Nigerian Banks, MMOs, PSPs set to Collect 0.5% Cybersecurity Levy

Nigeria’s Central Bank, the CBN, has mandated all banks and Payment Service Providers (PSPs) to begin collecting and remitting a new cybersecurity levy. This move comes amidst growing concerns about cyber threats targeting the country’s burgeoning digital economy.

The levy, set at 0.5% of the value of all electronic transactions, will be directed towards a National Cybersecurity Fund administered by the Office of the National Security Adviser (NSA). The CBN, in a circular titled “Compliance with the Cybercrime (Prohibition, Prevention etc) Act 2024: Collection and Remittance of Levy for the National Cybersecurity Fund,” and released on Sunday, outlined the details of the levy’s implementation.

Boosting National Cybersecurity Defences

The announcement highlights the Nigerian government’s commitment to fortifying the country’s digital defences. The National Cybersecurity Fund generated through this levy will be used to finance various initiatives, including:

• Upgrading cybersecurity infrastructure: Funds will be allocated to bolstering the technological capabilities of institutions responsible for cybersecurity.
• Developing a skilled workforce: The levy can support training programs to create a pool of cybersecurity professionals to address evolving threats.
• Enhancing public awareness: Initiatives to educate citizens and businesses about cyber threats and best practices can be funded through the levy.

Impact on Banks and Customers

Banks and PSPs are expected to begin collecting the levy within two weeks of the circular’s issuance. Furthermore, the apex banks cautioned that the penalty for non-compliance entails a fine equivalent to no less than 2% of the turnover of the non-compliant business and other entities.

The levy will be reflected as a separate charge named “Cybersecurity Levy” on customer transaction statements. While the impact on individual transactions might be minimal, the levy is expected to generate significant funds to support national cybersecurity efforts.

Reactions and Considerations

The new levy has generated mixed reactions. While some acknowledge the importance of robust cybersecurity measures, others express concerns about the potential burden it might place on businesses and ultimately, consumers.

Here are some key considerations:

• Transparency and Accountability: Ensuring transparency in how the funds are used and holding relevant authorities accountable for their effectiveness will be crucial.
• Minimizing Impact on Customers: Authorities should explore ways to minimize the levy’s impact on low-value transactions to ensure financial inclusion is not hindered.
• Long-Term Cybersecurity Strategy: The levy should be seen as part of a comprehensive cybersecurity strategy that includes collaboration between public and private sectors.

In an addendum to the circular released on Monday, the Central Bank of Nigeria has listed 16 transactions exempted from the levy. According to the banking regulator, these transactions include:

1. Loan disbursements and repayments
2. Salary payments
3. Intra-account transfers within the same bank or between different banks for the same customer
4. Intra-bank transfers between customers of the same bank
5. Other Financial Institutions (OFIs) instructions to their correspondent
6. Banks Interbank placements
7. Banks’ transfers to CBN and vice-versa
8. Inter-branch transfers within a bank
9. Cheques clearing and settlements
10. Letters of Credits (LCs)
11. Banks’ recapitalization-related funding – only bulk funds movement from collection accounts
12. Savings and deposits including transactions involving long-term investments such as Treasury Bills, Bonds, and Commercial Papers.
13. Government Social Welfare Programs transactions e.g. Pension payments
14. Non-profit and charitable transactions including donations to registered nonprofit organizations or charities.
15. Educational Institutions transactions, including tuition payments and other transactions involving schools, universities, or other educational institutions.
16. Transactions involving the bank’s internal accounts such as suspense accounts, clearing accounts, profit and loss accounts, inter-branch accounts, reserve accounts, nostro and vostro accounts, and escrow accounts.