Nigerian businesses that fail to remit the cyber security levy will face significant penalties, including a fine of at least 2% of their annual turnover.
This is contained in a recent memo jointly signed by Chibuzo A. Efobi, Director, Payments System Management Department, and Haruna B. Mustafa, Director, Financial Policy and Regulation Department, of the Central Bank of Nigeria (CBN).
The memo, which was issued on Monday, May 6, 2024, warned that failure to comply with the regulation would attract severe penalties, including the fine, which would be calculated as a percentage of the defaulting company’s annual revenue.
The penalty, according to the Nigerian government, is aimed at encouraging companies to take cyber security seriously and as the government seeks to invest in measures and fund initiatives that enhance national cyber security.
A global trend
Cyber threats have become a pervasive global phenomenon, with Nigeria being just one of many countries grappling with the devastating consequences of cyber attacks.
The rise of cybercrime has resulted in significant financial losses, reputational damage, and compromised sensitive information, affecting businesses, individuals, and economies worldwide.
In 2022 alone, global cybercrime costs were estimated to reach a staggering $6 trillion, emphasising the urgent need for robust cybersecurity measures.
How much is too much?
The implications of non-compliance may be considered far-reaching as defaulting companies with an annual revenue of ₦100 million, for instance, would be liable to a fine of at least ₦2 million (2% of ₦100 million).
The exemptions
Arbiterz gathered that loan disbursements and repayments are exempted from the cybersecurity levy, providing relief to borrowers and lenders alike.
Also, salary payments, which are a critical component of household finances, are also pegged as exemption from the levy.
In addition, intra-account transfers within the same bank or between different banks for the same customer will be exempt from the cybersecurity levy.
As part of efforts to reduce the burden on consumers and businesses that conduct frequent transactions, intra-account transfers within the same bank or between different banks for the same customer will also not be captured in the levy.
Also read: CBN Launches Cyber-Security Campaign
Other exemptions include;
- Intra-bank transfers between customers of the same bank
- Other Financial Institutions (OFIs) instructions to their correspondent banks
- Interbank placements
- Banks’ transfers to CBN and vice-versa
- Inter-branch transfers within a bank
- Cheques clearing and settlements
- Letters of Credits (LCS)
- Banks’ recapitalization related funding
- Savings and deposits, including long-term investments
- Government Social Welfare Programs transactions, such as pension payments
- Non-profit and charitable transactions
- Educational Institutions transactions, including tuition payments
- Transactions involving bank’s internal accounts
What next?
The Nigerian Labour Congress (NLC), Trade Union Congress (TUC), and bank customers have expressed strong opposition to the newly introduced cybersecurity levy by the Central Bank of Nigeria (CBN), calling for its immediate withdrawal.
This united front rejects the levy, citing concerns over its impact on the financial sector and the broader economy.