The Central Bank of Nigeria (CBN) has recently issued a directive to all financial institutions in the country to commence the deduction of a cybersecurity levy. This move is part of a broader effort to bolster the nation’s cybersecurity infrastructure.
Below, we answer some of the most frequently asked questions regarding this new directive.
What is the Cybersecurity Levy?
The cybersecurity levy is a charge imposed by the CBN on all electronic transactions. The levy is set at 0.5% of the value of each transaction. This means that for every transaction made, a small percentage is taken as a contribution to the National Cybersecurity Fund.
Who is Affected by the Levy?
The levy affects all financial institutions, including:
- Commercial banks
- Merchant banks
- Non-interest banks
- Payment service banks
- Other Financial Institutions (OFIs)
- Mobile money operators
- Payment service providers
When Will the Deduction of the Cybersecurity Levy Begin?
The deduction of the cybersecurity levy is scheduled to begin on May 20, 2024.
How Will the Levy Be Implemented?
The levy will be applied at the point of electronic transfer origination. It will then be deducted and remitted by the financial institution. The deducted amount will be reflected in the customer’s account with the narration, ‘Cybersecurity Levy’.
What Transactions Are Exempt from the Levy?
Certain transactions are exempt from the cybersecurity levy, including:
- Loan disbursements and repayments
- Salary payments
- Intra-account transfers within the same bank
- Intra-bank transfers between customers of the same bank
- Inter-branch transfers within a bank
- Cheque clearing and settlements
- Letters of Credit
- Banks’ recapitalization-related funding
What is the Purpose of the Cybersecurity Levy?
The purpose of the cybersecurity levy is to fund the National Cybersecurity Fund, which is administered by the Office of the National Security Adviser (ONSA). The fund is intended to support the nation’s cybersecurity initiatives and infrastructure.
What Happens if Financial Institutions Do Not Comply?
Financial institutions that fail to comply with the directive to deduct and remit the cybersecurity levy will face a penalty. The penalty is set at 2% of the annual turnover of the institution.
Summary Table
| Question | Answer |
|---|---|
| What is the Cybersecurity Levy? | A 0.5% charge on all electronic transactions. |
| Who is affected? | All financial institutions and payment service providers. |
| When does it start? | May 20, 2024. |
| How is it implemented? | Deducted at the point of transfer and reflected as ‘Cybersecurity Levy’. |
| What transactions are exempt? | Loan repayments, salary payments, intra-account transfers, etc. |
| What is the purpose? | To fund the National Cybersecurity Fund. |
| Non-compliance penalty? | 2% of the annual turnover. |
For more detailed information, please refer to the official CBN circular here.
