Barely four months after suspending the implementation of the Cybersecurity Levy following taxpayers’ complaints, the Central Bank of Nigeria (CBN) has confirmed its decision to enforce the payment of the levy on all electronic transactions in banks and other financial institutions in the country.
The apex bank, however, in its just published ‘Monetary, Credit, Foreign Trade, and Exchange Policy Guidelines for the Fiscal Years 2024-2025’, reduced the controversial levy to 0.005%, from the initial 0.5%.
According to the bank, the implementation of the levy was in accordance with the Cybercrime (Prohibition, Prevention, etc.) Act 2015.
The CBN, therefore, mandated banks and Payment Service Providers (PSPs) to strictly adhere to the guidelines on the risk-based cybersecurity framework.
This is even as it also drew the attention of Other Financial Institutions (OFIs) to an earlier framework on “Issuance of Risk-based Cybersecurity framework and Guidelines for Other Financial Institutions (OFIs).
The guidelines specified the minimum cybersecurity baseline to be implemented by banks, OFIs and PSPs, and mandated the appointment of a Chief Information Security Officer (CISO) to oversee cybersecurity issues.
It would be recalled that the apex bank had in May this year through a circular dated May 6, 2024 and jointly signed by CBN’s Director, Payments System Management Department, Chibuzo Efobi; and Director, Financial Policy and Regulation Department, Haruna Mustafa; ordered the implementation of 0.5% Cybercrime levy on all electronic transactions value as part of efforts to contain the rising threats of cybercrime in the financial system
The directive was addressed to all commercial, merchant, non-interest and payment service banks; other financial institutions, Mobile Money Operators and Payment Service Providers, followed the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and pursuant to the provisions of Section 44 (2)(a) of the Act, which provided for the rate deduction.
The CBN stated that the deducted funds were to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA).