The Central Bank of Nigeria (CBN) has directed all financial institutions in the country to begin the deduction of cybersecurity levy on all electronic transactions effective May 20, 2024, six years after it first issued the directive.
The deductions were to be remitted to the National Security Fund, which is being administered by the Office of the National Security Adviser (ONSA).
The deductions were to be effected on all electronic transactions consummated through commercial banks, merchant banks, non-interest banks, payment system banks, Other Financial Institutions (OFIs) mobile money operators and payment service providers. Failure to comply and remit within the stipulated timeframe will lead to a penalty of two per cent of the annual turnover of the institution.
On June 25, 2018, the apex bank had released guidelines for the collection of a 0.005 per cent levy on electronic transactions for the National Cybersecurity Fund, directing that the levy will take effect from 1st of July 2018. The directive however did not take off.
Consequently, in a circular dated May 6, 2024 and jointly signed by the CBN director of payments systems management, Chibuzor Efobi and Director, Financial Policy and Regulation, Haruna Mustafa, the CBN directed that banks in the country begin the deductions for onward remittance.
According to the circular, following the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and pursuant to the provision of Section 44 (2)(a) of the Act, “a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the Second Schedule of the Act”, is to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA).
“Accordingly, all Banks, Other Financial Institutions and Payments Service Providers are hereby required to implement the above provision of the Act as follows: The levy shall be applied at the point of electronic transfer origination, then deducted and remitted by the financial institution.
“The deducted amount shall be reflected in the customer’s account with the narration: “Cybersecurity Levy”. Deductions shall commence within two (2) weeks from the date of this circular for all financial institutions and the monthly remittance of the levies collected in bulk to the NCF account domiciled at the CBN by the 5th business day of every subsequent month.
“System reconfigurations towards ensuring complete and timely submission of remittance files to the Nigeria Interbank Settlement System (NIBSS) Plc shall be completed within four weeks of this circular – Commercial, Merchant, Non- Interest and Payment Service Banks; and Mobile Money Operators.
“Within eight weeks of this circular – all Other Financial Institutions (Microfinance banks, Primary Mortgage banks, Development Finance Institutions). Exemptions – To avoid multiple application of the levy on the same transaction/transfer, Appendix 1 (attached) captures transactions currently deemed eligible and are exempted from the application of the levy.
“Section 44 (8) of the Act prescribes that failure to remit the levy is an offence and is liable on conviction to a fine of not less than two per cent of the annual turnover of the defaulting business, amongst others.”