back to top

CBN Officially Withdraws Controversial Cybersecurity Levy Directive

The move to cancel the directive was prompted by a motion from Honourable Kingsley Chinda, who emphasized the need to halt and revise the cybersecurity levy implementation.

Share

The Central Bank of Nigeria (CBN) has officially retracted its previous directive instructing banks to implement the deduction of a cybersecurity levy, which was to be managed by the Office of the National Security Adviser (NSA).

This decision was communicated in a circular issued on Sunday evening to various categories of banks, mobile money operators, payment service providers, and others. The circular was signed by Chibuzor Efobi, Director of Payments System Management, and Haruna B. Mustafa, Director of Financial Policy and Regulation at the CBN.

The statement read, “The circular on deduction and collection of the cybersecurity levy is hereby withdrawn.” This retraction follows widespread criticism, including objections from the House of Representatives, which described the directive as “ambiguous” and urged the CBN to withdraw it.

The move to cancel the directive was prompted by a motion from Honourable Kingsley Chinda, who emphasized the need to halt and revise the cybersecurity levy implementation. Chinda highlighted that the CBN directive had multiple interpretations that conflicted with the specifications outlined in the Cybersecurity Act.

The House of Representatives expressed concerns that the Act could be misapplied if the directive was not immediately clarified and aligned with the Cybersecurity Act’s provisions.Previously, on May 6, 2024, the CBN had issued a circular mandating all banks, mobile money operators, and payment service providers to implement a new cybersecurity levy in accordance with the Cybercrime (Prohibition, Prevention, etc.) Amendment Act 2024.

The Act stipulated that a levy amounting to 0.5 percent of the value of all electronic transactions would be collected and remitted to the National Cybersecurity Fund (NCF), overseen by the NSA.Financial institutions were required to apply the levy at the point of electronic transfer origination, explicitly noting the deducted amount in customer accounts under the descriptor “Cybersecurity Levy,” and remitting it accordingly.

Read more

Local News