Connect with us

Business

CBN Introduces New Cybersecurity Levy On Electronic Transactions

Published

on

at

CBN Governor, Yemi Cardoso

The Central Bank of Nigeria (CBN) has issued a new directive to all financial institutions, including commercial, merchant, non-interest banks, payment service banks, and mobile money operators mandating the implementation of a 0.5% cybersecurity levy on all electronic transactions.

This move is in line with the provisions of the recently amended Cybercrime (Prohibition, Prevention, etc.) Act 2024. The directive, detailed in a circular dated June 25, 2024, instructs that the levy be applied at the point of electronic transfer origination, with the deducted amount to be reflected in the customer’s account as “Cybersecurity Levy.”

Financial institutions are required to start deductions within two weeks from the date of the circular and remit the accumulated levies monthly to the National Cybersecurity Fund (NCF), which is administered by the Office of the National Security Adviser (ONSA).

Implementation Schedule and Compliance:

  • The levy implementation will commence two weeks post-circular issuance for all qualified financial transactions.
  • Monthly remittances of the collected levies are expected by the 5th business day of every subsequent month, to be deposited into the NCF account housed at the CBN.
  • System reconfigurations for submitting remittance files to the Nigeria Interbank Settlement System (NIBSS) must be completed within four weeks for primary financial institutions and eight weeks for other financial entities such as microfinance banks.

Exemptions and Penalties:

The circular includes a schedule of exemptions that specify transactions not subject to the cybersecurity levy. These exemptions include loan disbursements, salary payments, intra-account transfers, interbank placements, and government-related welfare transactions such as pensions and educational payments.

Failure to comply with the levy remittance is subject to severe penalties. According to Section 44 (8) of the Cybercrime Act, non-compliance can result in a fine of not less than 2% of the defaulting business’s annual turnover.

Olawale Adeniyi Journalist | Content Writer | Proofreader and Editor.