The Committee on Public Finance (COPF) today released its final report into the USD 2.5 million cyber fraud linked to Sri Lanka’s foreign debt repayments to Australia, highlighting widespread governance, procedural and operational failures and recommending sweeping reforms. Key…
The Committee on Public Finance (COPF) today released its final report into the USD 2.5 million cyber fraud linked to Sri Lanka’s foreign debt repayments to Australia, highlighting widespread governance, procedural and operational failures and recommending sweeping reforms. Key findings from the report:
USD 2.5 million stolen – The report concludes that a cybercrime-linked fraud resulted in the loss of USD 2.5 million in public funds during foreign debt repayments to Australia. Senior officials held responsible – COPF says governance lapses at the level of the Secretary to the Treasury and the Central Bank Governor contributed to the failures that allowed the fraud to occur. Outdated email system exposed Treasury – The Ministry of Finance was using an outdated Microsoft Exchange Server after security support had ended, while basic cybersecurity measures, including multi-factor authentication, were absent. Fraud attempts involved multiple countries – The COPF report reveals that suspicious or fraudulent payment instructions were identified in connection with Sri Lanka’s debt repayments involving India, the UK, Germany and Belgium, helping authorities prevent further losses. The USD 2.5 million cyber fraud occurred only in repayments to Australia. Basic verification failures identified – Officials failed to verify lender email domains, relied on unverified email communications and lacked effective internal controls, allowing the fraud to continue for months. Only four officials suspended – Despite finding system-wide failures across multiple institutions, the report notes that only four mid-level Ministry of Finance officials have been suspended so far. Special audit and reforms recommended – COPF has called for a special audit of the entire foreign debt repayment process, stronger cybersecurity across government institutions, updated financial regulations and improved public debt management systems. (Newswire)

