Wednesday May 06, 2026
Wednesday May 06, 2026
Wednesday, 6 May 2026 02:27 - - {{hitsCtrl.values.hits}}
|
MP Ravi Karunanayake
|
The phishing and impersonation scam probe in the Sri Lanka Treasury for a sum of $ 2.5 million has now moved into its final phase following fresh discoveries regarding the role of the Central Bank in the process of paying back debts owed to Australian Agency, both past and present during the recent transition to the Finance Ministry.
Former Finance Minister and Member of Parliament Ravi Karunanayake has made a clarion call that a Parliamentary Select Committee (PSC) be formed to examine the theft of $ 2.5 million in debt funds belonging to the state.
He stated explicitly that a full-blown investigation was essential in ensuring international respectability and the accountability of the Central Bank of Sri Lanka for failing to ensure the security of state funds as the independent fiscal monitoring authority.
“The Central Bank cannot wash its hands by pointing at the Treasury’s new Public Debt Management Office (PDMO),” he said adding that the siphoning of funds intended for the Australian Export Finance Agency was not a localised Treasury error but a systemic failure involving the CBSL.
“The facts show that out of the ten fraudulent transactions identified, seven occurred while the Central Bank still held the reins,” Karunanayake stated.
“Those seven were executed under the CBSL’s Public Debt Department in late 2025, while only three occurred after the 1 January 2026, handover to the Treasury,” he claimed.
The heist was executed via a Business Email Compromise (BEC). Hackers used a fake domain (exportfinance.av.com) to impersonate Australian officials.
Despite the CBSL’s role in training PDMO staff and overseeing the IT transition, basic verification protocols were ignored.
The Director of the CBSL’s Payments and Settlements Department has been appointed as the Registrar of Government Securities to oversee the accuracy of the securities registry while the PDMO handles issuance.
Systemic failure of oversight: As the primary operator of the LankaSecure and Scripless Securities Settlement System (SSSS), the CBSL remained the technical custodian during the transition, he disclosed.
The probe has already seen the tragic death of an interdicted Assistant Director from the External Resources Department (ERD), whose death in Kuliyapitiya was ruled a likely suicide following intense CID questioning.
Karunanayake argued that the Government’s reputation with international creditors and the IMF hinges on a full accounting of how $ 2.5 million was siphoned off in five distinct tranches without detection for nearly four months.
“We are in a delicate transition period under the Public Debt Management Act. To maintain the trust of our creditors, we must prove that our institutions are not beyond reproach,” he added.
A Parliamentary Select Committee will provide the transparency that a departmental inquiry cannot. We need to know why warnings were ignored and why the CBSL, with all its technical expertise, failed to protect the State’s coffers during this shift.
“The proposed PSC would have the power to summon senior CBSL officials, Treasury leadership, and digital forensic experts to determine why multi-factor authentication and secondary verification failed during the most critical financial transition in Sri Lanka’s history,” he said.
