OrderPaper does a yeoman’s task of updating citizens on bills being processed by the National Assembly every plenary day. The law on the controversial cybersecurity levy may not have caught millions unaware if these BILLS BOARD updates are taken seriously. Here’s a however throwback to how the bill became law while we slept on our duty to be vigilant.
The Central Bank of Nigeria (CBN) recently directed banks and other financial institutions to commence a deduction of a cybersecurity levy on all banking transactions in the country. This was disclosed in a circular by the CBN noting that the implementation of the levy would start in two weeks.
A 0.5% deduction…
According to the circular, a new levy of 0.5%, is applied to electronic transactions as mandated by the Cybercrime (Prohibition, Prevention, etc) (Amendment) Act 2024. It states that the levy would be paid by the originator of the transaction and deducted by the financial institution who will subsequently remit it to the National Cybersecurity Fund administered by the Office of the National Security Adviser (ONSA). “The deducted amount shall be reflected in the customer’s account with the narration: “Cybersecurity Levy,” the memo stated.
The Central Bank further mandated financial institutions to update their systems to handle levy deductions and remittances before the deadline given to them as “failure to remit the levy can result in penalties, including a fine of up to 2% of a financial institution’s annual turnover.”
According to the circular, “following the enactment of the Cybercrime (Prohibition, Prevention, etc) (Amendment) Act 2024 and pursuant to the provision of Section 44 (2)(a) of the Act, a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions value by the business specified in the Second Schedule of the Act,’ is to be remitted to the National Cybersecurity Fund, which shall be administered by the Office of the National Security Adviser.”
The law that laid the charge
The implementation of the deduction follows a controversial law passed by the National Assembly, ‘titled “Cybercrime (Prohibition and Prevention) Act 2015 (amendment) Bill, 2023,’ which was assented to by the President. Being an amendment to an existing law, Section 44 of the Cybercrimes (Prohibition, Prevention, etc) Act 2015 was altered with the very significant implications now rocking the country.
For context, the Principal Act – the Cybercrimes (Prohibition, Prevention, etc) Act 2015 – has the following key objectives:
(a) provide an effective and unified legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria;
(b) ensure the protection of critical national information infrastructure; and
(c) promote cyber security and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights.
Section 44 (a) of the Principal Act which says “a levy of 0.005 of all electronic transactions by the businesses specified in the second schedule to this Act” was amended with the substituted the figure of 0.05% and insertion of the words”half percent’ to read as follows: “A levy of 0.05% (half percent) of all electronic transactions value by the business specified in he second schedule to this Act.”
Also with respect to Sub-section (6) (a) of the Principal Act which reads that “the Office of the National Security Adviser shall keep proper records of the accounts,” the amendment inserted “…and shall ensure compliance monitoring,” to read as follows – “The Office of the National Security Adviser shall keep proper records of the accounts and shall ensure compliance monitoring system.”
The Amended Act also created subsection 6 (c) to read thus: “Any business specified in the second schedule in this Act that fail to remit the levy under section 44 subsection 2(a) of this Act commits an offence and is liable on conviction to a fine of not less than 2% of the annual turnover of the defaulting business and failure to comply shall lead to closure or withdrawal of the Business Operational licence.”
The businesses which the said section 44(2)(a) listed in the second schedule to the Act are the GSM Service Providers and all telecommunication companies; Internet Service Providers; Banks and Other Financial Institutions; Insurance Companies and the Nigerian Stock Exchange.
Journey of the controversial amendment
The Amendment Bill (now Act) sponsored by Senator Shehu Buba (APC, Bauchi South), was read for the first time on the floor of the Senate on the 18th, October, 2023.
On 25th, October, 2023, it passed second reading in the Senate. Presenting the bill for a second reading, Senator Buba said the bill sought to amend section 44 of the Act and to insert some consequential omissions from the Act.
Timeline of the passage of the Cybercrimes (Prohibition, Prevention, etc.)(Amendment) Act 2024
1. The Cybercrime (Prohibition and Prevention) Act 2015 (Amendment) Bill, 2023 had its first reading in the Senate on Wednesday, October 18th, 2023. pic.twitter.com/oL5UCISogV
— OrderPaper (@OrderPaper) May 9, 2024
According to him, the technology age has caused more harm than good due to the rising cases of cyber fraud. He said, “The digital and information technology age has created new avenues and tools for committing traditional crimes and new forms of crimes.In Nigeria, there had been a significant increase in internet-based advance fee fraud, such cases of hacking into emails, websites and infringement on privacy rights of persons and institutions which call for an urgent solution. The vaunted objectives of this act include the provision of an effective and unified legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria.”
Buba further said the Act was also designed to ensure the protection of critical national information infrastructure and to promote cybersecurity, protect computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights. “This bill also seeks to address all anomalies that hindered the effective implementation of the act,” he stressed, adding that there was a need to realign legislative efforts with the objectives of the current national security strategy 2019.
“The national strategy has expressly defined and embedded cyber security as one of the major components of a comprehensive national security architecture to help safeguard, protect, and defend national economic, political, and security infrastructures. The bill is also designed to realign with National Cybersecurity Policy and Strategy on Nigeria Cyber Threat Profile.”
Following the second reading of the bill, the Deputy President of the Senate, Barau Jibrin, who presided over the plenary, referred the bill to the Senate Joint Committees on ICT, Cyber Crime and National Security for further legislative input to report back in four weeks.
The joint committee immediately swung into legislative actions on it, issuing a public hearing notice and inviting stakeholders and the general public to contribute to the amendment of the law. After carrying out a public hearing on November 22, 2023, the Committees on the 21st December, 2023, presented their findings on the floor of the red chamber.
Following the presentation of the report by the chairman of the joint committee, Senator Shuaib Afolabi (APC, Ogun Central), the bill was subsequently passed for a third reading and referred to the House of Representatives for concurrence. In the House of Representatives, the bill was read for the first time in the House on 8th February, 2024 (see above infograph of the Bills Board posted on OrderPaper social media pages).
On 14th February, 2024 the bill was read for the second time and immediately passed for third reading in the House (as indicated in the above infographic posted on OrderPaper social media pages). It was thereafter granted assent by President Bola Tinubu later in same month of February, 2024.
Knee-jerk reaction…
While the country got enraged by the CBN directive for the cybersecurity levy to be decucted, it is obvious that citizens need to pay a lot more attention to what goes on in the National Assembly. It is also not hard to submit that even some legislators are not fully seized of the contents and implicatons of some bills before they are passed. Maybe this is why the House of Representatives passed a resolution directing the CBN to suspend the implementation of its directive. This is as Sen. Buba insisted during the week that there is nothing wrong with the levy.
Bottomline is: citizens need to pay more attention to the Bills Board and other public enlightenment offerings from OrderPaper
