The Central Bank of Nigeria, CBN, has reduced the cybersecurity levy on electronic transactions to 0.005%, down from the initial 0.5% announced in May.
This reduction follows significant backlash from financial institutions and the public after the original levy was introduced. The updated levy is outlined in the CBN’s Monetary, Credit, Foreign Trade, and Exchange Policy Guidelines for the fiscal years 2024-2025.
The CBN clarified that this levy is mandated by the Cybercrime (Prohibition, Prevention, etc.) Act, 2015, and aims to curb rising cybercrime threats in the financial sector. Banks, Payment Service Providers and Other Financial Institutions must comply with the CBN’s risk-based cybersecurity framework, which includes appointing a Chief Information Security Officer to oversee cybersecurity management.
The guidelines set a minimum cybersecurity baseline for financial institutions, ensuring they implement proper measures to safeguard against cyber threats. Despite the controversy surrounding the original rate, the reduced levy is expected to alleviate concerns while still addressing the growing need for cybersecurity in Nigeria’s financial systems.
However, several types of transactions are exempted from this levy. These include, loan disbursements and repayments, salary payments, intra-account transfers (within the same bank or between banks for the same customer), interbank placements and inter-branch transfers within a bank, government social welfare programs (e.g., pension payments), non-profit and charitable transactions, educational institution transactions (e.g., tuition payments), transactions involving banks’ internal accounts (such as reserve accounts, nostro/vostro accounts, and escrow accounts), long-term investment transactions, such as treasury bills, bonds, and commercial papers.
READ ALSO : CBN warns against potential risk of fuel subsidy removal
This exemption list aims to ensure that critical financial services and charitable activities remain unaffected by the levy while enhancing cybersecurity across Nigeria’s financial system.
CBN issued a warning that failure to remit the mandated cybersecurity levy, as outlined in Section 44 (8) of the Cybercrime (Prohibition, Prevention, etc.) (Amendment) Act 2024, is considered an offence. Businesses found guilty could face a fine of not less than 2% of their annual turnover.
Significant backlash from the Organised Private Sector, stakeholders, and the general public led to the withdrawal of the initial 0.5% levy on all electronic transactions. This decision was announced on May 19, 2024, following intense opposition to the high rate. The CBN conveyed the withdrawal in a circular dated May 17, 2024, addressed to all commercial banks, merchant banks, payment service providers, and other financial institutions.
The withdrawal notice was jointly signed by Chibuzo Efobi, Director of the Payments System Management Department, and Haruna Mustafa, Director of the Financial Policy and Regulation Department. The brief message confirmed that the controversial May 6 circular had been retracted, and institutions were advised to comply accordingly.
The levy which has now been revised to 0.005%, is now in effect as part of the CBN’s broader strategy to enhance cybersecurity across Nigeria’s financial sector while addressing concerns raised during the earlier pushback.
Credible News.ng