The Central Bank of Nigeria (CBN) has issued a directive to all financial institutions in the country to commence the deduction of cybersecurity levy on all electronic transactions, effective May 20, 2024, after a delay of six years since the initial directive.
The levy deductions are to be remitted to the National Security Fund, overseen by the Office of the National Security Adviser (ONSA).
This directive encompasses electronic transactions conducted through various financial channels, including commercial banks, merchant banks, non-interest banks, payment system banks, Other Financial Institutions (OFIs), mobile money operators, and payment service providers.
Failure to comply with the directive and remit the levy within the specified timeframe will result in a penalty of two per cent of the institution’s annual turnover.
The CBN had initially released guidelines for the collection of a 0.005 per cent levy on electronic transactions for the National Cybersecurity Fund on June 25, 2018. However, the implementation of this levy did not take off as planned.
In a circular jointly signed by Chibuzor Efobi, Director of Payments Systems Management, and Haruna Mustafa, Director of Financial Policy and Regulation, the CBN directed banks to initiate the deductions for onward remittance.
The circular cited the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 as the basis for this directive. Pursuant to the provisions of Section 44 (2)(a) of the Act, financial institutions are required to remit a levy of 0.5% (0.005) equivalent to half a percent of all electronic transactions’ value to the National Cybersecurity Fund (NCF).
According to the circular, failure to comply with the directive and remit the levy within the specified timeframe will result in a penalty of two per cent of the institution’s annual turnover.
The CBN had initially released guidelines for the collection of a 0.005 per cent levy on electronic transactions for the National Cybersecurity Fund on June 25, 2018. However, the implementation of this levy did not take off as planned.
In a circular jointly signed by Chibuzor Efobi, Director of Payments Systems Management, and Haruna Mustafa, Director of Financial Policy and Regulation, the CBN directed banks to initiate the deductions for onward remittance.
The circular cited the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 as the basis for this directive. Pursuant to the provisions of Section 44 (2)(a) of the Act, financial institutions are required to remit a levy of 0.5% (0.005) equivalent to half a percent of all electronic transactions’ value to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA).
It reads partly: “Accordingly, all Banks, Other Financial Institutions and Payments Service Providers are hereby required to implement the above provision of the Act as follows: The levy shall be applied at the point of electronic transfer origination, then deducted and remitted by the financial institution.
“The deducted amount shall be reflected in the customer’s account with the narration: “Cybersecurity Levy”. Deductions shall commence within two (2) weeks from the date of this circular for all financial institutions and the monthly remittance of the levies collected in bulk to the NCF account domiciled at the CBN by the 5th business day of every subsequent month.
“System reconfigurations towards ensuring complete and timely submission of remittance files to the Nigeria Interbank Settlement System (NIBSS) Plc shall be completed within four weeks of this circular – Commercial, Merchant, Non- Interest and Payment Service Banks; and Mobile Money Operators.
“Within eight weeks of this circular – all Other Financial Institutions (Microfinance banks, Primary Mortgage banks, Development Finance Institutions). Exemptions – To avoid multiple application of the levy on the same transaction/transfer, Appendix 1 (attached) captures transactions currently deemed eligible and are exempted from the application of the levy.
“Section 44 (8) of the Act prescribes that failure to remit the levy is an offence and is liable on conviction to a fine of not less than two per cent of the annual turnover of the defaulting business, amongst others.”
