Payment Service Providers, Others to Charge Cybersecurity Levy – CBN
The Central Bank of Nigeria (CBN) has directed all Mobile Money Operators (MMOs) and Payment Service Providers (PSPs) to charge 0.005 per cent levy for every electronic transaction on their platform for the National Cybersecurity Fund (NCF).
The NCF is a fund that is to be overseen alongside the multi-agency Cybercrime Advisory Council by the National Security Advisor (NSA) and the Attorney-General of the Federation (AGF) according to the Cybercrimes Act of 2015.
CBN in a circular signed by the Director, Banking and Payments System department, ‘Dipo Fatokun said the collection of the charges which is to be paid into a Treasury Single Account (TSA) domiciled at the Apex Bank is to become effective from July 1, 2018.
The circular which was addressed to MMOs and PSPs in the country read “pursuant to the provisions of Section 44 (S. 1 and 2) of the Cybercrimes (Prohibition, Prevention etc) Act 2015, all MMOs and other affected PSPs are hereby directed to comply with the statutory provision for the collection and remittance of the 0.005% levy on all electronic transactions by the businesses specified on the second schedule of the act.”
Effectively, all electronic financial transactions occurring in a bank, or on a mobile money scheme or any other payment platform that have an accompanying charge shall be charged the 0.005% levy. According to the circular, the levy shall be 0.005% of the service charge exclusive of all tax effects from all electronic financial transactions occurring on in a bank, or on a mobile money scheme or any other payment platform.
Also, it said “all electronic transactions, both inter and intra, that have accompanying service charge shall qualify as eligible transactions. Operators shall remit the levy on a monthly basis using the effective date or date of commencement of business as the base month. For this purpose, the fifth business day of every subsequent month shall be the latest date for remittance.”
The Cybercrimes Act 2015 which was passed in May of 2015 is the first legislation in Nigeria that deals specifically with cyber security recognises the role of financial institutions as stakeholders in the cyber security framework.
The Act defines the term ‘financial institution’ as including “any individual, body, association or group of persons, whether corporate or unincorporated which carries on the business of investment and securities, a discount house, finance company and money brokerage…, insurance institutions, debt factorisation and conversion firms, dealer, clearing and settlement companies, legal practitioners, hotels, casinos, bureau de change, supermarkets and such other businesses as the Central Bank or appropriate regulatory authorities may, from time to time, designate.”
The National Cyber-Security Fund is created by s.44 of the act. It is an account to be maintained with the Central Bank of Nigeria (CBN) and administered by the NSA. It is to be funded, inter alia, by a 0.005 levy on all transactions by businesses specified in the second schedule to the Act which are as follows: (i) GSM service providers and all Telecommunication companies; (ii) Internet Service Providers; (iii) Banks and other Financial Institutions; (iv) Insurance Companies; and (v) the Nigerian Stock Exchange.
The fund managed by the NSA is to be applied toward the functions of the Council outlined in s.43, which, as well as establishing an enabling environment and formulating general policy, includes awarding research and graduate training grants in the cyber security field. Also, up to 40 percent of the fund may be allocated for programmes countering violent extremism.