Exemptions from the Cybersecurity Levy and Eight things to know about the new cybersecurity levy

Effective from Monday April 20, 2024, Banks and Other financial institutions operating in the country shall commence the implementation of the cybersecurity levy as the CBN directive.

In giving the directives and to avoid multiple application of the levy on the same transaction/transfer, the CBN captures transactions currently deemed eligible and are exempted from the application of the cybersecurity levy. There is a total of 16 of such exempted transactions. See below. But first, a summary of the directives on the new levy

1. In accordance with the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024, a new levy of 0.5%, which is equivalent to half a percent, is now imposed on electronic transactions.
2. The originator of the electronic transaction is responsible for paying the levy, which is then deducted by the financial institution. The deducted amount will be clearly indicated in the customer’s account with the description: “Cybersecurity Levy.”
3. Financial institutions are required to deduct the levy and transfer it to the National Cybersecurity Fund, which is overseen by the Office of the National Security Adviser.
4. Deductions will commence within two weeks from the issuance of the circular, specifically on May 6. Financial institutions must then remit the collected levies in a consolidated manner to the NCF account held at the CBN. This remittance should take place monthly, with the deadline being the fifth business day of the following month.
5. Financial institutions are obligated to update their systems to accommodate the deduction and remittance of the levy within the specified timeframe. Failure to comply with this requirement may result in penalties, including a fine of up to 2% of the financial institution’s annual turnover.
6. There are fifteen transactions approved by the Central Bank of Nigeria (see below) as exempted from the application of the cybersecurity levy
7. The proceeds of the cybersecurity levy will be administered by the Office of the National Security Adviser (ONSA) .
8. The proceeds of the cybersecurity levy will be used for cybercrimes prevention, prohibition, etc., in the country.

SCHEDULE OF EXEMPTIONS FROM THE CYBERSECURITY LEVY

Below is the list of 16 transanctions exempted from the cybersecurity levy by the Central Bank of Nigeria.

1. Loan disbursements and repayments
2. Salary payments
3. Intra-account transfers within the same bank or between different banks for the same customer
4. Intra-bank transfers between customers of the same bank
5. Other Financial Institutions (OFls) instructions to their correspondent banks
6. Interbank placements
7. Banks’ transfers to CBN and vice-versa
8. Inter-branch transfers within a bank
9. Cheques clearing and settlements
10. Letters of Credits (LCs)
11. Banks’ recapitalization related funding – only bulk funds movement from collection accounts
12. Savings and deposits including transactions involving long-term investments such as Treasury Bills, Bonds, and Commercial Papers.
13. Government Social Welfare Programs transactions e.g. Pension payments 14.Non-profit and charitable transactions including donations to registered non­
14. profit organisations or charities.
15. Educational Institutions transactions, including tuition payments and other transaction involving schools, universities, or other educational institutions.
16. Transactions involving bank’s internal accounts such as suspense accounts, clearing accounts, profit and loss accounts, inter-branch accounts, reserve accounts, nostro and vostro accounts, and escrow accounts