CBN Stands Firm on Controversial 0.005% Cybercrime Levy for Electronic Transactions

The Central Bank of Nigeria (CBN) has said no going back on the cybercrime levy imposed on all electronic transactions.

In fact, in its new guidelines for the 2024-2025 fiscal year, the CBN announced that it will continue enforcing this controversial cybercrime levy of 0.005%.

This levy has received widespread criticism by Nigerians.

However, to the CBN, it is mandated by the Cybercrime (Prohibition, Prevention, etc.) Act of 2015, aimed at bolstering the nation’s cyber security infrastructure.

Meanwhile, the percentage has been reduced from 0.5% earlier announced in May 2024 to 0.005% in the new guidelines.

The CBN published the Monetary, Credit, Foreign Trade, and Exchange Policy Guidelines for Fiscal Years 2024-2025 document.

Via the document, the CBN reaffirmed its commitment to this charge.

The document read: “The CBN shall continue to enforce the payment of the mandatory levy of 0.005 percent on all electronic transactions by banks and other financial institutions, in accordance with the Cybercrime (Prohibition, Prevention, etc.) Act, 2015.”

The guidelines also echoes other commitments by the CBN.

Such commitment includes ensuring that banks, Other Financial Institutions (OFIs), and Payment Service Providers (PSPs) adhere to minimum cybersecurity standards.

To this end, the appointment of Chief Information Security Officers (CISOs) to oversee cybersecurity issues in compliance with the 2022 risk-based cybersecurity framework is of top priority.

The document added: “Pursuant to the circular titled ‘Issuance of Risk-based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Providers’ referenced BSD/DIR/GEN/LAB/11/25, and dated October 10, 2018, issued by the CBN to combat the increasing cyber security threat in the banking industry, banks and Payment Service Providers (PSPs) are mandated to adhere to the guidelines on the risk-based cyber security framework.

“Similarly, another framework titled ‘Issuance of Risk-based Cybersecurity Framework and Guidelines for Other Financial Institutions (OFIs)’, referenced OFI/DOA/CON/ACT/004/155, was issued on June 29, 2022.

The guidelines specified the minimum cyber security baseline to be implemented by banks, OFIs and PSPs, and mandated the appointment of a Chief Information Security Officer (CISO) to oversee cyber security issues.”