The Central Bank of Nigeria (CBN) has issued a directive to all financial institutions in the country to begin deducting a cybersecurity levy on all electronic transactions. This levy, which was first announced six years ago, is to be remitted to the National Security Fund, administered by the Office of the National Security Adviser (ONSA). The directive applies to all electronic transactions conducted through commercial banks, merchant banks, non-interest banks, payment system banks, other financial institutions, mobile money operators, and payment service providers.
Failure to comply with the directive within the stipulated timeframe will result in a penalty of two percent of the institution’s annual turnover. The CBN had previously released guidelines for the collection of a 0.005 percent levy on electronic transactions in 2018, but the directive did not take effect.
However, in a recent circular jointly signed by the CBN Director of Payments Systems Management and the Director of Financial Policy and Regulation, banks have been instructed to begin deducting the levy for onward remittance. The levy, equivalent to 0.5 percent of all electronic transaction values, is to be remitted to the National Cybersecurity Fund (NCF), as mandated by the Cybercrime (Prohibition, Prevention, etc) (Amendment) Act 2024.
The NCF will be administered by the ONSA. Financial institutions are required to implement the levy at the point of electronic transfer origination and reflect the deducted amount in the customer’s account with the narration “Cybersecurity Levy.”
Deductions are expected to commence within two weeks from the date of the circular, and monthly remittances should be made to the NCF account domiciled at the CBN by the 5th business day of each subsequent month. To ensure timely submission of remittance files, system reconfigurations must be completed within four weeks for commercial, merchant, non-interest, and payment service banks, as well as mobile money operators.
All other financial institutions, including microfinance banks, primary mortgage banks, and development finance institutions, have eight weeks to complete the reconfigurations.
Certain transactions are exempted from the levy to avoid multiple applications. Failure to remit the levy is considered an offense and may result in a fine of at least two percent of the defaulting business’s annual turnover, among other penalties.
