The Central Bank of Nigeria, on Monday, ordered banks and other financial institutions to start charging a national cybersecurity levy on every banking transaction with effect in two weeks from the time of the circular.
The circular read in part, "Following the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and pursuant to the provision of Section 44 (2)(a) of the Act, 'a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the Second Schedule of the Act,' is to be remitted to the National Cybersecurity Fund, which shall be administered by the Office of the National Security Adviser."
Things to know about the cybersecurity levy to be paid by Nigerians
According to the CBN circular:
1. A levy of 0.5% is applied to electronic transactions as mandated by the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024.
2. The levy is paid by the initiator of the electronic transaction and deducted from his account by the financial institution. The deducted amount shall be reflected in the customer's account with the narration: "Cybersecurity Levy."
3. Financial institutions will deduct the levy and remit it to the National Cybersecurity Fund administered by the Office of the National Security Adviser.
4. Deductions shall commence within two weeks from the date of the circular, May 6, and banks and other financial institutions shall remit collected levies in bulk to the NCF account domiciled at the CBN monthly by the fifth business day of the following month.
5. Financial institutions have deadlines to update their systems to handle levy deduction and remittance. Failure to remit the levy can result in penalties, including a fine of up to 2% of a financial institution's annual turnover.
“The levy shall be applied at the point of electronic transfer origination, then deducted and remitted by the financial institution. The deducted amount shall be reflected in the customer’s account with the narration, ‘Cybersecurity Levy,'” the circular partly read.
List of Transactions Exempted from the Cybersecurity Levy
According to the circular from CBN, some certain transactions are exempted from paying the National Cybersecurity Levy. The transactions are as follows:
1. Loan disbursements and repayments
2. Banks’ transfers to CBN and vice-versa
3. Government Social Welfare Programmes transactions e.g. Pension payments
4. Educational institutions’ transactions, including tuition payments and other transactions involving schools, universities, or other educational institutions
5. Salary payments
6. Intra-account transfers within the same bank or between different banks for the same customer
7. Intra-bank transfers between customers of the same bank
8. Other Financial Institutions instructions to their correspondent banks
9. Interbank placements,
10. Inter-branch transfers within a bank
11. Cheque clearing and settlements
12. Letters of Credits
13. Banks’ recapitalisation-related funding – only bulk funds movement from collection accounts
14. Savings and deposits, including transactions involving long-term investments such as Treasury Bills, Bonds, and Commercial Papers.
15. Non-profit and charitable transactions, including donations to registered non-profit organisations or charities
16. Transactions involving bank’s internal accounts such as suspense accounts, clearing accounts, profit and loss accounts, inter-branch accounts, reserve accounts, nostro and vostro accounts, and escrow accounts.