- The Central Bank of Nigeria (CBN) has reintroduced a 0.005% cybersecurity levy on all electronic transactions
- This percentage has reduced compared to the 0.5% set initially in May 2024 for the 2024-2025 fiscal year
- The levy is enforced under the Cybercrime Act of 2015, aimed at strengthening Nigeria’s cybersecurity infrastructure
The Central Bank of Nigeria (CBN) has announced that it will continue enforcing the controversial cybercrime levy at 0.005% on all electronic transactions under its new 2024-2025 fiscal year guidelines.
This levy, which has sparked debate among Nigerians, is mandated by the Cybercrime (Prohibition, Prevention, etc.) Act of 2015, aimed at bolstering the nation’s cybersecurity infrastructure.
TheRadar observed that the percentage, originally set at 0.5% in May 2024, has been reduced to 0.005% in the latest guidelines.
In the recently released Monetary, Credit, Foreign Trade, and Exchange Policy Guidelines for Fiscal Years 2024-2025 document, the CBN reaffirmed its commitment to this charge, requiring banks and other financial institutions to deduct the levy from all electronic transactions.
The revenue generated from this levy is directed towards a cybersecurity fund to support measures that safeguard Nigeria’s banking system from the growing threat of cyberattacks.
The document read: “The CBN shall continue to enforce the payment of the mandatory levy of 0.005 per cent on all electronic transactions by banks and other financial institutions, in accordance with the Cybercrime (Prohibition, Prevention, etc.) Act, 2015.”
CBN restates minimum cybersecurity baseline for banks, financial institutions
In addition to the levy, the guidelines reiterate the CBN’s commitment to ensuring that banks, other financial institutions (OFIs), and payment service providers (PSPs) comply with minimum cybersecurity standards. This includes the mandatory appointment of Chief Information Security Officers (CISOs) to oversee cybersecurity operations, in line with the 2022 risk-based cybersecurity framework.
The document read: “Pursuant to the circular titled ‘Issuance of Risk-based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Providers’ referenced BSD/DIR/GEN/LAB/11/25, and dated October 10, 2018, issued by the CBN to combat the increasing cyber security threat in the banking industry, banks and Payment Service Providers (PSPs) are mandated to adhere to the guidelines on the risk-based cyber security framework.
“Similarly, another framework titled ‘Issuance of Risk-based Cybersecurity Framework and Guidelines for Other Financial Institutions (OFIs)’, referenced OFI/DOA/CON/ACT/004/155, was issued on June 29, 2022. The guidelines specified the minimum cyber security baseline to be implemented by banks, OFIs, and PSPs. They mandated the appointment of a Chief Information Security Officer (CISO) to oversee cyber security issues.”
Meanwhile, the CBN has also withdrawn its earlier circular that mandated banks and payment service providers to collect and remit the cybersecurity levy, as outlined in the proposed Cybercrime Prevention and Prohibition Amendment Act of 2024. This decision followed a review by the Federal Executive Council, which suspended the law's implementation, citing the need for further analysis.
Amid economic strain, N50 EMTL implementation doesn’t bode well for Nigerians, fintechs, others
Earlier, TheRadar reported that financial technologies (fintechs) in Nigeria announced that a deduction of N50 transfer levy on transactions above N10,000 on customers’ personal or business accounts would apply beginning Monday, September 9.
The news of the implementation of the transfer levy generated ripples among Nigerians who condemn its implementation, citing the impact on the economy and as an added burden on the shoulders of the masses.