COLOMBO (News 1st); A parliamentary investigation has concluded that Sri Lanka suffered a loss of approximately US$2.5 million in public funds as a result of a cybercrime-linked fraud, with the Committee on Public Finance (COPF) warning that the incident resulted from systemic f…

COLOMBO (News 1st); A parliamentary investigation has concluded that Sri Lanka suffered a loss of approximately US$2.5 million in public funds as a result of a cybercrime-linked fraud, with the Committee on Public Finance (COPF) warning that the incident resulted from systemic failures across multiple institutions rather than a single oversight.Presenting the committee's report in Parliament, Committee on Public Finance Chairman Dr. Harsha de Silva said the report was delayed to allow for the submission of a supplementary report that secured the unanimous agreement of all members. He described the consensus as a significant achievement, noting that obtaining the support of every member on a committee report was a challenging task.According to the report, the committee's principal conclusion was that there was clear evidence of a fraud connected to a cybercrime, resulting in the theft of approximately US$2.5 million in public funds. However, he emphasized that Parliament's mandate does not extend to determining whether the fraud involved internal collaboration or a conspiracy within the relevant institutions. Such matters, he said, must be established through criminal investigations and law enforcement processes.He further noted that investigations would need to determine whether the actions of officials involved were the result of a lack of knowledge, incompetence, negligence, or other factors.The report found that between November 2025 and January 2026, a cybercrime-related fraud occurred during a debt repayment transaction due to Export Finance Australia, causing a loss of US$2.5 million to the General Treasury. The incident also resulted in arrears owed to the foreign creditor.Acting under its oversight responsibilities on public debt servicing in terms of Standing Order 121, the Committee on Public Finance conducted an extensive investigation into the matter. The committee met on seven occasions, examined the sequence of events with relevant officials, and obtained detailed reports from the institutions involved.The report states that the committee's findings were based on information gathered through these interactions and documentation, identifying a series of events and contributing factors that enabled the cybercrime-linked fraud.Dr. de Silva noted that the investigation received the full cooperation of officials from the Ministry of Finance, the Central Bank, the Sri Lanka Computer Emergency Readiness Team (SLCERT), and the Attorney General's Department.A central finding of the report was that the risk of cybercrime-related fraud had increased due to weaknesses in internal control systems governing debt repayment operations and vulnerabilities in email infrastructure.The committee stressed that the incident was not an isolated mistake but rather the consequence of failures in control procedures and operational processes across several institutions.Among the key shortcomings highlighted was the absence of a predefined terms-of-reference framework to manage the transfer of debt repayment responsibilities to the newly established Public Debt Management Office (PDMO). The report said this, together with existing procedural and operational gaps, significantly increased institutional vulnerabilities.The committee also identified ineffective internal controls, weak information technology systems, and inadequate procedures for escalating concerns to senior officials as major deficiencies within the system. It observed that many of these weaknesses had historically existed within Sri Lanka's foreign debt repayment process.To prevent similar incidents from recurring, the committee has recommended a series of urgent reforms. These include an immediate special audit by the National Audit Office covering the entire foreign debt repayment process, prompt implementation of cybersecurity recommendations issued by SLCERT under the supervision of the Ministry of Digital Economy, and reforms to Financial Regulations by the Ministry of Finance to strengthen public financial management.Dr. de Silva stressed that the report is confined to the committee's constitutional role of overseeing public finances and does not seek to determine criminal liability or make findings relating to legal responsibility, matters that remain within the jurisdiction of investigative and judicial authorities.