The Central Bank of Nigeria (CBN) has officially rescinded the implementation of the controversial 0.5% cybersecurity levy just three days before its scheduled implementation, a move that had stirred significant regressive among financial institutions and stakeholders.
In 2024, the Cybersecurity Act was amended to broaden the levy’s scope, extending it to fintech companies, payment service providers, and other financial institutions, and increasing the rate by 900% from 0.005%.
“Please be advised that the above-referenced circular is hereby withdrawn,” stated the new circular, signed by Chibuzo Efobi, Director of the Central Bank’s Payment System Management team, and Haruna Mustafa, Director of Financial Policy and Regulation.
The cybersecurity levy, initially proposed as a measure to bolster the nation’s defenses against rising cyber threats, mandated financial institutions to contribute a specified percentage of their annual gross revenue to a dedicated cybersecurity fund. The proposal aimed to enhance the country’s cybersecurity infrastructure, ensuring better protection for the financial sector against sophisticated cyber-attacks.
However, the levy faced considerable opposition from banks and financial service providers. Critics argued that the additional financial burden could strain their operations, especially in a challenging economic climate. They contended that the levy might lead to increased costs for consumers and potentially stifle innovation within the industry.
The now-revoked cybersecurity levy would have imposed a ₦5 fee on an electronic transfer of ₦1,000 and a ₦500 fee on a ₦100,000 transfer. “Since I heard of the levy, I have only transferred money to bank accounts within my own bank,” said Ope, an online phone seller handling significant daily transactions, in an interview with TechCabal.
The now-withdrawn cybersecurity levy would have added to existing charges such as stamp duty, SMS fees, and those from the national payment switch, resulting in a ₦10,000 electronic transaction incurring a hefty ₦130.875 charge. However, exemptions existed for transfers within the same bank, salary disbursements, school fees, and loan repayments.
Its removal is anticipated to be embraced by Nigerians like Ope, who heavily rely on electronic transfers. This decision comes amid a significant surge in electronic transactions, with bank transfers alone constituting more than half of Paystack’s transactions in 2023, and the value of electronic transactions in Nigeria soaring by 66% to surpass ₦600 trillion in the same year.
Responding to these concerns, the CBN stated that the decision to withdraw the levy was made after extensive consultations with industry stakeholders. The central bank emphasized its commitment to collaborative policymaking and acknowledged the importance of maintaining a balanced approach that supports both cybersecurity advancements and the financial health of institutions.
In the announcement, the CBN reiterated its dedication to enhancing cybersecurity through alternative measures. These include investing in advanced technological solutions, fostering partnerships with international cybersecurity organizations, and providing continuous support and guidance to financial institutions to fortify their internal security protocols.
The withdrawal of the cybersecurity levy has also been welcomed by financial institutions, who expressed relief and appreciation for the CBN’s responsiveness to their feedback. Industry leaders have pledged to continue working with the central bank to develop and implement effective cybersecurity strategies that do not impose undue financial strain.
As the digital landscape evolves, the CBN reaffirmed its stance on the critical importance of robust cybersecurity measures. The central bank assured that it remains vigilant in monitoring cyber threats and is committed to safeguarding the integrity and stability of Nigeria’s financial system through strategic initiatives and collaborative efforts.