Things to know about the new Cybersecurity Levy
The Central Bank of Nigeria has issued a directive to banks and other financial institutions to implement a cybersecurity levy on all banking transactions. The levy has been introduced in accordance with the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and Section 44 (2)(a) of the Act. It amounts to 0.5% (0.005), which is equal to half a percent of the value of all electronic transactions conducted by the specified businesses listed in the Second Schedule of the Act. The levy is to be remitted to the National Cybersecurity Fund, which will be administered by the Office of the National Security Adviser.
Here are five important points to know about the cybersecurity levy, as outlined in the circular:
1) The cybersecurity levy applies to electronic transactions and is set at 0.5% (equivalent to half a percent) as mandated by the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024.
2) The levy is paid by the initiator of the electronic transaction and will be deducted by the financial institution. The deducted amount will be reflected in the customer’s account with the description “Cybersecurity Levy.”
3) Financial institutions are responsible for deducting the levy and remitting it to the National Cybersecurity Fund, which is administered by the Office of the National Security Adviser.
4) Deductions are expected to begin within two weeks from the date of the circular (May 6). Financial institutions must remit the collected levies in bulk to the NCF account held at the CBN on a monthly basis, no later than the fifth business day of the following month.
5) Financial institutions have deadlines to update their systems to accommodate the deduction and remittance of the levy. Failure to remit the levy may result in penalties, including fines of up to 2% of the financial institution’s annual turnover.
However, the circular also includes a list of 16 banking transactions that are exempt from the new cybersecurity levy.
Here is the list of 16 banking transactions that are exempt from the cybersecurity levy:
1. Loan disbursements and repayments.
2. Salary payments.
3. Intra-account transfers within the same bank or between different banks for the same customer.
4. Intra-bank transfers between customers of the same bank.
5. Other Financial Institutions instructions to their correspondent banks.
6. Interbank placements.
7. Banks’ transfers to CBN and vice versa.
8. Inter-branch transfers within a bank.
9. Cheque clearing and settlements.
10. Letters of Credits.
11. Banks’ recapitalization-related funding – only bulk funds movement from collection accounts.
12. Savings and deposits, including transactions involving long-term investments such as Treasury Bills, Bonds, and Commercial Papers.
13. Government Social Welfare Programs transactions, e.g., Pension payments.
14. Non-profit and charitable transactions, including donations to registered non-profit organizations or charities.
15. Educational institutions’ transactions, including tuition payments and other transactions involving schools, universities, or other educational institutions.
16. Transactions involving the bank’s internal accounts, such as suspense accounts, clearing accounts, profit and loss accounts, inter-branch accounts, reserve accounts, nostro and vostro accounts, and escrow accounts.