On May 6, 2024, the Central Bank of Nigeria (CBN) ordered banks to begin the process of deducting cybersecurity levy which will be administered by the Office of the National Security Adviser (NSA).
This was disclosed in a circular to different categories of banks, mobile money operators, payment service providers and others signed by the apex bank’s Director of Payments Systems Management, Chibuzor Efobi, and Director of Financial Policy and Regulation, Haruna B. Mustafa.
According to the circular, the deduction and collection of the cyber security levy is sequel to the enactment of the 2024 Cybercrime (prohibition, prevention etc) Amendment Act of 2024, which provides for a 0.5% deduction of the value of all electronic transactions to the National Cyber Security Fund, which would be administered by the office of the NSA.
Furthermore, the circular noted that the deduction would be described as Cybersecurity Levy and the relevant financial institutions should begin deduction in two weeks following the secular.
It stated,
- “Following the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and pursuant to the provision of Section 44 (2)(a) of the Act, a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the Second Schedule of the Act, is to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA).”
- “Accordingly, all Banks, Other Financial Institutions and Payments Service Providers are hereby required to implement the above provision of the Act as follows:”
- “Calculate the levy based on the total electronic transfer origination, then deducted and remitted by the financial institution.”
- “The deducted amount shall be reflected in the customer’s account with the narration: ‘Cybersecurity Levy’.”
Origin of the confusion on the levy
With the announcement of the levy, some Nigerians are wondering whether the rate to be deducted is 0.005% or 0.5%.
The confusion is due to the provisions of the repealed Cybercrimes (prohibition, prevention, etc) Act, 2015 as well as a 2018 CBN circular, which stated the rate as 0.005%.
Also, Section 44 (2) (a) of the repealed act noted “a levy of 0.005 of all electronic transactions by the businesses specified in the second schedule of this act”, which is expected to be credited into the “National Cyber security Fund”.
In a 2018 CBN circular in March 2018, the apex bank said “all banks are hereby directed to comply with the statutory provision for the collection and remittance of the 0.005% levy on all electronic transactions by the businesses specified in the second schedule of the Cybercrime (Prohibition, Prevention, etc.) Act.”
However, in a follow-up circular in June 2018, the CBN excluded the % and stated that “the levy shall be 0.005 of the service charge (exclusive of all tax effects) from all electronic financial transactions occurring in a bank, a mobile money scheme or other payment platforms.”
What changed?
The 2015 Act is currently being replaced by the Cybercrimes (prohibition, prevention, etc) (Amendment) Act, 2024.
In the new act, the provisions of Section 44 of the principal act were amended, nullifying the previous regulation.
The new provision states clearly “a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value” to be made by “the business specified in the Second Schedule to this Act.”
The amended act did not only state the decimal value of the levy (0.005) like the previous one, but it also introduced the percentage equivalent (0.5%) of the levy. Therefore, the levy is not 0.005% but 0.5%.
Nairametrics earlier reported that the National Security Adviser, Mr. Nuhu Ribadu, had said that the Federal Government was putting measures in place to amend the 2015 Cybercrimes Act to cater to issues emanating from emerging technologies such as AI. Ribadu also directed full implementation of the Cybercrimes (Prohibition, Prevention, Etc) Amendment Act 2024.
However, the CBN also noted that there are 16 banking transactions exempted from the new cybersecurity levy, including loan disbursements repayments and salary payments, among others.
Speaking with Nairametrics, a legal practitioner based in Abuja, Damilola Victoria Alabi, said:
- “A cursory look at the introductory paragraph of the CBN memo reveals that the conversation on the imposition of a ‘cybersecurity levy by banks on the instruction of Nigeria’s apex bank’ is not a new conversation.
- “The conversation dates back to as far as 2018. While there are several issues to unpack as to the legality or otherwise of this imposition, whether the CBN is acting within its statutory mandate and in fact whether the office of the National Security Adviser has now become a ‘revenue generating body’, the major concern for me as a legal practitioner is how ignorant we are about the existence of certain laws and regulations.
- “If the recent expression of displeasure about the now reintroduced cybersecurity levy had not occurred, most Nigerians may have, in fact. been unaware that the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 had in fact happened.”
She further noted the complications around the exemptions, saying:
- “Number 2 on the list of exemptions in Appendix 1 of the memo excludes salary payments from the application of this deduction.
- “How will this be adapted to suit informal sector workers who earn wages and not salaries, especially for a country that has a huge percentage of its populace in the informal sector? Are initiators of electronic transfers now required to tag any money they desire to transfer to which they do not wish to pay the levy as ‘salary payment’?”