Nigeria Introduces Cybersecurity Levy on Electronic Transactions

In a bid to enhance the country’s cybersecurity infrastructure and protect against the growing threat of cybercrimes, the Central Bank of Nigeria (CBN) has mandated financial institutions to implement a cybersecurity levy on electronic transactions. This was contained in a circular released by the apex bank yesterday, 6th  May, to different categories of banks, mobile money operators, payment service providers and others signed by the apex bank’s Director of payments system management, Chibuzor Efobi and Director of financial policy and regulation, Haruna .B. Mustafa.

The move follows the enactment of the 2024 Cybercrime (Prohibition, Prevention, etc) Amendment Act, which provides for a 0.5% deduction on all electronic transactions to be remitted to the National Cyber Security Fund.

The levy, which takes effect two weeks after the circular, will be deducted by banks, mobile money operators, and payment service providers from the value of all electronic transactions. This includes transactions such as online banking, mobile money transfers, and card payments. The deducted amount will be reflected in the customer’s account with the narration “Cybersecurity Levy.”

Exempted from the levy include loan disbursements and repayments, salary payments, intra-account transfers within the same bank or between different banks for the same customer, intra-bank transfers between customers of the same bank.

Also exempted from the levy were inter-branch transfers within a bank, cheque clearing and settlements, ⁠Letters of Credits, ⁠Banks’ recapitalisation-related funding only bulk funds movement from collection accounts, savings and deposits including transactions involving long-term investments, among others.

The introduction of the cybersecurity levy marks a significant shift in Nigeria’s digital economy regulatory landscape. While it underscores the government’s commitment to safeguarding digital assets and maintaining the integrity of financial transactions, it also poses challenges and implications for consumers and businesses. For everyday users, the additional charge on transactions might raise concerns about the rising cost of digital services, potentially impacting consumer behavior and digital adoption rates. On the business side, companies are compelled to adjust their financial strategies to accommodate the levy, ensuring compliance while managing their operational costs.

The National Cyber Security Fund, which will be administered by the Office of the National Security Adviser (ONSA), aims to strengthen the country’s cybersecurity defenses and enhance its response to cyber threats. The fund will be used to support initiatives such as cybersecurity awareness campaigns, training and capacity-building programs, and the development of cybersecurity infrastructure.

Failure to comply with the directive will attract a penalty of not less than 2% of the defaulting business’s annual turnover. This stringent penalty highlights the critical nature of this initiative and the government’s commitment to ensuring that all stakeholders play their part in enhancing the country’s cybersecurity.

As the policy takes effect, its execution and stakeholders’ adaptation will likely influence the broader trajectory of Nigeria’s digital finance ecosystem. The success of this initiative will depend on the effective implementation of the levy, the transparency and accountability of the National Cyber Security Fund, and the cooperation of all stakeholders in the digital economy.