The Central Bank of Nigeria (CBN) has issued a directive to all financial institutions to commence deducting a cybersecurity levy on all electronic transactions, effective May 20, 2024.

This directive comes after a six-year delay since the initial directive was issued in 2018.

The levy, which is 0.005% of the transaction value, will be remitted to the National Security Fund, overseen by the Office of the National Security Adviser (ONSA).

The directive applies to all electronic transactions conducted through various financial channels, including commercial banks, mobile money operators, and payment service providers.

Failure to comply with the directive will result in a penalty of 2% of the institution’s annual turnover.

The CBN had initially released guidelines for the collection of the levy in 2018, but its implementation was delayed.

The recent circular, signed by Chibuzor Efobi and Haruna Mustafa, directs financial institutions to initiate the deductions and remit the levy to the National Cybersecurity Fund (NCF).

The levy will be applied at the point of electronic transfer origination and deducted by the financial institution. The deducted amount will be reflected in the customer’s account with the narration “Cybersecurity Levy.”

The circular also provides exemptions for certain transactions to avoid multiple applications of the levy on the same transaction/transfer.

Financial institutions are required to complete system reconfigurations to ensure complete and timely submission of remittance files to the Nigeria Interbank Settlement System (NIBSS) Plc within four to eight weeks of the circular, depending on the type of institution.

Failure to remit the levy is an offense liable to a fine of not less than 2% of the annual turnover of the defaulting business.