Finance

Sri Lanka Treasury phishing fraud probed by CoPF

Sri Lanka Treasury phishing fraud came under fresh scrutiny at the Parliament’s Committee on Public Finance (CoPF) after lawmakers were told that three overseas correspondent banks rejected fraudulent government debt payments before scammers eventually succeeded in diverting part of a wider US$2.5 million fraud.


Sri Lanka Treasury phishing fraud exposed after overseas banks flagged suspicious payments


Proceedings before the Committee revealed that correspondent banks in the United States, the United Arab Emirates (UAE), and Vietnam detected irregularities and returned a fraudulent US$1.3 million debt payment that had been intended for Export Finance Australia. Despite the repeated warnings, fraudsters allegedly managed to provide revised payment instructions that ultimately enabled part of the wider phishing scam to succeed.

According to evidence presented before the Committee on Public Finance, the payment was initially routed through correspondent banks in Minnesota (US), Dubai, and Vietnam, with each institution rejecting the transfer after identifying anomalies in the transaction.

Committee members heard that after every rejected payment, officials from the Public Debt Management Office (PDMO) sought clarification using what they believed were legitimate communication channels with the lender. However, investigators said the officials were unknowingly communicating with the fraudsters, who repeatedly supplied new payment instructions until a later transfer was processed successfully.

The hearing also examined the role of the Central Bank of Sri Lanka (CBSL) during the failed payment attempts. Officials from the Central Bank of Sri Lanka told lawmakers that, in its capacity as banker to the Government, it informed the Treasury each time the payment was rejected and returned by correspondent banks.

However, CBSL officials maintained that they had no statutory obligation under the Financial Transactions Reporting Act (FTRA) to submit a Suspicious Transaction Report to the Financial Intelligence Unit (FIU).

Officials from the FIU supported that interpretation during the hearing, explaining that the CBSL is not classified as an “institution” required to report suspicious transactions under Section 7 of the Financial Transactions Reporting Act. They noted that the legislation is primarily designed to address suspected money laundering and terrorist financing, adding that there was no reasonable basis to suspect the Government, as the payer, of engaging in unlawful financial activity.

Despite those explanations, members of the Committee on Public Finance questioned whether the repeated rejection of a sovereign debt payment should have triggered stronger escalation procedures, regardless of existing anti-money laundering provisions. Several MPs argued that repeated payment failures involving government funds should have prompted additional verification measures before further payment instructions were accepted.

CoPF Chairman Dr. Harsha de Silva indicated that the Committee would examine whether legislative amendments are needed to address cyber-enabled payment fraud that falls outside the current anti-money laundering framework.

The Committee also reviewed the transfer of public debt management responsibilities from the CBSL to the PDMO, focusing on whether responsibilities, operational controls and communication procedures had been clearly defined during the institutional transition.

During the hearing, former officials from the Public Debt Department challenged findings contained in an investigation report regarding the guidance provided to trainee PDMO officers. They told lawmakers they had not previously been shown the report and maintained that documentary evidence demonstrated the training and handover process had been completed appropriately.

Representatives of the Attorney General’s Department requested additional time to provide a legal opinion on the respective responsibilities of the CBSL and the PDMO under existing legislation. The legal review is also expected to examine whether the Central Bank of Sri Lanka falls within the reporting scope of the Financial Transactions Reporting Act in circumstances similar to those surrounding the Sri Lanka Treasury phishing fraud.

The Committee’s inquiry is expected to continue as lawmakers seek to identify weaknesses in payment governance, cybersecurity protocols and institutional oversight that allowed fraudsters to exploit government payment systems despite multiple warning signs from international correspondent banks.