US $ 2.5Mn cybercrime: Was there any agency involved; CID urged to find



By Yohan Perera and Ajith Siriwardana

Colombo, July 11 (Daily Mirror) - While concluding that US $ 2.5 million loan repayment drama has been a been a fraud which is more or less a cybercrime, the report of the probe carried out by the parliamentary Committee on Public Finance (COPF) has called for a further probe by the law enforcement institutions including Criminal Investigation Department (CID) to determine whether there has been any collusion within the relevant agencies pertaining to the crime.

“A fraud linked to cybercrime has clearly taken place. US $ 2.5m of public funds has been stolen. The law enforcement process, including criminal investigation, must determine whether there had been any internal collusion within the relevant agencies in perpetrating this fraud linked to cybercrime. This will confirm whether the relevant officials were only ignorant, incompetent, and negligent in their actions. COPF’s mandate is to consider the investigation of the fraud linked to cybercrime from the perspective of its oversight function; to determine what public finance management lapses exacerbated the risks across governance, procedural, and operational aspects. At the overall governance level, senior officials at the level of Secretary to Treasury and Governor of the Central Bank bear responsibility for several lapses,” the report said.

“The Secretary to Treasury and Governor of CBSL could have avoided disagreements on responsibility for the effective transition had there been an ex-ante MoU that provided terms of reference to guide the 18-month transition to the newly established Public Debt Management Office. That would have contained the key performance indicators to ascertain whether adequate training was received and the exact timeline to be followed. While the Committee cannot establish a direct link between the lack of an MOU and the occurrence of this incident, it believes that formalising such an agreement would have clarified the responsibilities of all officials involved during the period, potentially preventing the event. Earlier in 2026, COPF requested, prior to any knowledge of the fraud linked to cybercrime, to hold a discussion on coordination mechanisms between the Ministry of Finance and the Central Bank, inter alia, in external debt repayment. In response to this request, in a co-signed letter to COPF dated April 4, 2026, both the Secretary Treasury and Governor of CBSL gave assurances that the existing mechanisms for coordination were adequate. However, in hindsight, it is clear that there was significant space for improvement in the coordination, including in the debt repayment transition process. The Secretary to the Treasury has submitted to COPF by letter dated June 23, 2026, that no regular delegation of functions of the debt management office,” the report added.

The report also said, “Repayment process exists within the Ministry of Finance, and that does not currently fall within financial regulations as it is not a discretionary spending item. This highlights the importance of reviewing and updating the financial regulations governing public finance. This clearly demonstrates the need for an immediate review and updating of the financial regulations that govern the public finance processes and a deeper look at the debt repayment process. At the procedural level, the Directors General of the External Resources Department and Public Debt Management Office have displayed an absolute dereliction of duty on several aspects. They failed to establish a practice of adequate internal controls in the verification of lender invoices against loan agreements and also to ensure verified channels of communication. If these simple tasks were done correctly, it is certain that this fraud linked to cybercrime could have been avoided.

They failed to ensure crucial IT systems were adequately updated and properly functional.

At an operational level, mid-level employees of the External Resources Department, Public Debt Management Office and Public Debt Department were negligent and failed to ensure that good judgement was utilised in their duties. This includes the following:

External Resources Department officials did not ensure consistency in the domains of the email addresses they communicated with.

The report finds system-wide failures in the debt repayment process resulting in repeated fraudulent transactions taking place over an extended period of time during the transition. However, the Committee has been informed of the suspension of only four mid-level employees of the Ministry of Finance for operational lapses linked to this fraud linked to cybercrime. The sudden death of one of these four employees is indeed most unfortunate. If personal responsibility is to be factored in, it should be done according to the outcome of ongoing criminal investigations, given the findings of the report.

COPF has recommended that the Speaker should direct the National Audit Office to conduct a special audit of the entire foreign debt repayment process. It has recommended that the Ministry of Finance, Planning and Economic Development explore the possibility of recovering at least part of the losses, under FR 105, if any officials are found to be responsible following the completion of investigations. It has also recommended that the Ministry of Finance, Planning and Economic Development to expedite the Introduction of revised financial regulations under the Public Financial Management Act, including those applicable to the debt management processes. These revised regulations will be implemented within three months. “There is a need to permanently strengthen internal controls, particularly those surrounding the verification of lender invoices against loan agreements and approved communication channels. Implementing these standard checks is essential to averting similar incidents in the future,” the report also said.

 


  Comments - 0


You May Also Like