Cybersecurity levy: One too many

While there is a crucial need to address the growing threats of cyber-attacks, it will be extremely inappropriate to implement the Cybersecurity levy introduced by the Federal Government now because of the current economic hardship in the country and some perceived shortcomings in the enactment process.

Earlier this month, the Central Bank of Nigeria (CBN) issued a circular requiring all financial institutions, mobile money operators, and payment service providers to deduct a 0.5 per cent Cybersecurity levy on all electronic transactions, such as online banking and mobile payments. This deduction is mandated by section 44 (2) (a) of the Cybercrime (Prohibition, Prevention, etc.) (Amendment) Act 2024 and will be remitted to the National Cybersecurity Fund (NCF) under the administration of the Office of the National Security Adviser (ONSA).

The levy is not a new development, as it was provided for in the Cybercrime Act 2015, and is one of the ways the NCF is funded. Though the implementation of the levy has been suspended, the process of introduction and suspension confirms the fears of many Nigerians about the intention and preparedness of the government to cater to the needs of the people.

At a time when Nigerians are yet to recover from the aftermath of the removal of subsidies on petroleum, and electricity, among other reforms, as well as rising inflation, the argument on the street has been the timing of such reforms. Indeed, timing is essential to the success of any reform. This underscores the current public resistance to the implementation of the levy. This is certainly not the right time to implement this levy.

It is common knowledge that Nigeria faces significant revenue challenges. This has continued to undermine the country’s capacity to achieve sustainable growth. Given this context, the government resorted to mobilising the required revenue across different segments, especially by exploring tax, which is believed to be under-explored. However, research has shown that higher taxes do not lead to sustainable growth.

No country can tax itself to prosperity! Perhaps, it is in recognition of this that the current administration and the Presidential Committee on Fiscal Reforms have often emphasized that the government will not introduce new taxes. Critics have also pointed out that the Taiwo Oyedele-led committee should have been consulted to see how the new levy fits into a harmonised national tax system that does not further erode household incomes. However, the reality appears to defy this position going by new levies being considered.

To avoid multiple applications of the levy, certain transactions were exempted. They include loan disbursements and repayments, salary payments, intra-bank transfers between customers of the same bank, intra-account transfers within the same bank or between different banks for the same customer, inter-branch transfers within a bank, cheque clearing and settlement, letters of credit, savings and deposits.
Also exempted are transactions that involve long-term investments such as Treasury Bills, Bonds and Commercial Papers, and government social welfare programmes’ transactions such as pension payments. Stakeholders, however, believe the levy, despite the exemptions, will create chaos in the banking system as regards managing deductions.

The key objective of the Cybercrime levy is to ensure that there is dedicated and adequate funding available to address the growing threats of cyber-attacks. As the digital economy grows, digital crime grows with it. Soaring numbers of online and mobile interactions are creating millions of attack opportunities. Many attacks lead to data breaches that threaten both people and businesses. McKinsey, citing Steve Morgan, believes that at the current rate of growth, damage from cyber-attacks will amount to about $10.5 trillion yearly by 2025. This explains why some countries have implemented various forms of levies to fund cybersecurity initiatives. Rules around the world are equally stringent. The European Union’s General Data Protection Regulation, for example, may levy fines of up to four per cent of global turnover against companies that fail to protect their customers.

The U.S. National Defence Authorisation Act, Executive Order 14028, and the extension of the False Claims Act to include misrepresentation of an organisation’s cybersecurity programme and qualifications constitute another example. The continuing digitisation of the global economy, ever-increasing numbers of cyberattacks, and regulatory pressure on companies to protect their data present the government and other cybersecurity providers with a compelling opportunity and argument to initiate new ways to protect assets. However, consideration must be given to the country’s prevailing economic conditions. The current economic climate in Nigeria does not justify the implementation of the cybersecurity levy now.

It is more worrisome that the 0.5 per cent levy comes without a cap, which suggests that the charge could run into several millions of naira for heavy transactions. Various reports have indicated that the government will generate about N3 trillion yearly from the levy.  However, there has been no formal presentation to the public of the cost and benefit analysis. It is always critical that the enactment of any tax or levy should come with the tax expenditure statement to provide information as to whether the benefits of such tax or levy outweigh its cost. Economists say it would force people to resort to cash transactions, a possibility that would increase the volume of cash outside the banking system, which has exceeded 90 per cent.

Meanwhile, businesses are already saddled with the following federal taxes: Company Income Tax, Tertiary Education Tax, Stamp Duties, NITDA Levy, Value Added Tax, NASENI Levy, and Police Trust Fund Levy, among others. Still in the works are the NYSC Levy and Tertiary Health Levy. There are also a plethora of taxes and levies imposed by states and local governments. For a profligate political class, streamlining taxation would be lame if the government habitually charges levies while being fiscally irresponsible.

Nigerians are strained and tired. With the suspension of the implementation of the levy, Nigerians are hopeful the government will focus on tax reforms that address revenue leakages and be financially prudent in the utilisation of public funds. Combining revenue-raising initiatives with responsible spending practices is essential for fiscal sustainability.

The cybersecurity levy is undoubtedly a unique approach to fund-raising, but perhaps the poor execution of the levy rollout serves as a reminder of the need for improved awareness and campaign. Maybe this cost would be more understandable if there was a greater focus on how secure the country would be by implementing a national cybersecurity initiative.  But right now, it seems more like an additional tax to the public.