NCS has been the voice of Information Technology professionals for the past four decades now.

Presently with over 20,000 members spread across all sectors of the economy, NCS continues to expand and grow in might and relevance.

Announcing plans for the Cybersecurity Forum and Workshop on Tuesday at the secretariat in Lagos, Dr. Muhammad Sirajo Aliyu, the president of NCS, said they are excited to announce upcoming Cybersecurity Forum and Workshop, scheduled to take place at the National Open University of Nigeria (NOUN) in Abuja from June 11th to 13th, 2024.

“This forum and workshop will serve as a platform for experts to share their knowledge, discuss best practices, and develop strategies to enhance cybersecurity in an increasingly digital world.

“A key focus of the forum and workshop will be addressing the alarming rise in mobile channel fraud, which, according to the NIBSS Industry Fraud Report Q1 2024, has increased by 19% compared to the previous quarter.

Dr. Aliyu said this finding underscores the urgent need for advanced cybersecurity measures and the development of robust strategies to combat evolving threats.

“The event aims to tackle these pressing challenges and equip participants with the skills and insights needed to protect digital assets and infrastructure effectively.

“By leveraging the latest data and trends highlighted in the NIBSS report, attendees will be better prepared to counteract the specific techniques that fraudsters are increasingly employing, such as social engineering and phishing.

“Through collaborative efforts and the sharing of cutting-edge knowledge, we aim to foster a resilient cybersecurity environment capable of safeguarding Nigeria’s digital future”, he said.

Creation of Cybersecurity Tax:

Dr. Aliyu further called for improved Federal Government-professionals handshake to avoid flip-flops during policymaking processes.

He cited the recent Cybersecurity Levy agenda pursued by the Central Bank of Nigeria (CBN) as a case of study.

In the words of the NCS President:

“We must acknowledge the recent withdrawal of the proposed cybersecurity tax. While the intentions were noble, it is evident that further discussions and evaluations are necessary to ensure that any future initiatives in this regard align with the broader interests of our nation’s digital landscape”.

The decision of the apex bank to withdraw the circular followed the public outrage that trailed the announcement of the policy two weeks ago and the suspension of the levy by the Federal Government last week.

In its initial circular dated May 6, 2024 addressed to all deposit money banks, mobile money operators and payment service providers, the apex bank directed the deduction of the levy to be remitted to the National Cybersecurity Fund (NCF), administered by the Office of the National Security Adviser (ONSA).

The development sparked wild outcries with labour unions threatening actions and pressure groups faulting the timing of the implementation of the levy amidst the cost of living crisis exacerbated by rising inflation.

The Federal Government would subsequently suspend the controversial cybersecurity levy, as announced by Information Minister Mohammed Idris on May 14, 2024.

The CBN, in its latest circular dated May 17, 2024, referred to the earlier May 6, 2024 circular and advised financial institutions that the initial circular on the implementation of the cybersecurity levy “is hereby withdrawn”.

The CBN’s latest circular on the matter was co-signed by its Director of Payments System Management Department, Chibuzo Efobi; and his counterpart at the Financial Policy and Regulation Department, Haruna Mustafa… (Source)

While acknowledging the importance of cybersecurity funding, KPMG argues that the current economic condition makes it a bad time to introduce this additional burden on businesses and individuals.

The Central Bank of Nigeria (CBN) recently mandated a 0.5% levy on electronic transactions to fund cybersecurity initiatives. However, KPMG highlights the lack of a cost-benefit analysis for this levy, particularly considering estimates that it could generate N3 trillion annually. The firm pointed to the need for transparency in how these funds will be utilized.

KPMG has also criticized the timing of the levy’s implementation, stating that higher taxes don’t necessarily lead to sustainable growth. The firm suggests that the government should focus on reforms addressing revenue leakages and responsible spending practices instead of introducing new levies.

Uwaleke, Ekekwe, Mayaki, Essien, React to CBN’s ‘0.5% Cybersecurity Levy’

Highlighting that the levy could discourage electronic transactions and hinder business growth, especially given the current economic challenges, KPMG noted that businesses may resort to alternative methods to avoid the levy, potentially impacting financial inclusion efforts.

The advisory firm urges the government to reconsider the implementation of the cybersecurity levy and prioritize reforms that address existing problems. A gradual phasing-in of any tax measures to minimize economic disruption was advocated for.

KPMG is driving existing public resistance to the levy. The Nigerian Association of Chambers of Commerce, Industry, Mines and Agriculture (NACCIMA) had previously called for a cap on the levy amount to lessen the burden on the private sector.

KPMG points to the need for a long-term approach to cybersecurity funding. While recognizing the importance of protecting against cyber threats, the need to advocate for a strategy that balances security needs with economic realities is necessary.

The circular prescribes the ‘implementation guidance’ on the collection and remittance of the National Cybersecurity Levy of 0.5% on all electronic transactions.

What followed was a firestorm of discontent across Nigeria over a new levy. The Central Bank’s (CBN) plan to raise funds for cybersecurity has backfired, landing like a heavy stone on citizens and businesses already weighed down by economic woes.

This new levy is seen as a final straw for many. Nigerians are grappling with soaring inflation that erodes their purchasing power, and a weakened Naira that stretches their budgets even further.

The additional bite from the cybersecurity levy feels like the government dipping directly into its pockets, especially at a time when every Naira counts.

Beyond the immediate financial strain, there’s a deep skepticism about the levy’s effectiveness. Critics question whether these collected funds will translate into tangible improvements in cybersecurity. Many are demanding more transparent solutions. Solutions that bolster the country’s digital defenses without squeezing the life out of an already struggling population.

Speaking to Techeconomy on the issue, Primidac, a cybersecurity expert and analyst discussed the urgency of providing cybersecurity mechanisms for financial institutions in Nigeria.

He said:

“If I hack into CBN now using software from the dark web I can electronically transfer money into my account or an offshore account without being tranced. or if there is an insider threat, money can be siphoned with no trace.

“Financial institutions are targeted heavily around the world every day. New hacking methods and techniques are being adopted every day, so financial institutions need to strengthen their security,” said Primidac.

“The issue behind the implementation of the cyber security fee is to provide more security and funding for this. Cyber Security is a billion-dollar field and as such needs as much money to carry it out cause much focus is not directed into this, the loss would be more. The real question is will the fee be used for what it is said it would be used for?

The implementation of this new policy has been shrouded in secrecy, which is only serving to further inflame tensions.

Critics have pointed out the lack of transparency and the absence of any meaningful consultation with key stakeholders, particularly those in the financial sector and the general public.

Experts are raising their voices, questioning whether the levy even aligns with existing legal frameworks. Whispers abound of potential conflicts with tax regulations or hidden clauses within the Cybercrime Act that might not explicitly authorize such a broad levy.

On one side, Primidac believes that businesses rather than customers should bear the burden of cybersecurity.

“The business should bear the burden of protection always as people should feel safe using your services. Customers are never to bear the burden of protection in a case of security loopholes or mishaps,” he said.

He added that if Nigeria aims to fully transition into a cashless economy, then it must utilize the necessary tools to ensure that financial institutions are safe from cyber threats.

The cybersecurity levy in Nigeria walks a tightrope between necessity and burden. While the stated goal of bolstering national digital defenses is undeniable, the levy’s impact on the economy and individual Nigerians remains a question mark.

Proponents argue it is a necessary investment, a stitch in time to save the financial system from cyberattacks that could cripple the entire economy. Yet, critics fear it might be a case of bleeding the patient. The levy could stifle the very digital transactions it aims to protect.

This resolution was a sequel to a motion of urgent public importance moved by the Minority Leader of the House, Kingsley Chinda, on Thursday.

The CBN on Monday released a circular for the implementation of the Cybercrime (Prohibition, Prevention, etc) (Amendment) Act 2024.

The circular stated that the implementation of the levy would begin two weeks from the day of its announcement. The circular was directed to all commercial, merchant, non-interest and payment service banks.

According to the CBN, the directive is in line with the recent amendment to the Cybercrime (Prohibition, Prevention, etc) (Amendment) Act 2024.

“The levy shall be applied at the point of electronic transfer origination, then deducted and remitted by the financial institution. The deducted amount shall be reflected in the customer’s account with the narration, ‘Cybersecurity Levy’,” CBN’s circular reads in part.

Since the issuance of the circular, the policy has been met with negative reactions. However, the CBN has consistently maintained that they are only implementing a law passed by the National Assembly.

Leading the debate on the motion, Mr Chinda said the Cybercrime Act is implemented wrongly by the CBN.

He said the law did not put the burden of the levy on bank custom.

Citing section 44(2)(a) of the Cybercrimes (Prohibition, Prevention, etc.) (Amendment) Act, 2024, Mr Chinda said telecommunication companies, Internet service providers; banks and other financial institutions, insurance companies and the Nigerian Stock Exchange are the companies mandated to pay the cybercrime levy.

Aside from the Interpretation of the Act, Mr Chinda said the CBN’s circular was worded badly.

“Wordings of the CBN circular leaves the CBN directive to multiple interpretations including that the levy be paid by bank customers, that is, Nigerians against the letters and spirit of Section 44(2)(a) and the Second Schedule to the Cybercrimes Act, which specifies the businesses that should be levied accordingly,” Mr Chinda said.

The House directed the CBN to withdraw the ambiguous circular and issue a new one that provides clarity and proper interpretation of the law.

The motion was adopted unanimously without debate.

Speaker Abbas Tajudeen, who presided over the session, directed the House Committees on Banking Regulations, and Banking and other Ancillary Institutions to guide the CBN properly.

To Uche Uwaleke, a professor of Finance and Capital Market, cybersecurity levy is ill-timed, carries the downside risk of discouraging financial inclusion, thus advising the circular be withdraw forthwith.

“I think the cybersecurity levy is ill-timed, coming at a time when the CBN is concerned about the high rate of financial exclusion and the increasing rate of currency circulating outside the banks.

‘It carries the downside risk of discouraging financial intermediation as well as complicating the transmission of monetary policy with more people shunning the banks due to high charges. The end result is that it makes difficult effort by the CBN to tame inflation.”

“So, I think the circular should be withdrawn especially against the backdrop of assurances by the government that its plan to increase revenue would not include introducing new taxes or increasing tax rates.

To this end, the government should suspend the policy while getting set to implement the recommendations of the Presidential Committee on Fiscal Policy and Tax Reforms whose mandate includes streamlining multiple taxes and levies currently inhibiting the growth of businesses in Nigeria.

Reacting to the CBN Cybersecurity levy, Professor Ndubuisi Ekekwe, the lead faculty at the Tekedia Institute, tweeted:

“Nigeria does not need this playbook. What we need is GROW the economy so that corporate taxes can take care of these auxiliary fees. America, waived online sales taxes for more than a decade to grow the economies like; Amazon ascend, all the lost taxes would be made up.

“Taking 0.5% is a lot of money, and it makes the Office of the National Security Adviser (NSA) the most investable fintech in Nigeria if is for investment.

However, to Emmanuel Odunyemi, who works with Cybersecurity Consulting firm said,

“I think it’s a welcome development. Mind you, there are many transactions that are exempted.  I see no issues if we want to have a National Cybersecurity Fund. Although, I have not taken my time to read the 2024 Cybersecurity Act.

“Every year, commercial banks and some Payment service platforms have their Cybersecurity budgets running in hundreds of millions, some in billions under strict compliance to the CBN IT security guideline.

“Despite the huge budget, many still experience data breaches and several cases of frauds. If the govt is now willing to harmonize the efforts and tackle Cyber-attacks from a consolidated fund, why should we have issues with that? On a transfer of 10k, u will be charged just 50 Naira. Should that be an issue?

I think this is for our own good. The threat landscape is getting wider day by day and it shouldn’t be left to the private sectors alone to fight.

Deina Mayaki, an entrepreneur, aired her view her official LinkedIn page, noted that there seems not to be correlation in the apex bank position about the volume of excess cash in circulation and the various charges the federal government is bringing on board.

“Yesterday a report indicated that the Vol [sic: volume] of cash outside the banks has reached its all-time high of 3.8 trillion. I thought we were driving a cashless economy.

“We are still frustrating the digital economy by increasing levies. The bank takes transaction charges, maintenance fees, stamp duty, SMS charges, VAT and now cybersecurity levy.

“Why should we pay a bank to secure our fund? What’s the incentive? Is this some sort of insurance that guarantees money back after the theft?

We can’t drive financial inclusion like this. How do we convince the unbanked that this isn’t a money ripping process?

A business still pays income tax after this. What level of extortion is this?, she queried.

Yet, Mark Essien, the founder and CEO of Hotels.ng, tweeted: “The 0.005 tax imposed by the NSA in Nigeria will be fatal for retailers. If you sell goods worth N5billion, you may make profit of N50m. But you pay NSA N25m monthly, which is 50% of your profit.

“There is no cap to this fee.

“This is a terribly business unfriendly move”.

On which divide are you?

Techeconomy highlights all the 16 banking transactions that are exempted from the CBN’s new cybersecurity levy:

1. Loan disbursements and repayments
2. Salary payments
3. Intra-account transfers within the same bank or between different banks for the same customer
4. Intra-bank transfers between customers of the same bank
5. Other Financial Institutions instructions to their correspondent banks
6. Interbank placements
7. Banks’ transfers to CBN and vice-versa
8. Inter-branch transfers within a bank
9. Cheque clearing and settlements
10. Letters of Credits
11. Banks’ recapitalisation-related funding – only bulk funds movement from collection accounts
12. Savings and deposits, including transactions involving long-term investments such as Treasury Bills, Bonds, and Commercial Papers.
13. Government Social Welfare Programmes transactions e.g. Pension payments
14. Non-profit and charitable transactions, including donations to registered non-profit organisations or charities
15. Educational institutions’ transactions, including tuition payments and other transactions involving schools, universities, or other educational institutions
16. Transactions involving bank’s internal accounts such as suspense accounts, clearing accounts, profit and loss accounts, inter-branch accounts, reserve accounts, nostro and vostro accounts, and escrow accounts.

[Featured Image Credit]

What do you think about the newly introduced ‘Cybersecurity Levy’ and the proposed Telecom Tax?

In other words, the CBN directed deposit money banks in the country to start charging customers Cybersecurity levy as contained in a circular dated May 6, 2024 by the apex bank to all commercial, merchant, non-interest and payment service banks as well as mobile money operators and payment service providers.

“Following the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and pursuant to the provision of Section 44 (2) (a) of the Act, ‘a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the Second Schedule of the Act’, is to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the Office of the National Security Adviser (ONSA),” the circular partly read.

The apex bank said that the implementation of the levy would start two weeks from the date of the circular.

“The levy shall be applied at the point of electronic transfer origination, then deducted and remitted by the financial institution. The deducted amount shall be reflected in the customer’s account with the narration, ‘Cybersecurity Levy’.

“Deductions shall commence within two weeks from the date of this circular for all financial institutions and the monthly remittance of the levies collected in bulk to the NCF account domiciled at the CBN by the fifth business day of every subsequent month,” the circular added.

Exempted from the levy include loan disbursements and repayments, salary payments, intra-account transfers within the same bank or between different banks for the same customer, intra-bank transfers between customers of the same bank.

Also exempted from the levy were inter-branch transfers within a bank, cheque clearing and settlements, ⁠Letters of Credits, ⁠Banks’ recapitalisation-related funding only bulk funds movement from collection accounts, savings and deposits including transactions involving long-term investments, among others.

The apex bank recently stopped fintechs firms like Opay and Palmpay from onboarding new customers and directed banks to deduct 0.375 per cent stamp duty charge on all mortgaged-backed loans and bonds. (Source: Channels TV)