By The Pulseline News Desk
What began as a routine repayment of a foreign loan has evolved into one of the most significant cyber-related financial crimes involving public funds in Sri Lanka, after Parliament was informed that $ 2.5 million was stolen through a cyber fraud during an overseas debt repayment transaction.
The Parliamentary Committee on Public Finance (COPF), which investigated the incident, has concluded that the diversion of funds was a clear case of cybercrime rather than a simple administrative error. Presenting the committee’s report to Parliament on Friday (10), COPF Chairman Harsha de Silva described the incident as a “clear case of cybercrime and theft” and called for a full criminal investigation to identify those responsible.
The stolen funds were part of a loan repayment made to Export Finance Ltd., Australia, but instead ended up in the hands of an unauthorised third party after cybercriminals compromised the payment process.
The committee’s findings have raised serious concerns about the resilience of the country’s financial systems at a time when Sri Lanka is navigating one of the most complex debt restructuring exercises in its history.
“This is a serious financial crime,” de Silva told Parliament, urging law enforcement authorities to pursue comprehensive investigations and take legal action against every individual connected to the fraud.
While the committee established that a cyber fraud had occurred, de Silva noted that Parliament’s mandate did not extend to determining whether there had been an internal conspiracy among officials or institutions involved in the transaction.
“Parliament does not have the authority to investigate whether there was a conspiracy,” he said, emphasising that such matters now fall within the jurisdiction of criminal investigators.
The report points to more than sophisticated cybercriminals. It also identifies institutional shortcomings and procedural lapses within the agencies responsible for processing the international payment, suggesting that weaknesses in internal controls made the fraud possible.
Recognising the broader implications of the incident, COPF has recommended that the National Audit Office (NAO) immediately conduct a comprehensive audit of Sri Lanka’s foreign debt repayment process to identify vulnerabilities and strengthen safeguards.
The committee believes such a review is essential to ensure that future debt servicing transactions are protected against increasingly sophisticated cyber threats.
Cybersecurity has emerged as another major focus of the committee’s recommendations.
De Silva called on the Ministry of Digital Affairs, together with the Sri Lanka Computer Emergency Readiness Team (SLCERT), to urgently modernise the digital infrastructure and computer systems of the institutions involved in handling international financial transactions.
The committee concluded that outdated systems and weaknesses in digital operations had left critical public institutions exposed to cyber risks at a time when governments worldwide were facing increasingly complex attacks on financial networks.
During the inquiry, the committee received extensive cooperation from key state institutions, including the Treasury Secretary, the Governor of the Central Bank of Sri Lanka (CBSL), officials from the relevant agencies, representatives of SLCERT, and the Attorney General’s Department.
Their evidence enabled the committee to reconstruct the events surrounding the fraudulent transfer and identify systemic weaknesses that require urgent attention.
The tabling of the report now shifts the focus from parliamentary oversight to criminal investigation.
Authorities are expected to examine how the cybercriminals infiltrated the payment process, whether insider involvement played any role, whether the stolen funds can be traced and recovered, and what legal action should follow.
Beyond the immediate financial loss, the incident has highlighted the growing cybersecurity risks confronting governments as public finance increasingly depends on digital systems and international electronic transactions.
For Sri Lanka, the committee’s findings serve as both an account of a costly cyber heist and a warning that stronger digital safeguards, tighter financial controls and greater institutional accountability are now indispensable to protecting public funds.
Leave a comment