel to the enactment of the 2024 cyber crime (prohibition, prevention etc) amendment Act of 2024 which provides for a 0.5% deduction of the value of all electronic transactions to the National Cyber Security Fund which would be administered by the office of the NSA.
It stated: “Following the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and pursuant to the provision of Section 44 (2)(a) of the Act, a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the Second Schedule of the Act, is to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA).”
“Accordingly, all Banks, Other Financial Institutions and Payments Service Providers are hereby required to implement the above provision of the Act as follows:
“Calculate the levy based on the total electronic transfer origination, then deducted and remitted by the financial institution.”
“The deducted amount shall be reflected in the customer’s account with the narration: ‘Cybersecurity Levy’.”
It added: “Penalties for Non-compliance Section 44 (8) of the Act prescribes that failure to remit the levy is an offence and is liable on conviction to a fine of not less than 2% of the annual turnover of the defaulting business, amongst others.”
The CBN said that all banks, other financial institutions and payment service providers are now required to implement the directive, saying, “The levy shall be applied at the point of electronic transfer origination, then deducted and remitted by the financial institution. The deducted amount shall be reflected in the customer’s account with the narration, ‘Cybersecurity Levy’.
“Deductions shall commence within two weeks from the date of this circular for all financial institutions and the monthly remittance of the levies collected in bulk to the NCF account domiciled at the CBN by the fifth business day of every subsequent month.”
Exempted from the levy are: Loan disbursements and repayments, salary payments, intra-account transfers within the same bank or between different banks for the same customer, intra-bank transfers between customers of the same bank.
Also exempted from the levy were inter-branch transfers within a bank, cheque clearing and settlements, Letters of Credits, Banks’ recapitalisation-related funding only bulk funds movement from collection accounts, savings and deposits including transactions involving long-term investments, among others.
