Thursday May 14, 2026
Thursday May 14, 2026
Thursday, 14 May 2026 00:30 - - {{hitsCtrl.values.hits}}
Governor Dr. Nandalal Weerasinghe
By Devan Daniel
Central Bank of Sri Lanka (CBSL) Governor Dr. Nandalal Weerasinghe yesterday drew a sharper distinction between the CBSL’s role as banker to the Government and its function as regulator of licenced banks, as scrutiny intensified over the Treasury’s $ 2.5 million phishing scam and the Rs. 13.2 billion fraud uncovered at National Development Bank PLC (NDB).
Speaking after the release of the CBSL’s Economic Review 2026, the Governor sought to clarify where operational responsibility sits within Sri Lanka’s public payments architecture and banking system oversight framework, while arguing that neither incident posed a threat to financial system stability.
Speaking during the presentation of the CBSL’s Economic Review 2026, Dr. Weerasinghe drew a distinction between the CBSL’s responsibilities as banker to the Government and as regulator and supervisor of licenced banks.
Responding to questions on the Treasury payment breach involving the External Resources Department (ERD), Dr. Weerasinghe said the CBSL’s role was limited to executing payment instructions originating from authorised Government entities.
“The CBSL is the bank of the Government, just as it is the bank of banks,” he said, comparing the arrangement to a commercial bank acting on instructions from a customer account holder. “In simple terms, the bank is given instructions to make a payment to another account by the client. The responsibility is to ensure the instructions are properly received and to make the payment and charge the account holder accordingly.”
He noted that debt management functions once handled internally through the CBSL’s Public Debt Department had since been transferred to the Public Debt Management Office (PDMO), established under the Finance Ministry as part of broader institutional restructuring linked to Sri Lanka’s debt management reforms.
Under the earlier arrangement, the CBSL had carried out certain back-office functions connected to Government debt servicing payments. Those operational responsibilities have since shifted alongside the PDMO transition.
“This was the period that some decisions happened. That was the process,” he said, while noting that investigations into the incident were ongoing.
The Treasury phishing incident, now under investigation by multiple agencies, relates to fraudulent external debt servicing payments amounting to $ 2.5 million that occurred in ten tranches. The matter has already triggered investigations by the Parliamentary Committee on Public Finance (CoPF), the Criminal Investigation Department (CID), financial intelligence authorities, and Australian counterparts after questions emerged over how spoofed payment instructions were processed despite internal warnings.
The Governor said both the CID and other authorities were examining the issue.
On the NDB fraud case, Dr. Weerasinghe sought to separate prudential supervision from transaction-level monitoring.
He said the CBSL’s responsibilities under the Banking Act centred on ensuring licenced banks maintained adequate capital, liquidity, governance standards, internal controls, and risk-management systems sufficient to protect depositors and preserve systemic stability.
“Our responsibility is to ensure banks are following our directions, have all the controls, adequate capital, liquidity, and the right personnel,” he said.
However, he stressed that the CBSL does not monitor individual transactions within commercial banks. “It is not the business of the CBSL to look at individual transactions of every bank,” he said, arguing that operational oversight over transactions rests primarily with bank Boards, management, audit functions, and internal control mechanisms.
He said supervisory regulation was designed to test whether those systems existed and functioned effectively rather than to scrutinise every individual transaction processed by a bank.
Describing the NDB matter as an “internal fraud within one bank,” the Governor repeatedly stressed that depositor funds remained protected and that the institution continued to operate within regulatory capital and liquidity thresholds. “There is no impact to depositors. There are no depositor funds being compromised,” he said.
He added that the bank remained stable in terms of liquidity and capital adequacy and that the broader banking system was unaffected. “The bank is stable with liquidity and capital within the required levels,” he said. “There is no impact on the broader system from this individual bank transaction.”
He said the CBSL had required prompt market disclosure once the issue surfaced, reflecting a regulatory emphasis on transparency following the banking stresses experienced during the 2022 crisis.
“We made them disclose to the Securities and Exchange Commission (SEC). We asked them to conduct an individual audit and also a policy audit,” he said.
He added that the CBSL was conducting its own examination into the incident and would take action following the conclusion of investigations.
NDB earlier disclosed that it had uncovered a fraud amounting to Rs. 13.2 billion involving irregular transactions and that investigations and recovery efforts were underway.
Still, the Governor acknowledged the episode exposed weaknesses in internal processes and said regulators would push for corrective action following the completion of investigations and audits. “We need to look into this and make sure that this will not happen again. We are taking a lot of steps,” he said.
Last week, CBSL officials told the CoPF that no unusual activity had been reported during the period in which the fraudulent transactions had taken place.
While the CBSL told the CoPF that no unusual activity had been detected during the period of the fraud, questions have intensified after NDB’s audited 2025 accounts showed a sharp rise in receivables linked to CEFT transactions to Rs. 12.2 billion from Rs. 3.1 billion a year earlier, with analysts arguing that the increase should have triggered scrutiny from management, auditors, and regulators (https://www.ft.lk/front-page/NDB-Board-gets-flack-for-ignoring-high-Rs-12-3-b-receivables-arising-from-CEFT-deals/44-790631).
