136 Nigerians, SERAP, others file suit to halt implementation of cybersecurity levy
The Socio-Economic Rights and Accountability Project (SERAP), BudgIT and 136 concerned Nigerians have filed a lawsuit against the Central Bank of Nigeria (CBN) “over its failure to withdraw the patently unlawful ‘Circular’ directing all banks and other financial institutions to deduct from customers’ account a ‘cybersecurity levy’.”
The CBN had last week directed banks to implement a levy of 0.5% (0.005) equivalent to a half percent of all electronic transactions, and to remit the levy to the ‘national cybersecurity fund.’ The CBN relied on the Cybercrime Act 2015 [as amended]. The directive is to be implemented by Monday, May 20, 2024.
In the suit number FHC/L/CS/822/2024 filed last Friday at the Federal High Court, Lagos, the Plaintiffs are asking the court to determine “whether the CBN Circular dated 6th May 2024, directing financial institutions to deduct from customers’ accounts a cybersecurity levy is unlawful and therefore ultra vires the CBN.”
The Plaintiffs are also asking the court to determine “whether the CBN Circular dated 6th May 2024, directing financial institutions to deduct from customers’ accounts a cybersecurity levy and section 44(2)(a) of the Cybercrimes Act are not in breach of sections 14(2), 44(1) and 162(1) of the Nigerian Constitution 1999 [as amended], and therefore unconstitutional, null, and void.”
The Plaintiffs are asking the court for “a declaration that the CBN Circular dated 6th May 2024 directing all banks and other financial institutions to deduct from customers’ accounts a cybersecurity levy is contrary to the provisions of the Cybercrimes Act and ultra vires the CBN, and therefore is illegal null and void.”
The Plaintiffs are seeking “an order of interim injunction restraining the CBN, its office, agents, privies, assigns, or any other persons acting on its instructions from enforcing the Circular dated 6th May 2024, pending the hearing and determination of the motion on notice filed contemporaneously in this suit.”
The suit filed on behalf of the Plaintiffs by their lawyer Ebun-Olu Adegboruwa, SAN, read in part: “The CBN Circular is unlawful and an outright violation of the provisions of the Nigerian Constitution and the country’s international obligations.”
“Unless the reliefs sought are granted, the CBN will enforce its Circular directing banks to deduct from customers’ accounts a cybersecurity levy. Millions of Nigerians with active bank accounts would suffer irreparable damage from the unlawful deduction of cybersecurity levies from their accounts.
“The provisions of the Cybercrimes Act on payment of cybersecurity levy strictly apply only to businesses listed in the Second Schedule to the Act. These provisions make no reference to bank customers, contrary to the CBN Circular to all banks and other financial institutions.
“The Nigerian government has a legal responsibility to ensure the security and welfare of the people, as provided for under section 14(2)(b) of the Nigerian Constitution and human rights treaties to which Nigeria is a state party.
“The CBN Circular is also a blatant violation of Nigerians’ human rights including the right to property guaranteed under section 44 of the Nigerian Constitution and article 14 of the African Charter on Human and Peoples’ Rights to which Nigeria is a state party.
“We urge the Honourable to grant the reliefs sought in the public interest and the interest of justice as well as to prevent arbitrariness and ensure the rule of law in the country.
“Any deduction of cybersecurity levy from Nigerians’ accounts would be contrary to the provisions of section 44(2)(a) of the Cybercrimes Act 2015 as amended by the Cybercrimes Prohibition, Prevention etc) (Amendment) Act 2024 and ultra vires the CBN, and therefore illegal, null and void.
“Section 162 (1) of the Nigerian Constitution provides that all revenues collected by or on behalf of the Government of the Federation are mandatorily required to be paid into the Federation Account save the revenue excepted by the provisions of the section.
“The National Cybersecurity Fund established by section 44(1) of the Cybercrimes Act 2015 [as amended] into which it is required to be paid the levy of 0.5% chargeable on all electronic transactions instead of the Federation Account is unconstitutional, null, and void.
“The CBN Circular is a breach and misinterpretation of Sections 44(2)(a) and 58 of the Cybercrimes Act [as amended], in that it purports to incorporate customers of the bank (neither defined by the Act nor designated by the CBN as financial institutions) as those to pay the cybersecurity levy.
“The Plaintiffs are customers of commercial banks in Nigeria with accounts domiciled with many commercial banks in Nigeria. The CBN is the statutory agency charged with the overall control and administration of the monetary and financial sector policies of the Federal Government.
“The Plaintiffs are included in the statistics of Nigerians with active bank accounts as the Plaintiffs are owners of accounts in different Banks and other financial institutions.
“As of 30 April 2024, commercial banks in Nigeria already charge exorbitant fees for electronic transactions, including Electronic Transfer Charges at N53.75 on any amount above N10,000, Stamp Duty of N50 on every transaction and Account Maintenance Charge deducted per month.”
The Plaintiffs are therefore asking the court for the following reliefs:
“A DECLARATION that the Circular issued by the CBN and dated 6th May 2024 directing all banks and other financial institutions to deduct from customers’ accounts cybersecurity levy is manifestly misleading, extorting and a breach and misinterpretation of the provisions of Section 44, 58 and Second Schedule of the Cybercrimes (Prohibition, Prevention, ETC) (Amendment) Act 2024 and ultra vires the CBN, and therefore is illegal, null and void.
“A DECLARATION that the the Circular issued by the CBN and dated 6th May 2024 directing all banks and other financial institutions to deduct from customers’ accounts cybersecurity levy and section 44(2)(a) of the Cybercrimes Act are inconsistent with, and a breach of the provisions of Section 14(2), 44 (1) 162 of the Nigerian Constitution 1999 [as amended] and therefore unconstitutional, null and void.
“AN ORDER setting aside the the Circular issued by the CBN and dated 6th May 2024 directing all banks and other financial institutions to deduct from customers’ accounts cybersecurity levy, for being misleading, extorting and a breach of the provisions of Section 44, 58 and Second Schedule of the Cybercrimes (Prohibition, Prevention, ETC) (Amendment) Act 2024.
“AN ORDER setting aside the Circular issued by the CBN and dated 6th May 2024 directing all banks and other financial institutions to deduct from customers’ accounts cybersecurity levy and section 44(2)(a) of the Cybercrimes Act, for being inconsistent with, and a breach of the provisions of Section 14(2), 44 (1) and 162 of the Nigerian Constitution 1999 [as amended] and therefore unconstitutional, null and void.
“AN ORDER restraining the Central Bank of Nigeria, including its agents, assigns, privies and or representatives or such other persons acting on its behalf, from enforcing the the Circular issued by the CBN and dated 6th May 2024 against all banks and other financial institutions and their customers.
“ANY ORDER(S) that the Honorable Court may deem fit to make in the circumstance of this suit.”
No date has been fixed for the hearing of the suit.
Meanwhile, the Chairman, Senate Committee on Senate Committee on National Security and Intelligence, Senator Shehu Umar Buba, APC Bauchi South has clarified that the cybersecurity levy announced by the Central Bank of Nigeria (CBN) was not targeted at individuals or ordinary bank customers.
According to him, the levy is aimed explicitly at financial institutions and telecom companies, the most vulnerable sectors to financial crimes and cyber fraud, to enhance cybersecurity measures and national security in the country.
In a statement in Abuja on Sunday, Senator Buba who sponsored the amendment bill noted that the relevant section of the Cybercrime Act is very clear about the businesses that are required to pay the levy, not the citizens.
He said, “The Act is very explicit about who is responsible for the payment, not Nigerian citizens or individuals. The relevant Section of the Cybercrime Act 2015 listed the businesses required to pay the levy: telecommunications companies, Internet Service Providers, Banks, Insurance Companies, the Nigerian Stock Exchange, and other Financial Institutions.
“The organisations in the sectors have been listed in previous circulars by the Central Bank of Nigeria, especially in 2018. The new circular by the CBN further provided many exemptions.”
Senator Buba, who clearly explained the amount payable as a cybersecurity levy, said, “It is either 0.005 or 0.5% arithmetically. The figure in the principal act was 0.005 as a fraction, which was converted to the percentage that became 0.5% in the amendment. Therefore, the statistics in fractions and percentages are the same.”
The Senator emphasised that the levy is a collective effort to protect national security and the economy, with the financial burden primarily falling on the specified businesses.
He said, “The Cybercrime (Prohibition, Prevention, etc.) (Amendment) Act 2024, which President Tinubu signed into law in February, imposes a 0.5 percent (0.005) levy equivalent to half the value of all electronic transactions by the businesses specified in the Second Schedule of the Act.
“The levy will be remitted to the National Cybersecurity Fund, which the Office of the National Security Adviser (ONSA) shall administer.
“The circular announcing the levy also exempted some transactions from the cybercrime levy, including loan disbursements and repayments, salary payments, intra-account transfers, and other financial transactions.”