In a move said to be aimed at fortifying Nigeria’s digital defenses, the Central Bank of Nigeria (CBN) has issued a directive mandating financial institutions to enact a cybersecurity levy. This levy, amounting to 0.5% of the value of all electronic transactions, is intended to boost the National Cyber Security Fund administered by the Office of the National Security Adviser (NSA).
The CBN’s directive, communicated via a circular signed by Chibuzor Efobi and Haruna .B. Mustafa, Directors of payments system management and financial policy and regulation respectively, signifies a proactive approach to combating the escalating threat of cybercrime. This move comes in response to the enactment of the 2024 Cybercrime (Prohibition, Prevention, etc) Amendment Act, which provides the legal framework for the implementation of the cybersecurity levy.
According to the circular, financial institutions, including banks, mobile money operators, and payment service providers, are required to commence the deduction and collection of the cyber security levy within two weeks of the circular’s issuance. The levy will be calculated as 0.5% of the value of all electronic transactions, with the funds channeled into the National Cyber Security Fund to enhance Nigeria’s cybersecurity capabilities.
Tekedia Mini-MBA edition 14 (June 3 – Sept 2, 2024) begins registrations; get massive discounts with early registration here.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
“Following the enactment of the Cybercrime (Prohibition, Prevention, etc) (Amendment) Act 2024 and pursuant to the provision of Section 44 (2)(a) of the Act, a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the Second Schedule of the Act, is to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA).
“Accordingly, all Banks, Other Financial Institutions, and Payments Service Providers are hereby required to implement the above provision of the Act as follows.
“Calculate the levy based on the total electronic transfer origination, then deducted and remitted by the financial institution.
“The deducted amount shall be reflected in the customer’s account with the narration: ‘Cybersecurity Levy’.”
The CBN’s directive comes amid escalating threats posed by cybercriminals. With the rapid digitization of financial services and the increasing reliance on electronic transactions, Nigeria’s digital infrastructure has become a prime target for cyberattacks. The Nigeria Inter-Bank Settlement System (NIBSS) said that financial institutions lost about N17.67 billion to fraud in 2023.
Thus, the implementation of the cybersecurity levy is believed to be a proactive measure to safeguard against these threats and protect the integrity of Nigeria’s digital economy.
However, while the cybersecurity levy is a step in the right direction, its implementation also raises several challenges and implications for both consumers and businesses.
Everyday users may experience concerns about the potential increase in the cost of digital services, as the levy is likely to be passed on to consumers in the form of higher transaction fees. This could impact consumer behavior and adoption rates of digital financial services, particularly among low-income individuals who are more sensitive to changes in transaction costs.
Similarly, businesses will need to adjust their financial strategies to accommodate the levy, balancing the need for compliance with the imperative of managing operational costs. The stringent penalties for non-compliance, including fines amounting to no less than 2% of the annual turnover for defaulting businesses, underscore the seriousness of this initiative and the importance of adherence to cybersecurity protocols.
Despite these challenges, many believe the implementation of the cybersecurity levy is a representation of a crucial step forward in Nigeria’s efforts to strengthen its digital resilience. They believe that by investing in cybersecurity infrastructure and capabilities, Nigeria can better protect its digital assets and safeguard against the potentially devastating impact of cyberattacks.