• en

CBN Bows to Pressure, Halts Implementation of Controversial Cybersecurity Levy

CBN has withdrawn controversial circular on 0.5% cybersecurity levy, citing legal concerns and public backlash against the cybercrime levy implementation.

The Central Bank of Nigeria (CBN) on Sunday announced the withdrawal of the controversial circular on the implementation of 0.5 per cent levy on all electronic transactions value as part of measures to tackle the rising threats of cybercrime in the financial system.

The withdrawal was conveyed in a circular dated May 17, 2024 and addressed to all commercial, merchant, non-interest and payment service banks; other financial institutions, Mobile Money Operators and Payment Service Providers – and jointly signed by CBN Director, Payments System Management Department, Chibuzo  Efobi, and Director, Financial Policy and Regulation Department, Haruna Mustafa.

The brief circular read, “The Central Bank of Nigeria circular dated May 6, 2024 (Ref: PSMD/DIR/PUB/LAB/017/004) on the above subject refers.

“Further to this, please be advised that the above referenced circular is hereby withdrawn. Please be guided accordingly.”

On May 6, 2024,  the central bank ordered the implementation of of the levy  followed the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and pursuant to the provision of Section 44 (2)(a) of the Act, which provided for the rate deduction.

But followed sustained public backlash, the presidency had earlier order the withdrawal of the policy in a statement. 

The apex bank further explained that the deducted funds are to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA), a decision that had been contested by stakeholder who queried the legality ONSA receiving unappropriated funds with the approval of the National Assembly.

Accordingly, all banks, Other Financial Institutions and Payments Service Providers are required to implement the new  provision of the Act as directed.

The central bank noted that the levy shall be applied at the point of electronic transfer origination, then deducted and remitted by the financial institution.

The deducted amount shall be reflected in the customer’s account with the narration: “Cybersecurity Levy”.

The CBN further clarified that deductions shall commence within two weeks from the date of the circular for all financial institutions and the monthly remittance of the levies collected in bulk to the NCF account domiciled at the CBN by the fifth business day of every subsequent month.

The apex bank further directed that system reconfigurations towards ensuring complete and timely submission of remittance files to the Nigeria Interbank Settlement System (NIBSS) shall be completed within four weeks of the circular for commercial, merchant, non- interest and Payment Service Banks; and Mobile Money Operators.

Also, Other Financial Institutions (Microfinance banks, Primary Mortgage banks, Development Finance Institutions) will be required to effect the completion within eight weeks of the circular. 

The circular however, exempted some transactions from cybercrime levy.

They included loan disbursements and repayments; salary payments; intra-account transfers within the same bank or between different banks for the same customer; intra-bank transfers between customers of the same bank, and Other Financial Institutions (OFIs) instructions to their correspondent banks.

Exemption also applies to interbank placements; banks’ transfers to CBN and vice-versa; inter-branch transfers within a bank, cheques clearing and settlements; and Letters of Credits (LCs).

Others include banks’ recapitalisation related funding only bulk funds movement from collection accounts; savings and deposits including transactions involving long-term investments such as treasury bills, bonds; and commercial papers;  government social welfare programmes transactions e.g. pension payments; non-profit and charitable transactions including donations to registered non- profit organisations or charities; educational institutions transactions, including tuition payments and other transaction involving schools, universities, or other educational institutions.

Transactions involving bank’s internal accounts such as suspense accounts, clearing accounts, profit and loss accounts, inter-branch accounts, reserve accounts, nostro and vostro accounts, and escrow accounts are also exempted from the levy. 

The central bank warned that  Section 44 (8) of the Act prescribes that failure to remit the levy constitutes an offence  liable on conviction to a fine of not less than two per cent of the annual turnover of the defaulting business, among others.

All institutions under the regulatory purview of the CBN are directed to note and comply with the provisions of the Act and the circular.

A report by Proshare had questioned the legality of the ONSA) to receive unappropriated funding for its activities, particularly the controversial cybersecurity levy aimed at tackling the growing threats of cybercrime.

It said allowing the ONSA access to funds without the approval of the National Assembly was not only unconstitutional but against global practice.  

The report stated that the move tended to make account holders pay the government for a service already covered by financial institutions in their digital transfer charges.

Specifically, it argued that the levy was needless and amounted to double-taxation of bank customers since depositors’ funds up to N5 million are already covered by the Nigeria Deposit Insurance Company (NDIC).

It said, “If cyber protection goes beyond bank deposits, why should the funding of ONSA rely on money in customers’ deposit accounts and electronic transactions from these accounts? 

“The global best practice is to establish a ‘black budget’ for cyber protection-related issues, which has Senate Security Committee oversight.

“The funding is a fiscal arrangement based on standard operating protocols (SOPs) and does not distort the pricing of commercial activities such as electronic transactions on customer deposit accounts.” 

Continuing, the report stated, “To stretch the argument, if the naira were to come under a currency attack, would the CBN levy depositors’ bank accounts to repel the action of foreign currency speculators?

“If it did, how legal would it be? Fiscal intentions may be good, but policy execution frameworks are equally crucial; killing a child to solve the problem of a headache gets the job done but leaves a bigger ethical problem.”

In addition, analysts have opposed the implementation of the cybersecurity levy describing the move as ill-timed and distortionary to monetary policy and economy at large.

They said the levy amounted to funding the expenses and responsibilities that should be borne by banks.

In a separate interview, the analysts further advised the financial institutions to build enough ICT capabilities that can fight cyber insecurity.

President, Association of Capital Market Academics of Nigeria, Prof. Uche Uwaleke, said, “I think the cybersecurity levy is ill-timed, coming at a time when the CBN is concerned about the high rate of financial exclusion and the increasing rate of currency circulating outside the banks.

“It carries the downside risk of discouraging financial intermediation as well as complicating the transmission of monetary policy with more people shunning the banks due to high charges.

“The end result is that it makes difficult effort by the CBN to tame inflation.”

He said, “So, I think the circular should be withdrawn especially against the backdrop of assurances by the government that its plan to increase revenue would not include introducing new taxes or increasing tax rates.

“To this end, the government should suspend the policy while getting set to implement the recommendations of the Presidential Committee on Fiscal Policy and Tax Reforms whose mandate includes streamlining multiple taxes and levies currently inhibiting the growth of businesses in Nigeria.”

Also, Managing Director/Chief Executive, Dignity Finance and Investment Limited, Dr. Chijioke Ekechukwu, told THISDAY that the cybersecurity levy was an additional tax on businesses.

He said, “We have been complaining about how multiple taxation have adversely affected businesses. This is an additional and another version of tax. 

“For a deposit of N100,000,000, the customer pays N500,000, and another N500,000 for withdrawing the same amount or transferring same, for example.

“There is another payment charged by banks called maintenance fee of 1 per cent. There is also stamp duty charge.”

He said, “This is happening at a time when the inflation rate is as high as 33.2 per cent, cost of diesel and fuel very high, exchange rate over N1,400 per dollar, standard of living is very low and hardship pervades every nook and cranny of the country. 

“Bank customers are not supposed to fund expenses and responsibilities of banks.

“How is it the business of the government to watch over cyberspace? Let banks build enough ICT capabilities that can fight cyber insecurity.”

James Emejo

Follow us on: