Business

Confusion trails new cybersecurity levy

Published

2 weeks ago

May 8, 2024

Olayemi Cardoso, the Governor of the Central Bank of Nigeria, has disclosed that members of the Monetary Policy Committee (MPC) will do whatever is necessar

Spread The News

Following the directive by the Central Bank of Nigeria (CBN) to financial institutions for the implementation of the cybersecurity levy on all electronic transactions, questions have been raised regarding the percentage that should be deducted from banks to implement customers’ transactions.

On May 6, CBN directed a “levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions”.

CBN said the policy, which would take effect in two weeks, would be remitted to the national cyber security fund, administered by the office of the national security adviser (ONSA).

The apex bank’s announcement has left some Nigerians wondering whether the amount to be deducted is 0.005 percent or 0.5 percent.

The confusion expressed by some Nigerians stems from the provisions of the repealed Cybercrimes (prohibition, prevention, etc) Act, 2015 as well as a 2018 CBN circular sent to payment service providers.

Section 44 (2) (a) of the repealed act states that “a levy of 0.005 of all electronic transactions by the businesses specified in the second schedule of this act” shall be paid and credited into the “National Cyber security Fund”.

Also, in the 2018 CBN circular, the apex bank said “the levy shall be 0.005 of the service charge (exclusive of all tax effects) from all electronic financial transactions occurring in a bank, a mobile money scheme or other payment platforms”.

Festus Ogun, a lawyer, taking to his X page, said the cybercrime (amendment) Act, 2024 did not “provide for a 0.5% levy”.

“It provides for a 0.005% levy. It was in fact bracketed for clarity.Why is FG charging 0.5% when the law says it should charge 0.005%? 0.5% is not the same as 0.005%,” he wrote.

Another X user, named Olotu of Ottawa, said there is ambiguity in the law.

“Because there was no percentage in that value. And 0.005 is the same as 0.5%,” he wrote.

According to the Cybercrimes (prohibition, prevention, etc) (Amendment) Act, 2024, the provisions of section 44 of the principal act was amended — nullifying the previous regulation.

The new provision requires “a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value” to be made by “the business specified in the Second Schedule to this Act”.

In essence, the act, which previously stated only the decimal value of the levy (0.005), introduced the percentage equivalent (0.5 percent) of the levy.

For instance, if a sender intends to send N50,000 to a recipient, 0.5 percent of the amount would amount to N250. Similarly, multiplying N50,000 by 0.005 equals to N250. Consequently, it is important to note that 0.005 is 0.5 percent.

In the directive to banks and other financial institutions, CBN said there are 16 exemptions to the cybersecurity levy.

This indicates transactions outside the exemptions listed below will be charged.

In a chat with a legal practitioner, Timi Olagunju, said the levy applies to individuals and businesses. “It applies to both natural persons (individuals) and artificial persons (businesses) transferring money via electronic means,” he said.

“The levy is deducted directly by financial institutions from the originator of each transaction and reflected on the account statement as a cybersecurity levy. Loan disbursements and salary payments fall under specific exemptions to this.”

According to the CBN, merchant, non-interest, payment service banks, mobile money operators, microfinance banks, primary mortgage banks, and development finance institutions are financial institutions that will deduct the cybersecurity levy.

The financial regulator said the levy will be applied at the point of electronic transfer origination (the sender) — then deducted and remitted by the financial institution.