EXPLAINER: Is it 0.5% or 0.005%? Who Pays? Confusion Trails New Cybersecurity Levy

Following the directive by the Central Bank of Nigeria (CBN) to financial institutions for the implementation of the cybersecurity levy on all electronic transactions, questions have been raised regarding the percentage that should be deducted from customers’ transactions.

On May 6, CBN directed banks to implement a “levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions”.

CBN said the policy, which would take effect in two weeks, would be remitted to the national cyber security fund, administered by the office of the national security adviser (ONSA).

According to the apex bank, the deduction and collection of the cybersecurity levy is a sequel to the enactment of the Cybercrime (prohibition, prevention etc) Amendment Act of 2024.

“Following the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and under the provision of Section 44 (2)(a) of the Act, “a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the second schedule of the Act, is to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA),” CBN said.

‘0.005% OR 0.5?’

The apex bank’s announcement has left some Nigerians wondering whether the amount to be deducted is 0.005 percent or 0.5 percent.

The confusion expressed by some Nigerians stems from the provisions of the repealed Cybercrimes (prohibition, prevention, etc) Act, 2015 as well as a 2018 CBN circular sent to payment service providers.

Section 44 (2) (a) of the repealed act states that “a levy of 0.005 of all electronic transactions by the businesses specified in the second schedule of this act” shall be paid and credited into the “National Cyber security Fund”.

Also, in the 2018 CBN circular, the apex bank said “the levy shall be 0.005 of the service charge (exclusive of all tax effects) from all electronic financial transactions occurring in a bank, a mobile money scheme or other payment platforms”.

Festus Ogun, a lawyer, taking to his X page, said the cybercrime (amendment) Act, 2024 did not “provide for a 0.5% levy”.

“It provides for 0.005% levy. It was in fact bracketed for clarity.Why is FG charging 0.5% when the law says it should charge 0.005%? 0.5% is not same as 0.005%,” he wrote.

Another X user, named Olotu of Ottawa, said there is ambiguity in the law.

“Because there was no percentage in that value. And 0.005 is the same as 0.5%,” he wrote.

WHAT DOES THE CYBERCRIME AMENDMENT 2024 ACT SAY?

According to the Cybercrimes (prohibition, prevention, etc) (Amendment) Act, 2024, the provisions of section 44 of the principal act was amended — nullifying the previous regulation.

The new provision requires “a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value” to be made by “the business specified in the Second Schedule to this Act”.

In essence, the act, which previously stated only the decimal value of the levy (0.005), introduced the percentage equivalent (0.5 percent) of the levy.

For instance, if a sender intends to send N50,000 to a recipient, 0.5 percent of the amount would amount to N250.

Similarly, multiplying N50,000 by 0.005 equals to N250.

Consequently, it is important to note that 0.005 is 0.5 percent.

WHO PAYS?

In the directive to banks and other financial institutions, CBN said there are 16 exemptions to the cybersecurity levy.

This indicates transactions outside the exemptions listed below will be charged.

Loan disbursements and repayments.
Salary payments.
Intra-account transfers within the same bank or between different banks for the same customer.
Intra-bank transfers between customers of the same bank.
Interbank placements.
Banks’ transfers to CBN and vice-versa.
Inter-branch transfers within a bank.
Cheques clearing and settlements.
Letters of credits (LCs).
Banks’ recapitalisation-related funding (only bulk funds movement from collection accounts)
Savings and deposits including transactions involving long-term investments such as treasury bills, bonds, and commercial papers.
Government social welfare programme transactions (e.g. pension payments).
Non-profit and charitable transactions (including donations to registered non-profit organisations or charities).
Educational institution transactions (including tuition payments and other transactions involving schools, universities, or other educational institutions).
Transactions involving bank’s internal accounts such as suspense accounts, clearing accounts, profit and loss accounts, inter-branch accounts, reserve accounts, nostro and vostro accounts, and escrow accounts.
Other financial institutions’ (OFIs) instructions to their correspondent banks.
In a chat with TheCable, a legal practitioner, Timi Olagunju, said the levy applies to individuals and businesses.

“It applies to both natural persons (individuals) and artificial persons (businesses) transferring money via electronic means,” he said.

“The levy is deducted directly by financial institutions from the originator of each transaction and reflected on the account statement as a cybersecurity levy. Loan disbursements and salary payments fall under specific exemptions to this.”

According to the CBN, merchant, non-interest, payment service banks, mobile money operators, microfinance banks, primary mortgage banks, and development finance institutions are financial institutions that will deduct the cybersecurity levy.

The financial regulator said the levy will be applied at the point of electronic transfer origination (the sender) — then deducted and remitted by the financial institution.

The deducted amount, CBN said, shall be reflected in the customer’s account with the narration: “cybersecurity levy”.

END

CLICK HERE TO SIGNUP FOR NEWS & ANALYSIS EMAIL NOTIFICATION

Be the first to comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.