By Mario Deepromoter
The Central Bank of Nigeria (CBN) has announced that it will continue enforcing the controversial cybercrime levy at 0.005% on all electronic transactions under its new guidelines for the 2024-2025 fiscal year.
This levy, which has sparked debate among Nigerians, is mandated by the Cybercrime (Prohibition, Prevention, etc.) Act of 2015, aimed at bolstering the nation’s cyber security infrastructure.
This Nigeria news platform observed that the percentage has been reduced from 0.5% earlier announced in May 2024 to 0.005% in the new guidelines.
In the recently released Monetary, Credit, Foreign Trade, and Exchange Policy Guidelines for Fiscal Years 2024-2025 document, the CBN reaffirmed its commitment to this charge, requiring banks and other financial institutions to deduct the levy from all electronic transactions.
The revenue generated from this levy is directed towards a cybersecurity fund, intended to support measures that safeguard Nigeria’s banking system from the growing threat of cyberattacks.
The document read: “The CBN shall continue to enforce the payment of the mandatory levy of 0.005 per cent on all electronic transactions by banks and other financial institutions, in accordance with the Cybercrime (Prohibition, Prevention, etc.) Act, 2015.”
CBN restates minimum cybersecurity baseline for banks, financial institutions
The guidelines also reaffirm the CBN’s broader commitment to ensuring that banks, Other Financial Institutions (OFIs), and Payment Service Providers (PSPs) adhere to minimum cybersecurity standards.
These include the appointment of Chief Information Security Officers (CISOs) to oversee cybersecurity issues in compliance with the 2022 risk-based cybersecurity framework.
The document read: “Pursuant to the circular titled ‘Issuance of Risk-based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Providers’ referenced BSD/DIR/GEN/LAB/11/25, and dated October 10, 2018, issued by the CBN to combat the increasing cyber security threat in the banking industry, banks and Payment Service Providers (PSPs) are mandated to adhere to the guidelines on the risk-based cyber security framework.
“Similarly, another framework titled ‘Issuance of Risk-based Cybersecurity Framework and Guidelines for Other Financial Institutions (OFIs)’, referenced OFI/DOA/CON/ACT/004/155, was issued on June 29, 2022. The guidelines specified the minimum cyber security baseline to be implemented by banks, OFIs and PSPs, and mandated the appointment of a Chief Information Security Officer (CISO) to oversee cyber security issues.”
Recall that in May this year, the Central Bank of Nigeria (CBN) ordered banks to enact the process of deduction of cyber security levy to be administered by the office of the National Security Adviser (NSA).
The apex banks warned that the penalty for defaulting is as prescribed in the amended Cyber Crime Prohibition and Prevention Act which is liable to a fine amounting to no less than 2% of the turnover of the defaulting business and others.
The introduction of the levy drew the ire of Nigerians who complained that the timing was wrong and added additional costs to businesses operating in the country.
The CBN also withdrew its circular mandating banks and payment service providers to collect and remit the cybersecurity levy as proposed in the Cybercrime Prevention and Prohibition Amendment Act of 2024.
The withdrawal follows the decision of the Federal Executive Council to suspend the implementation of the provisions of the law citing the need to conduct further reviews.