The CBN has now reduced the levy from the original rate of 0.5%. This change is part of the CBN’s Monetary, Credit, Foreign Trade, and Exchange Policy Guidelines for the Fiscal Years 2024-2025, which emphasizes compliance with the Cybercrime (Prohibition, Prevention, etc.) Act of 2015.
In its guidelines, the CBN mandates banks and Payment Service Providers (PSPs) to adhere to a risk-based cybersecurity framework. Additionally, it has highlighted the need for Other Financial Institutions (OFIs) to follow earlier frameworks related to cybersecurity.
The guidelines require the establishment of a minimum cybersecurity baseline, including the appointment of a Chief Information Security Officer (CISO) to oversee cybersecurity matters.
Background
The directive, communicated in a circular on May 6, 2024, was addressed to various financial institutions, including commercial banks and Mobile Money Operators.
Funds collected from the levy will be directed to the National Cybersecurity Fund (NCF), administered by the Office of the National Security Adviser (ONSA). The levy will be deducted at the point of transaction, appearing in customers’ accounts as “Cybersecurity Levy.”
Certain transactions are exempt from the levy, including loan disbursements, salary payments, and various internal bank transfers. The CBN also noted that failure to remit the levy could result in significant fines, as outlined in Section 44 (8) of the Act.
All institutions under the CBN’s regulation are required to comply with the new provisions and guidelines.
Levy faced criticisms
For instance, the Labour Party presidential candidate in the 2023 general elections Peter Obi, said the present government is more interested in milking a dying economy instead of nurturing it to recovery and growth.
He said, ‘The introduction of yet another tax, in the form of Cybersecurity Levy, on Nigerians who are already suffering severe economic distress is further proof that the government is more interested in milking a dying economy instead of nurturing it to recovery and growth.
“This does not only amount to multiple taxation on banking transactions, which are already subject to various other taxes including stamp duties but negates the Government’s avowed commitment to reduce the number of taxes and streamline the tax system.
“The imposition of a Cybersecurity Levy on bank transactions is particularly sad given that the tax is on the trading capital of businesses and not on their profit hence will further erode whatever is left of their remaining capital, after the impact of the Naira devaluation and high inflation rate.
“At a time when the government should be reducing taxes to curb inflation, the government is instead introducing new taxes. And when did the office of the NSA become a revenue-collecting centre? And why should that purely national security office receive returns on a specific tax as stated in the new cybersecurity law?.”
CBN bowed to pressure
The withdrawal was conveyed in a circular dated May 17, 2024 and addressed to all commercial, merchant, non-interest and payment service banks; other financial institutions, Mobile Money Operators and Payment Service Providers. It was also jointly signed by Efobi and Mustafa.
The brief circular read, “The Central Bank of Nigeria circular dated May 6, 2024 (Ref: PSMD/DIR/PUB/LAB/017/004) on the above subject refers.