The Central Bank of Nigeria (CBN) has instructed banks and fintech companies to impose a 0.5% cybersecurity levy on transactions. This directive was communicated through a circular addressed to all commercial, merchant, non-interest, and payment service banks, as well as mobile money operators and payment service providers on Monday, May 6, 2024.

According to the circular, this levy aligns with the provisions of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024. It follows up on previous letters dated June 25, 2018, and October 5, 2018, in compliance with the Cybercrimes (Prohibition, Prevention, Etc.) Act 2015.

Under the provision of Section 44 (2)(a) of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024, a levy of 0.5 per cent (0.005), equivalent to half a percent of all electronic transaction values, is to be remitted to the National Cybersecurity Fund administered by the Office of the National Security Adviser.

The CBN mandates all banks, financial institutions, and payment service providers to implement this directive. The levy will be applied at the point of electronic transfer origination, deducted, and remitted by the financial institution. The deducted amount will be reflected in the customer’s account with the narration, ‘Cybersecurity Levy’.

The circular states that deductions should commence within two weeks from the date of issuance, and the monthly remittance of collected levies in bulk to the NCF account domiciled at the CBN should be done by the fifth business day of every subsequent month.

Non-compliance with the directive carries penalties, including fines of not less than two per cent of the annual turnover of the defaulting business, among others.