The Central Bank of Nigeria (CBN) has reaffirmed its commitment to strengthening the country’s cybersecurity infrastructure by enforcing a 0.005% levy on all electronic transactions conducted by banks and financial institutions.
This levy, mandated by the Cybercrime (Prohibition, Prevention, etc.) Act, 2015, aims to boost Nigeria’s defenses against the growing threat of cybercrime.
This latest enforcement, outlined in the CBN’s monetary, credit, foreign trade, and exchange policy guidelines for 2024-2025, represents a critical step in the ongoing fight against cyber threats.
Tekedia Mini-MBA edition 15 (Sept 9 – Dec 7, 2024) has started registrations; register today for early bird discounts.
Tekedia AI in Business Masterclass opens registrations here.
Join Tekedia Capital Syndicate and invest in Africa’s finest startups here.
“The CBN shall continue to enforce the payment of the mandatory levy of 0.005 per cent on all electronic transactions by banks and other financial institutions, in accordance with the Cybercrime (Prohibition, Prevention, etc.) Act, 2015,” the guidelines published on Tuesday said.
The decision comes after a controversial attempt by the CBN to implement a 0.5% levy on electronic transactions in May 2024, which sparked widespread debate among Nigerians. Many argued that the rate was exorbitant and would disproportionately affect individuals and businesses already grappling with economic hardship.
Following public outcry and intervention from the House of Representatives, the CBN was directed to suspend the implementation of the higher rate, leading to the current 0.005% levy.
Purpose of the Levy
According to the CBN, the levy is designed to fund the development of critical cybersecurity infrastructure, including intelligence, investigation, and preventive mechanisms aimed at reducing cybercrimes.
In recent years, Nigeria has witnessed a surge in cybercrime activities, with financial institutions being frequent targets. This levy is seen as a way to bolster the nation’s capacity to counter these threats by ensuring that banks and other financial institutions contribute to a national cyber defense fund.
The funds collected through this levy will be channeled toward enhancing Nigeria’s cyber intelligence, allowing the country to better detect, investigate, and prevent cyber attacks that could compromise financial systems.
Cybersecurity Guidelines
The CBN’s guidelines also reiterate the obligations of banks and Payment Service Providers (PSPs) to adhere to existing cybersecurity frameworks. These frameworks, which were issued in 2018 and 2022, set out minimum cybersecurity standards for all financial institutions.
According to a CBN circular from October 10, 2018, banks and PSPs are mandated to follow the Risk-based Cybersecurity Framework and Guidelines for Deposit Money Banks and Payment Service Providers. This framework was introduced in response to increasing cyber threats targeting the banking industry. It requires institutions to implement robust cybersecurity protocols to safeguard against risks, with specific requirements to appoint a Chief Information Security Officer (CISO) to oversee cybersecurity issues.
A similar framework, tailored for Other Financial Institutions (OFIs), was introduced on June 29, 2022. This further extended cybersecurity requirements to non-bank financial institutions, ensuring a comprehensive approach across the financial sector.
Implications for the Banking Sector
The enforcement of the 0.005% levy adds another layer of financial responsibility for banks and PSPs, which are already under pressure to comply with various regulatory requirements. While the levy itself may seem small, its cumulative impact, particularly for institutions handling large volumes of electronic transactions, could be significant. For consumers, these costs will eventually lead to higher fees for digital banking services.
However, the CBN insists as Nigeria’s economy becomes increasingly digitized, safeguarding the digital landscape is critical to maintaining trust in financial transactions. This makes the levy necessary to build a robust cybersecurity infrastructure capable of protecting the country’s financial systems from ever-evolving cyber threats.
Nigeria’s move to bolster its cyber defenses comes at a crucial time. The rise of electronic payments and digital banking has led to an uptick in cybercriminal activities targeting both individuals and institutions.
In the second quarter (Q2) of 2024, the Nigerian banking sector witnessed a staggering rise in fraudulent activities amounting to a total loss of N42.6 billion between April and June, according to the Q2 2024 Fraud and Forgeries report, recently released by the Financial Institutions Training Centre (FITC). The loss recorded in Q2 2024 alone eclipsed the total amount lost to fraud throughout 2023, where Nigerian banks collectively lost N9.4 billion.
In response to the growing concern, the CBN has issued multiple guidelines aimed at improving the banking industry’s security posture.
Banks and financial institutions are now required to not only contribute financially to the national cybersecurity fund but also implement the minimum cybersecurity baseline as stipulated by the CBN’s frameworks. By appointing dedicated CISOs and adhering to risk-based cybersecurity protocols, these institutions are expected to become more resilient to attacks, reducing the potential for financial losses and maintaining consumer trust.