Three overseas banks flagged Treasury payment before $ 2.5 m phishing fraud succeeded

Wednesday, 15 July 2026 00:28 -     - {{hitsCtrl.values.hits}}


 

  • Fraudulent $ 1.3 m debt payment rejected by correspondent banks in US, UAE and Vietnam before scammers redirected funds
  • CoPF reveals PDMO sought clarifications from fraudsters after each rejected transfer, believing they were legitimate lender
  • CBSL says it alerted Treasury each time payment was returned but had no statutory duty to notify Financial Intelligence Unit

Three correspondent banks in the US, the United Arab Emirates (UAE), and Vietnam rejected a fraudulent $ 1.3 million Government debt payment after detecting anomalies before revised payment instructions supplied by scammers ultimately enabled part of the wider $ 2.5 million Treasury phishing fraud to succeed, proceedings before the Parliament’s Committee on Public Finance (CoPF) revealed yesterday. 

The Committee heard that the payment due to Export Finance Australia was initially routed through correspondent banks in Minnesota (US), Dubai, and Vietnam, with each transfer being returned after concerns were raised over the transaction. 

After every rejection, officials of the Public Debt Management Office (PDMO) sought clarification through what they believed were legitimate communication channels with the lender. However, they were in fact corresponding with the fraudsters, who repeatedly provided fresh payment instructions until a subsequent transfer was successfully executed. 

Three overseas...

The hearing also shed new light on the response of the Central Bank of Sri Lanka (CBSL) after the repeated payment failures. CBSL officials told the Committee that, acting as banker to the Government, they informed the Treasury each time the payment was returned but maintained they had no statutory obligation under the Financial Transactions Reporting Act to submit a Suspicious Transaction Report to the Financial Intelligence Unit (FIU). 

FIU officials supported that interpretation, explaining that the CBSL is not an “institution” subject to the reporting obligations under Section 7 of the Financial Transactions Reporting Act. They said the legislation is intended to address suspected money laundering and terrorist financing, and that there was no reasonable basis to suspect the Government, as the payer, of unlawful activity. 

Committee members, however, argued that the repeated rejection of a sovereign payment should have prompted stronger escalation procedures irrespective of the anti-money laundering framework, with the discussion increasingly focusing on whether weaknesses in payment governance and communication protocols allowed the fraud to progress. 

CoPF Chairman MP Dr. Harsha de Silva suggested the Committee would also examine whether legislative changes are required to better address cyber-enabled payment fraud that falls outside the traditional scope of anti-money laundering laws. 

The Committee also examined the transition of public debt management functions from the CBSL to the PDMO, including whether responsibilities and operational controls were sufficiently defined during the handover. 

While some members referred to findings in an investigation report concerning guidance provided to trainee PDMO officers, former Public Debt Department officials disputed those findings, saying they had not previously seen the report and had documentary evidence that the training and handover had been properly completed. 

Representatives of the Attorney General’s Department told the Committee they required additional time to provide a legal opinion on the respective responsibilities of the CBSL and the PDMO under the relevant legislation, including whether the CBSL falls within the scope of the Financial Transactions Reporting Act in circumstances such as those that preceded the Treasury phishing fraud.

 

COMMENTS