On Monday, the Central Bank of Nigeria issued a directive instructing banks to implement a 0.5% cybersecurity levy on transactions. The circular, released by the apex bank, specified that the levy's implementation would commence two weeks from the date of its announcement and applied to all commercial, merchant, non-interest, and payment service banks.
This directive was issued in compliance with the Cybercrimes (Prohibition, Prevention, etc...) Act 2015, following a prior letter dated June 25, 2018 (Ref: BPS/DIR/GEN/CIR/05/008) and October 5, 2018 (Ref: BSD/DIR/GEN/LAB/11/023). Additionally, it was prompted by the enactment of the Cybercrime (Prohibition, Prevention, etc) (Amendment) Act 2024, which stipulates a levy of 0.5 percent (0.005) on all electronic transaction values for businesses specified in the Second Schedule of the Act. This levy is to be remitted to the National Cybersecurity Fund, administered by the Office of the National Security Adviser.
All banks, financial institutions, and payment service providers are now mandated to implement this directive. The levy will be applied at the point of electronic transfer origination, deducted, and remitted by the financial institution, with the deducted amount reflected in the customer's account as "Cybersecurity Levy." Deductions will commence within two weeks from the circular's date, with the levies collected remitted monthly to the NCF account domiciled at the CBN by the fifth business day of every subsequent month.
Non-compliance with the directive carries penalties, including fines of not less than two per cent of the defaulting business's annual turnover upon conviction.