The Central Bank of Nigeria (CBN) has reaffirmed its stance on enforcing the controversial 0.005% cybercrime levy on electronic transactions as outlined in its recently released 2024-2025 fiscal policy guidelines. This means that banks and other financial institutions would be required to deduct the 0.005% levy from all electronic transactions.
According to the regulatory body, “the CBN shall continue to enforce the payment of the mandatory levy of 0.005 per cent on all electronic transactions by banks and other financial institutions, in accordance with the Cybercrime (Prohibition, Prevention, etc.) Act, 2015.”
Revised Cybercrime Levy Rate for 2024-2025
It would seem that, in an effort to address public concerns, the CBN has reduced the levy from 0.5% to 0.005% instead of completely eliminating it. This is obviously a significant change from the rate initially proposed in May 2024. However, despite this reduction, the levy remains contentious as it directly impacts all electronic transactions processed by banks and financial institutions in the country.
The CBN’s Monetary, Credit, Foreign Trade, and Exchange Policy Guidelines for 2024-2025 specifies that this levy is intended to create a cybersecurity fund. The fund aims to bolster defenses against the increasing threat of cyberattacks on Nigeria’s financial sector, ensuring safer banking experiences for businesses and individuals.
CBN’s Continued Commitment to Cybersecurity
Beyond the levy, the CBN’s new guidelines underscore its broader commitment to enhancing cybersecurity measures within banks, Other Financial Institutions (OFIs), and Payment Service Providers (PSPs). These entities must comply with minimum cybersecurity standards, including appointing Chief Information Security Officers (CISOs), in line with the 2022 risk-based cybersecurity framework.
The guidelines draw from previous circulars issued by the CBN, such as the “Issuance of Risk-based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Providers.” The framework, released in 2018 and updated in 2022, outlines the necessary cybersecurity protocols for financial institutions, with CISOs taking a leading role in overseeing cybersecurity issues.
Background and Criticisms
The enforcement of this levy stems from a directive earlier this year, where the CBN required banks to begin deducting the cybersecurity levy for remittance to the National Security Adviser (NSA). However, this move sparked public outcry, with critics arguing that the levy would impose an additional financial burden on businesses and citizens.
Key industry bodies, such as the Centre for the Promotion of Public Enterprise (CPPE) and the Nigerian Association of Chambers of Commerce, Industry, Mines, and Agriculture (NACCIMA), have raised concerns. They argue that the levy could fuel inflation and stifle business growth. In response, NACCIMA has urged the CBN and the Federal Government to cap the levy at a maximum of ₦500 to reduce its impact on the private sector.
Temporary Suspension and Future Outlook
In light of the widespread criticism, the Nigerian government temporarily suspended the implementation of the cybersecurity levy earlier in 2024. This suspension followed an announcement by the Minister of Information and a call from the Federal House of Representatives for a comprehensive review. Consequently, the CBN withdrew its circular mandating banks and PSPs to collect and remit the levy.
While the current policy guidelines signal the CBN’s intention to continue with the levy, its implementation remains subject to further governmental review. This ongoing debate highlights the delicate balance between enhancing cybersecurity and minimizing the financial impact on businesses and individuals.
