Nigerian banks are set to introduce a 0.5 percent levy on electronic transfers to support cybersecurity measures, as directed by the Central Bank of Nigeria (CBN).
The directive was conveyed in a circular jointly issued by Chibuzor Efobi, Director of Payments System Management, and Haruna Mustafa, Director of Financial Policy and Regulation, addressed to all commercial, merchant, non-interest, and payment service banks, among others.
This decision follows earlier communications dated June 25, 2018, and October 5, 2018, regarding compliance with the Cybercrimes (Prohibition, Prevention, Etc.) Act 2015.
The implementation of the cybersecurity levy aligns with the enactment of the 2024 Cybercrime (Prohibition, Prevention, etc) Amendment Act. Under Section 44 (2)(a) of the Act, a levy of 0.5% (0.005), equivalent to half a percent of all electronic transaction values by specified businesses, is mandated to be remitted to the National Cybersecurity Fund (NCF), administered by the Office of the National Security Adviser (ONSA).
Financial institutions are instructed to commence deductions within two weeks from the date of the circular. Monthly levies collected are to be remitted in bulk to the NCF account domiciled at the CBN by the 5th business day of each subsequent month. Institutions under the regulatory purview of the CBN are obligated to comply with the Act and the circular.
However, certain transactions, such as loan disbursements and repayments, salary payments, and intra-account transfers within the same bank or between different banks for the same customer, will remain unaffected by the levy.
Furthermore, inter-branch transfers within a bank, cheque clearing and settlements, Letters of Credits, banks’ recapitalisation-related funding, bulk funds movement from collection accounts, savings and deposits, and transactions involving long-term investments are also exempt from the cybersecurity levy.
This move underscores the ongoing efforts to enhance cybersecurity resilience in Nigeria’s financial sector, reflecting the authorities’ commitment to combat cyber threats effectively.
