Future-proofing Sri Lanka’s banking sector: Building resilience against shocks

I was numbed when I learned of a fraud at a listed commercial bank, reportedly amounting to around Rs. 13.2 billion. Having served on bank Boards since 2002/03, I must say this has shaken the credibility the sector has built over many years.

The principal gap exposed is in board oversight, alongside weaknesses in internal controls, technological complexity, governance practices, and regulatory supervision. This is not merely a single bank’s failure but a broader signal that the sector must evolve to withstand future shocks. Many view this debacle as a failure of the CEO, his exec-utive team, and the auditors. 

Non-executive independent directors are tasked with oversight rather than operational roles and are compensated accordingly. Going forward, all governance structures—from ownership to capabilities to appointments to accountability—must be reviewed to ensure meaningful reform. Rising digitalisation, rapid technological change, and global geopolitical tensions further challenge Sri Lanka’s banks, which must address talent shortages, outdated systems, and governance gaps to remain resilient and relevant.

Governance and risk oversight

A long-standing governance axiom states: do not look for honest men; look for systems that keep men honest. This principle is particularly relevant in banking, where trust and fiduciary responsibility underpin the system. Even the most sophisticated systems, however, require strong board-level oversight to function effectively. Oversight must be informed and contextual. Governance frameworks imported wholesale from other jurisdictions often fail if applied mechanically. When committees lack the right expertise, governance risks degenerating into a box-ticking exercise. 

The recent episode illustrates the high cost of weak oversight. Modern risk governance must be proactive, predictive, and data-driven. Independent boards, empowered audit committees, and clearly defined escalation protocols are essential. Regulators must enforce standards consistently and transparently, ensuring institutions understand the consequences of governance failures. A robust internal audit function is central to this framework. 

Auditors must operate independently of business units, possess modern forensic capabilities, and have direct access to board committees. Their role extends beyond compliance reviews to identifying emerging risks and investigating anomalies before they escalate. External auditors also play a critical role, with responsibilities that should include risk intelligence, scenario analysis, and continuous monitoring of financial reporting integrity.

Accountability and remuneration

One governance mechanism that Sri Lanka’s banks have yet to fully institutionalise is the claw-back of executive compensation. Performance-based incentives awarded to senior executives should be recoverable if fraud, misappropriation, material misstatements, or gross negligence are subsequently identified. Claw-back clauses are standard practice in leading financial systems, aligning incentives with long-term institutional stability and protecting depositors. Regulators should establish clear standards on scope, timelines, and procedural fairness, empowering boards to recover performance-based remuneration where executive actions contribute to financial loss. 

The annual Fit and Proper assessment of directors and senior management must go beyond a compliance exercise to evaluate independence, integrity, and competence. Boards should maintain a comprehensive skills and competency framework, mapping expertise across committees and addressing gaps through targeted recruitment or training. For systemically important banks (no compromise), minimum regulatory standards should be a floor, not a ceiling. Personal accountability must underpin institutional compliance, as demonstrated in leading financial jurisdictions.

Board independence and structure

Board independence requires structural safeguards in ownership. Concentrated shareholding in big to medium-sized banks is one of the greatest governance risks, as dominant shareholders can undermine board effectiveness and stability. Introducing reasonable limits on voting rights—capping any shareholder at 15%—would encourage broader participation and reduce dominant-owner influence. Equally important is the structure of board committees. To avoid concentration of authority, the independent non-executive chair should not simultaneously chair all committees (already mandated), but should be allowed to lead select key committees to deliver on core mandates. 

Each committee—audit, risk, governance, remuneration, and related-party review—should be led by an independent non-executive director with relevant expertise. Director remuneration structures must reinforce independence. Non-executive directors should receive competitive fees reflecting their oversight responsibilities, without participation in performance-based executive incentives, while still being adequately compensated to ensure meaningful contribution and to attract key board talent.

Technology and digital transformation

Digital transformation offers banks opportunities to improve efficiency, enhance customer experience, and strengthen risk monitoring. Technologies such as artificial intelligence, cloud computing, advanced data analytics, and automated controls are reshaping financial services—but also introduce vulnerabilities. Cybersecurity threats, operational disruptions, and data governance risks must be managed proactively. Banks should invest in secure, integrated IT architectures rather than fragmented legacy systems. Real-time analytics can detect suspicious patterns early, and advanced monitoring strengthens fraud prevention. 

AI systems in credit underwriting, fraud detection, and treasury operations create governance risks—including model bias, data leakage, and operational vulnerabilities—that boards must actively oversee. Globally, dedicated board-level technology or cybersecurity committees are standard. Sri Lanka’s big banks should adopt similar structures to oversee IT strategy, cybersecurity, disaster recovery, and AI governance, staffed with directors possessing demonstrable expertise.

Talent, capability, and culture

A future-ready bank depends entirely on future-ready people. Sri Lanka’s financial sector must invest in a sustainable talent pipeline. Addressing brain drain and skills mismatches requires partnerships between universities, professional bodies, and banks to develop programs in fintech, risk analytics, compliance, and cybersecurity. 

Banks must provide structured career pathways, competitive compensation, and continuous professional development. Industry-wide certifications, internships, apprenticeships, and cross-industry knowledge transfer initiatives can help build specialist talent. Ultimately, culture—and men and women with honour and competence—is the strongest defence against governance failure. Institutions that promote transparency, competence, accountability, and ethical leadership are far less likely to experience systemic misconduct.

Adaptive regulation

Regulation must evolve from rule-book compliance to practical, forward-looking risk oversight. Supervisory authorities should adopt stress testing, scenario planning, and real-time monitoring to detect vulnerabilities before they escalate. Whistleblower protections are essential to encourage early reporting of misconduct, and transparency in governance outcomes reinforces accountability. Regulatory credibility depends not only on rules but also on consistent, timely enforcement, ensuring institutions understand that governance lapses carry real consequences.

Conclusion

Future-proofing Sri Lanka’s banking sector is not optional—it is imperative. For a start, respect the age-old principles of banking. The recent fraud demonstrates that governance, technology, talent, and regulation must evolve together to maintain trust, stability, and resilience. Banks must strengthen board oversight, modernise risk management, invest in robust technology, and cultivate a culture of accountability, while regulators enforce standards and structural reforms. Key measures include chairpersons and boards with sector experience, empowered committee leadership, caps on shareholder voting, appropriate director compensation, and the urgent consolidation of smaller banks. 

Implementing these reforms is essential to safeguard public confidence, enhance institutional resilience, and ensure Sri Lanka’s banks can navigate disruption, support sustainable economic growth, and maintain financial stability in an increasingly complex environment.

References

https://www.ft.lk/columns/Challenges-and-opportunities-in-financial-sector/4-770404

https://www.sciencedirect.com/science/article/abs/pii/S0927538X23000896

https://cci.gov.in/public/images/economicconference/en/3-does-bank-competition-affect-financial-stability-in-banking-sector1652334935.pdf 

https://www.researchgate.net/publication/396679983_Consolidation_in_Indian_Banking_A_Comprehensive_Study_of_PSU_Bank_Mergers