Beyond banks: The case for smarter consolidation

Last week I identified the problem of the weak links in Sri Lanka’s financial system (https://www.ft.lk/columns/Beyond-banks-The-weak-links-in-Sri-Lanka-s-financial-system/4-792147). It cannot keep acknowledging that fragmentation is good for society while refusing to act on what that actually means. The country is past the point where consolidation is a neat technical idea. It has become a question of basic financial architecture.

This is an architectural crisis, not an arithmetic one. The issue is not the numerical count of institutions, but the unevenness of their governance. Nor is it that every small bank, finance company, cooperative, or specialised institution is weak. The issue is whether the system, taken as a whole, contains too many entities with uneven governance, fragile controls, and very different levels of supervisory intensity, all operating in a public environment that does not distinguish nearly as carefully as the law does.

That is why amalgamation must be understood properly. It is not a vanity exercise in shrinking the number of logos in an annual report. It is not a cosmetic clean-up after scandals. It is certainly not a substitute for supervision. Done intelligently, it is a tool to bring about stability. It reduces structural weak points, simplifies supervisory burdens, improves governance standards, and limits the number of institutions whose failure can trigger wider reputational, operational, or political fallout.

Sri Lanka has tended to talk about consolidation only in moments of stress, and too narrowly even then. The standard reflex is to ask whether a visibly troubled institution can be pushed into a stronger one. That approach is late, crude, and often counter-productive. Size by itself solves very little. A large institution with poor governance and weak internal controls can be more dangerous than a smaller institution with disciplined management and a clear, limited mandate. The real question is not who is the biggest. It is who is governable, resilient, transparent, and systemically manageable.

That calls for a sharper set of tests.

Which institutions are genuinely viable under modern standards of fraud control, cyber resilience, audit scrutiny, and payment integrity? Which are only appearing stable because weaknesses have not yet been fully exposed? Which have the board quality, management depth, capital strength, and operational discipline needed for the next decade rather than the last one? And which are being tolerated mainly because no one wants to confront the political inconvenience of dealing with them?

Those questions should drive a modern consolidation strategy. Some institutions will clear the bar and should remain independent because they serve a legitimate economic purpose and can meet the standard. Some should face tighter governance intervention and explicit limits on growth until they are repaired. Some should be restructured. Some should be merged under supervision. Some, if they cannot credibly meet the demands of a modern financial system, should be guided to an orderly exit rather than left to linger as future sources of instability.

This is where the recent remarks of the CBSL Governor matter. His effort to distinguish the Bank’s role in the Treasury phishing loss and the NDB fraud is legally understandable. In formal terms, he is correct to say that the Central Bank is not the Treasury’s internal control officer and not the first-line manager of every bank’s finance department. It executes authorised government payment instructions. It supervises banks for capital, liquidity, and depositor safety. It does not pre-clear every internal decision in a regulated institution.

But that neat legal distinction exposes the weakness of the current supervisory mindset. The public does not live inside neat institutional compartments when trust is damaged. It does not calmly separate Treasury control failure from bank control failure and then comforts itself that each problem sits in a different regulatory silo. It sees one financial system. When public money can be misdirected and a major licensed bank can absorb a multi-billion-rupee internal fraud while still being described as prudentially sound, the message received is not reassurance. It is that formal compliance and real control quality have drifted apart.

This is an architectural crisis, not an arithmetic one. The issue is not the numerical count of institutions, but the unevenness of their governance. Nor is it that every small bank, finance company, cooperative, or specialised institution is weak. The issue is whether the system, taken as a whole, contains too many entities with uneven governance, fragile controls, and very different levels of supervisory intensity, all operating in a public environment that does not distinguish nearly as carefully as the law does. That is why amalgamation must be understood properly

That gap matters. Financial stability is not only about minimum ratios and checklists. It is also about judgment and timing. It depends on whether boards challenge management, whether internal audit functions have authority, whether control failures are escalated early, whether supervisors spot deterioration before it becomes public scandal, and whether intervention comes before the damage has already travelled through the system. In financial crises, a regulator can be entirely correct on the law, yet completely late on the system.

Other jurisdictions have absorbed this lesson more clearly. The Bank of England’s PRA describes its model as judgment-based and forward-looking, focused on key risks and on firm-specific assessment, not just on reported numbers. Singapore’s MAS goes further, supervising banking, capital markets, payments, technology risk, accountability, and group-wide governance through an integrated framework that reflects the way modern financial trouble actually moves. Neither system stops every fraud. But both aim to give the public something more credible than a statement after the event that minimum ratios remain intact.

Sri Lanka does not need to import those systems wholesale. But it does need to accept the principle behind them. Supervision must become more integrated, more judgment-based, and more willing to intervene on governance grounds before balance-sheet distress is the only language in which regulators speak. Consolidation should sit inside that wider philosophy, not outside it. Without this shift, consolidation becomes a cosmetic shell game: merging weak balance sheets, renaming legacy risks, and mistaking compliance for stability. The debate therefore can no longer be about numbers alone. It must be about design. What sort of financial system is Sri Lanka actually trying to preserve? One in which legacy categories, political convenience, and minimal compliance keep weak institutions alive until they become someone else’s problem? Or one in which governance quality, operational resilience, transparency, and systemic relevance determine who remains standing?

That is now the real test for the Central Bank and for the Government that stands behind it. Either they accept that risk moves across the ecosystem faster than the old categories can contain it and redesign supervision and consolidation accordingly. Or they continue to defend a fragmented architecture, explain away each crisis as somebody else’s operational lapse, and watch public confidence erode one scandal at a time. The harder course is to act before the next failure. The more familiar course is to wait until after it arrives. The public should no longer be told that the easy option is the preferred choice and call it stability.