The Central Bank of Nigeria (CBN) has directed banks, mobile money operators, payment service providers, and other financial institutions to initiate the process of deducting a cybersecurity levy following the enactment of the Cybercrime (Prohibition, Prevention, etc) Amendment Act of 2024.
In a circular issued on May 6, 2024, signed by the apex bank’s Director of Payments Systems Management, Chibuzor Efobi, and Director of Financial Policy and Regulation, Haruna B. Mustafa, the CBN outlined the procedures for the deduction and collection of the levy, which is set at 0.5% of the value of all electronic transactions.
According to the circular, the cybersecurity levy, aimed at bolstering the National Cyber Security Fund administered by the Office of the National Security Adviser (ONSA), is to be deducted and remitted by financial institutions within two weeks of the circular’s issuance.
Chibuzor Efobi and Haruna B. Mustafa stated in the circular: “Calculate the levy based on the total electronic transfer origination, then deducted and remitted by the financial institution. The deducted amount shall be reflected in the customer’s account with the narration: ‘Cybersecurity Levy’.”
However, the implementation of the levy has sparked confusion among Nigerians regarding the correct percentage to be deducted. This confusion arises from conflicting information provided in the repealed Cybercrimes (Prohibition, Prevention, etc) Act, 2015, and subsequent CBN circulars.
A legal practitioner, Damilola Victoria Alabi, highlighted the need for clarity, stating, “The major concern for me as a legal practitioner is how ignorant we are about the existence of certain laws and regulations.”
Furthermore, the amendment to the Cybercrime Act in 2024 revised the levy percentage to 0.5%, as opposed to the previously stated 0.005%. Despite this amendment, questions remain regarding the adaptation of exemptions, particularly for workers in the informal sector.
The cybersecurity levy exempts certain transactions, including loan disbursements, repayments, and salary payments. However, the practical implications of these exemptions, especially for informal sector workers, remain unclear.
As the implementation of the cybersecurity levy unfolds, stakeholders await further clarification and guidance from regulatory authorities to ensure compliance and address lingering concerns within the financial ecosystem.