CBN Introduces Cybersecurity Levy on Electronic

Transactions

In a bid to fortify Nigeria’s digital financial ecosystem against evolving cyber threats, the Central Bank of Nigeria (CBN) has mandated all banks to implement a 0.5% cybersecurity levy on electronic transactions within the country, effective  from May 6, 2024. This directive, outlined in a circular signed by the Directors of the Payments System Management and Financial Policy and Regulation Departments, underscores the CBN’s proactive stance in safeguarding the integrity of electronic payments.

The cybersecurity levy represents a strategic measure to bolster the resilience of Nigeria’s financial infrastructure against the backdrop of escalating cyber risks and sophisticated cyberattacks. By imposing a nominal levy on electronic transactions, the CBN aims to generate additional resources dedicated to strengthening cybersecurity frameworks, enhancing threat detection capabilities, and fostering collaboration among stakeholders to mitigate cyber threats effectively.

While the implementation of the cybersecurity levy signifies a pivotal step towards bolstering Nigeria’s cyber resilience, it is essential to delineate the scope of transactions subject to the levy. The CBN has provided clarity by exempting 16 specific banking transactions from the cybersecurity levy, including loan disbursements and repayments, salary payments, and intra-account transfers within the same bank or between different banks for the same customer, among others.

This targeted approach to exemptions reflects the CBN’s recognition of certain transactions’ inherent low-risk nature or their criticality to the smooth functioning of the financial system. By exempting these transactions, the CBN aims to mitigate the potential impact of the levy on essential financial activities while ensuring that resources are allocated efficiently to address high-priority cybersecurity concerns.

However, as banks prepare to implement the cybersecurity levy, it is imperative for them to proactively communicate with customers to provide clarity on the implications of the levy on electronic transactions. Transparent communication regarding the levy’s applicability, exemptions, and its role in enhancing cybersecurity measures will foster trust and understanding among consumers, thereby facilitating smoother implementation and compliance.

Furthermore, banks must prioritize investments in robust cybersecurity frameworks and technologies to fortify their defenses against evolving cyber threats. This entails deploying advanced threat detection and prevention mechanisms, enhancing employee cybersecurity awareness and training programs, and fostering collaboration with industry peers and cybersecurity experts to stay abreast of emerging threats and best practices.

Here are the five important things you need to know about the ‘Cybersecurity Levy’:

1. Levy Amount: The levy is set at 0.5% of the value of electronic transactions, intended to strengthen cybersecurity infrastructure.
2. Collection Method: Financial institutions will deduct the levy directly from transactions, visible in customers’ account statements as ‘Cybersecurity Levy’
3. Administration and Remittance: Institutions are tasked with collecting and remitting the cybersecurity levy to the National Cybersecurity Fund administered by Office of NSA (ONSA) monthly by the fifth business day of the following month.
4. Implementation Timeline: The directive takes effect within two weeks from the circular’s issuance date, May 20, 2024, prompting banks to promptly adjust their systems.
5. Penalties for Non-compliance: Failure to remit the cybersecurity levy may result in penalties, including fines of up to 2% of the institution’s annual turnover.

For more enquiry on the Cybersecurity Levy, kindly contact us at SOW Professional Services Ltd.

Website: www.sowprofessional.com

Phone: 07038254989

WhatsApp: 08152451523