Nigerians can now heave a sigh of relief as the Central Bank of Nigeria (CBN) has withdrawn the controversial cybersecurity levy.

In a circular with reference number PSM/DIR/PUB/LAB/017/005, dated May 17, 2024, addressed to all commercial, merchant, non-interest, and payment service banks, other financial institutions, mobile money operators, and payment service providers, the CBN confirmed the withdrawal.

The circular, signed by the Director of the Payments System Management Department, Chibuzo Efobi, and the Director of the Financial Policy Department, Haruna Mustafa, referenced the ‘Cybersecurity (Prohibition, Prevention, etc.) (Amendment) Act 2004 – Implementation Guidance on the Collection and Remittance of the National Cybersecurity Levy’ issued on May 6, 2024, with reference number PSM/DIR/PUB/LAB/017/004, and advised banks to implement the withdrawal with immediate effect.

“The Central Bank of Nigeria circular dated May 6, 2024 (Ref: PSM/DIR/PUB/LAB/017/004) on the above subject refers. Further to this, please be advised that the above-referenced circular is hereby withdrawn. Please be guided accordingly,” the apex bank stated.

On May 6, 2024, the CBN directed banks and other financial institutions to begin a 0.5 per cent deduction of some categories of banking services into the National Cybersecurity Fund.

The apex bank said the directive followed the earlier circular and letter to all banks dated June 25, 2018 (Ref: BPS/DIR/GEN/CIR/05/008) and October 5, 2018 (Ref: BSD/DIR/GEN/LAB/11/023) on compliance with the Cybercrimes (Prohibition, Prevention, Etc.) Act 2015.

In the circular, the CBN stated the step became necessary following the enactment of the Cybercrime (Prohibition, Prevention, etc.) (Amendment) Act 2024. Under the provision of Section 4 (2)(a) of the Act, a levy of 0.5 per cent of all electronic transactions by businesses specified in the Second Schedule of the Act was to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA).

It stated that all banks, other financial institutions, and payment service providers were required to implement the provision of the Act.

According to the Act, “The levy shall be applied at the point of electronic transfer origination, then deducted and remitted by the financial institution. The deducted amount shall be reflected in the customer’s account with the narration: ‘Cybersecurity Levy’.”

The apex bank further disclosed that deductions were to commence within two weeks from the date of the circular for all financial institutions, with the monthly remittance of the levies collected in bulk to the NCF account domiciled at the CBN by the 5th business day of every subsequent month.

It added that system reconfigurations to ensure complete and timely submission of remittance files to the Nigeria Interbank Settlement System (NIBSS) Plc were to be completed within four weeks of the circular for commercial, merchant, non-interest, and payment service banks, as well as mobile money operators.

A one-week period was given to all other financial institutions, such as microfinance banks, primary mortgage banks, and development finance institutions.

On penalties for infractions, the CBN said: “Penalties for non-compliance. Section 4 (8) of the Act prescribes that failure to remit the levy is an offence and is liable on conviction to a fine of not less than two per cent of the annual turnover of the defaulting business, amongst others. Finally, all institutions under the regulatory purview of the CBN are hereby directed to note and comply with the provisions of the Act and this circular.”