Is Nigeria’s Cybersecurity Levy Worsening Economic Instability?

November 21, 2024

On May 6, 2024, Nigeria’s Central Bank (CBN) issued a circular mandating all banks, payment service providers, mobile money operators, and other financial institutions to implement a cybersecurity levy of 0.5%, equivalent to half a percent of the value of all electronic transactions. This move has sparked significant outrage from various stakeholders, including financial institutions, members of the House of Representatives, and Nigerians both local and abroad. The circular is widely criticized for not considering a data-driven approach and overlooking the impact of stakeholder engagement.

The Cybersecurity Levy: A Controversial Mandate

The CBN’s mandate requires financial institutions to levy a 0.5% charge on the value of all electronic transactions for cybersecurity enhancement. This directive aims to bolster the nation’s cybersecurity infrastructure, which is increasingly critical in the digital age. However, the policy has been met with widespread disapproval from banks, payment service providers, mobile money operators, lawmakers, and the general public. Critics argue that the policy fails to incorporate a thorough data-driven analysis or stakeholder engagement. The lack of consultation with key stakeholders has led to concerns about the policy’s feasibility and its potential impact on the financial sector.

Without engaging those directly impacted by this policy, it is challenging to foresee the comprehensive effects or to identify possible improvement areas. Financial entities are concerned that this mandate sets a dangerous precedent, potentially leading to further ill-conceived regulations. Moreover, the abruptness of the directive, without adequate preparation time, has compounded frustrations. Many believe that a more inclusive approach could have resulted in a more effective and less contentious solution. Indeed, engaging in dialogue with stakeholders would have allowed for a more balanced understanding of potential operational challenges and broader economic impacts.

Economic Implications and Operational Challenges

There are significant concerns about the policy’s impact on Nigeria’s already unstable economy. Financial institutions are worried about the financial burden the levy imposes on them and their customers. The additional costs associated with system reconfigurations to implement the new levy could be substantial, potentially leading to higher transaction fees for customers. Moreover, the policy could overstretch the financial capacity of both institutions and customers, aggravating the current economic instability. The mandatory data collection and storage for levy deductions also pose potential security and privacy issues, adding another layer of complexity to the implementation process.

Operationally, the sudden requirement for reconfiguring existing financial systems will not be a trivial task. Institutions must adjust their software and processes to comply with the new levy directive, which requires both time and significant financial outlay. These expenses will likely be transferred to customers, resulting in inevitable hikes in transaction fees, further burdening already strained consumer finances. Consequently, this financial strain could exacerbate the existing economic instability in Nigeria, where many are already struggling with high inflation and unemployment rates. Therefore, the levy could lead to unintended consequences by crippling the very institutions it seeks to protect.

Potential Benefits of the Cybersecurity Levy

Despite the widespread criticism, the cybersecurity levy has the potential to enhance Nigeria’s cybersecurity landscape. If properly allocated, the funds collected through the levy could be used to finance advanced cybersecurity initiatives tailored to the Nigerian financial ecosystem. This could lead to a reduction in cyberattacks and financial losses, ultimately benefiting the entire financial sector. Additionally, the collected transaction data can be used for cybersecurity threat modeling, identifying system vulnerabilities, improving risk management, and optimizing processes. These benefits, however, are contingent on the effective and transparent use of the funds, which remains a significant concern for many stakeholders.

Maximized efficacy of these funds demands rigorous oversight to ensure they are rightly directed towards genuine cybersecurity enhancements. If allocation is transparent and well-managed, the cybersecurity levy could significantly bolster Nigeria’s defenses against the increasing sophistication of cyber threats. The potential benefits extend beyond immediate threat mitigation, equipping financial institutions with advanced tools and knowledge to preempt and respond to emerging threats. This proactive approach could translate into long-term savings through reduced incidences of cybercrime, ultimately fostering greater trust in Nigeria’s financial systems. However, it remains to be seen whether CBN can manage and allocate these resources effectively.

Recommendations for Improvement

To address the concerns raised by various stakeholders, several recommendations have been proposed. One suggestion is for the CBN to explore alternative funding mechanisms to support cybersecurity initiatives, reducing the burden on financial institutions and individuals. This could involve seeking partnerships with international organizations or leveraging existing resources more effectively. Another recommendation is to adopt a collaborative approach to cybersecurity investment. This would involve financial institutions, fintech companies, mobile money operators, and cybersecurity experts working together to develop innovative solutions. Such collaboration could lead to more effective and sustainable cybersecurity measures.

Ensuring such efforts include key stakeholders in these collaborative initiatives can lead to a more holistic and grounded perspective on real-world challenges and potentials. Transparency and inclusivity in developing and applying these cybersecurity solutions will be critical. It emphasizes the collective responsibility of all parties involved to not only guard against cyber threats but also to share the financial burden equitably among all stakeholders. Therefore, international partnerships could also bring in best practices and advanced technologies from more developed financial markets, thus adding depth and breadth to Nigeria’s cybersecurity endeavors, without unduly imposing financial strain on local entities.

Transparency, Accountability, and Phased Implementation

Ensuring transparency and accountability in the use of the levy funds is crucial. Clear communication about the levy, its purpose, usage, and benefits, coupled with strict measures to prevent misuse of funds, can help build trust among stakeholders. Establishing key performance indicators to evaluate the levy’s effectiveness in enhancing cybersecurity is also essential. A phased implementation of the levy, rather than an abrupt two-week deadline, would allow institutions to assess the impact and align their systems and processes effectively. This approach would minimize disruptions and provide a smoother transition for all parties involved.

The overly rapid timeline mandated by the CBN adds unnecessary pressure and risks to both financial institutions and their clients. A more measured approach allows for necessary adjustments and refinements based on early feedback and the evolving landscape of cybersecurity threats. By gradually implementing the levy, any unforeseen operational issues can be addressed in a timely manner, thereby reducing the disruptive impact on the financial sector. Moreover, this gradual approach can serve as an ongoing learning experience, allowing institutions to iteratively improve their cybersecurity frameworks and better allocate resources for maximized effect.

Evaluating the Policy’s Effectiveness

On May 6, 2024, Nigeria’s Central Bank (CBN) issued a circular instructing all banks, payment service providers, mobile money operators, and other financial institutions to implement a cybersecurity levy set at 0.5%—equivalent to half a percent—of the value of all electronic transactions. This decision has triggered considerable outrage among various stakeholders, including financial institutions, members of the House of Representatives, and Nigerians both local and abroad. Critics argue that the directive is flawed because it fails to consider a data-driven approach and does not take into account the importance of stakeholder engagement. Many believe that meaningful consultation with those affected by the levy was necessary to ensure that its implementation would not result in unintended negative consequences. The backlash highlights the need for more transparency and collaborative policy-making processes, especially when it comes to regulations that significantly impact the financial sector and the broader economy.

Subscribe to our weekly news digest.

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for Subscribing!
We'll be sending you our best soon!
Something went wrong, please try again later