On May 6, 2024, the Central Bank of Nigeria (CBN) issued a directive for banks and other financial institutions to start deducting a cybersecurity levy, as stated in a circular by the CBN’s directors.
The levy, set at 0.5% of the value of all electronic transactions, was introduced under the newly enacted 2024 Cybercrime (Prohibition, Prevention, etc.) Amendment Act, intended to fund national cybersecurity efforts managed by the Office of the National Security Adviser.
The implementation has confused the public due to a discrepancy in the percentage rate between the former and the new act, sparking discussions on the need for clearer communication and possible revisitation of the legislation.
This was disclosed in a circular to different categories of banks, mobile money operators, payment service providers, and others signed by the apex bank’s Director of Payments Systems Management, Chibuzor Efobi, and Director of Financial Policy and Regulation, Haruna B. Mustafa.
According to the circular, the deduction and collection of the cyber security levy is the sequel to the enactment of the 2024 Cybercrime (prohibition, prevention, etc) Amendment Act of 2024, which provides for a 0.5% deduction of the value of all electronic transactions to the National Cyber Security Fund, which would be administered by the office of the NSA.
Furthermore, the circular noted that the deduction would be described as Cybersecurity Levy and the relevant financial institutions should begin deduction in two weeks following the secular.
It stated,
“Following the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and pursuant to the provision of Section 44 (2)(a) of the Act, a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the Second Schedule of the Act, is to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA).”
“Accordingly, all Banks, Other Financial Institutions and Payments Service Providers are hereby required to implement the above provision of the Act as follows:”
“Calculate the levy based on the total electronic transfer origination, then deducted and remitted by the financial institution.”
“The deducted amount shall be reflected in the customer’s account with the narration: ‘Cybersecurity Levy’.”
Origin of the confusion on the levy
With the announcement of the levy, some Nigerians are wondering whether the rate to be deducted is 0.005% or 0.5%.
The confusion is due to the provisions of the repealed Cybercrimes (prohibition, prevention, etc) Act, 2015 as well as a 2018 CBN circular, which stated the rate as 0.005%.
Also, Section 44 (2) (a) of the repealed act noted “a levy of 0.005 of all electronic transactions by the businesses specified in the second schedule of this act”, which is expected to be credited into the “National Cyber Security Fund”.
In a 2018 CBN circular in March 2018, the apex bank said “All banks are hereby directed to comply with the statutory provision for the collection and remittance of the 0.005% levy on all electronic transactions by the businesses specified in the second schedule of the Cybercrime (Prohibition, Prevention, etc.) Act.”
However, in a follow-up circular in June 2018, the CBN excluded the % and stated that “the levy shall be 0.005 of the service charge (exclusive of all tax effects) from all electronic financial transactions occurring in a bank, a mobile money scheme or other payment platforms.”
What changed?
The 2015 Act is currently being replaced by the Cybercrimes (prohibition, prevention, etc) (Amendment) Act, 2024.
In the new act, the provisions of Section 44 of the principal act were amended, nullifying the previous regulation.
The new provision states clearly “a levy of 0.5% (0.005) equivalent to a half per cent of all electronic transactions value” to be made by “the business specified in the Second Schedule to this Act.”
The amended act did not only state the decimal value of the levy (0.005) like the previous one, but it also introduced the percentage equivalent (0.5%) of the levy. Therefore, the levy is not 0.005% but 0.5%.
What they are saying
Speaking with Nairametrics, a legal practitioner based in Abuja, Damilola Victoria Alabi, said:
“A cursory look at the introductory paragraph of the CBN memo reveals that the conversation on the imposition of a ‘cybersecurity levy by banks on the instruction of Nigeria’s apex bank’ is not a new conversation.
“The conversation dates back to as far as 2018. While there are several issues to unpack as to the legality or otherwise of this imposition, whether the CBN is acting within its statutory mandate and in fact whether the office of the National Security Adviser has now become a ‘revenue generating body’, the major concern for me as a legal practitioner is how ignorant we are about the existence of certain laws and regulations.
“If the recent expression of displeasure about the now reintroduced cybersecurity levy had not occurred, most Nigerians may have, in fact. been unaware that the Cybercrime (Prohibition, Prevention, etc) (Amendment) Act 2024 had in fact happened.”
She further noted the complications around the exemptions, saying:
“Number 2 on the list of exemptions in Appendix 1 of the memo excludes salary payments from the application of this deduction.
“How will this be adapted to suit informal sector workers who earn wages and not salaries, especially for a country that has a huge percentage of its populace in the informal sector? Are initiators of electronic transfers now required to tag any money they desire to transfer to which they do not wish to pay the levy as ‘salary payment’?”
Meanwhile, the Nigeria Labour Congress (NLC) has opposed the Central Bank of Nigeria (CBN)’s directive for all financial institutions to impose a 0.5% cybersecurity tax on every electronic transaction.
In a statement on Tuesday, NLC President, Joe Ajaero, criticized the directive, calling it “an additional burden on hardworking Nigerians.”
Ajaero also demanded that the policy be reversed and a new cybersecurity measure that does not impose another financial burden on the Nigerian people be introduced.
Also, the Centre for the Promotion of Private Enterprise, (CPPE) criticized the law stating that the newly introduced cybersecurity levy and other numerous taxes imposed by federal, state, and local governments in Nigeria are impeding the capacity of businesses to drive economic growth, leading to job losses and inflation across the country.
Optics: The Central Bank of Nigeria’s directive on the new cybersecurity levy highlights an essential update in the country’s financial regulatory framework.
Despite the intended clarity in the amended Cybercrime Act, which sets the levy at 0.5% rather than the previously misunderstood 0.005%, confusion persists.
This ongoing uncertainty highlights the need for a comprehensive review of the legislation, ensuring that all stakeholders are clearly informed and the law aligns with both technological advancements and public expectations.