Proshare Report Questions Legality and Efficacy of Nigeria’s Cybersecurity Levy

A report by Proshare has questioned the legality of the Office of the National Security Adviser (ONSA) to receive unappropriated funding for its activities, particularly the controversial cybersecurity levy aimed at tackling the growing threats of cybercrime.
It said allowing the ONSA access to funds without the approval of the National Assembly was not only unconstitutional but against global practice.
This followed the controversies trailing the recent cybersecurity levy circular introduced the Central Bank of Nigeria (CBN) which gave the ONSA the responsibility to administer the fund.

On May 6, 2024, the apex bank ordered the implementation of 0.5 per cent levy on all electronic transactions value as part of efforts to contain the rising threats of cybercrime in the financial system.
The implementation followed the enactment of the Cybercrime (Prohibition, Prevention, etc) (amendment) Act 2024 and pursuant to the provision of Section 44 (2)(a) of the Act, which provided for the rate deduction.
The CBN explained that the deducted funds are to be remitted to the National Cybersecurity Fund (NCF), which shall be administered by the ONSA.
The levy shall be applied at the point of electronic transfer origination, then deducted and remitted by the financial institutions.
The Proshare report however, stated that the move tended to make account holders pay the government for a service already covered by financial institutions in their digital transfer charges.

Specifically, it argued that the levy was needless and amounted to double-taxation of bank customers since depositors’ funds up to N5 million are already covered by the Nigeria Deposit Insurance Company (NDIC).
It said, “If cyber protection goes beyond bank deposits, why should the funding of ONSA rely on money in customers’ deposit accounts and electronic transactions from these accounts?

“The global best practice is to establish a ‘black budget’ for cyber protection-related issues, which has Senate Security Committee oversight.
“The funding is a fiscal arrangement based on standard operating protocols (SOPs) and does not distort the pricing of commercial activities such as electronic transactions on customer deposit accounts.”
Continuing, the report stated, “To stretch the argument, if the naira were to come under a currency attack, would the CBN levy depositors’ bank accounts to repel the action of foreign currency speculators?

“If it did, how legal would it be? Fiscal intentions may be good, but policy execution frameworks are equally crucial; killing a child to solve the problem of a headache gets the job done but leaves a bigger ethical problem.
“Therefore, fiscal policy observers believe there is something viscerally wrong with the CBN levying customers’ bank accounts to fund a government office or agency’s activities.”

The report, which estimated that between N1 trillion and N1.5 trillion would be debited from customers considering the N600 trillion recorded in electronic payment transactions in 2023, further expressed concern that there would likely be little or no audit oversight on the huge funding to ONSA.
It said, “More so, the right of the ONSA to raise extra-budgetary revenue directly from Nigerians without the National Assembly’s approval as a government agency becomes difficult to accept.

“Analysts have also questioned the benefits to Nigerians of the social contract inherent in the levy: Is there a guarantee of minimal or no cyberattacks on Nigerians because the ONSA cyber levy has been charged to bank depositors?
“This is unlikely. Furthermore, public sector economists have argued that diverting funds directly to the ONSA bypasses established best-practice financial oversight mechanisms.”

The report further noted that banks already spend hefty sums protecting their operations from cyber threats, and the ONSA’s role should be to provide a broader canopy of protection funded through a regular budgetary process.

Among other things, it added, “For context, the levy supposedly aims to improve cybersecurity efforts in Nigeria through the ONSA. However, with a significant proportion of bank capital expenditure (capex) already invested and still being invested in cybersecurity infrastructure and compliance as mandated by the CBN, analysts question the need for an additional levy and the efficacy of cybersecurity efforts by entities other than financial sector operators.”