By Adolf
The recent remarks by Central Bank of Sri Lanka (CBSL) Governor Dr. Nandalal Weerasinghe, drawing a clear separation between the Central Bank’s role as banker to the Government and its responsibilities as regulator of licensed banks, have triggered renewed debate over accountability in Sri Lanka’s financial governance framework.
Speaking at the presentation of the CBSL Economic Review 2026, the Governor argued that the Bank’s role in the recent Treasury payment breach was limited to executing authorised instructions from Government entities, while emphasising that the CBSL does not oversee individual banking transactions within commercial institutions.
While the distinction between operational execution and regulatory supervision is technically valid within modern central banking frameworks, the emerging concerns surrounding the Treasury phishing incident and the Rs. 13.2 billion fraud at National Development Bank PLC raise a broader and far more uncomfortable question: can the Central Bank of Sri Lanka fully distance itself from systemic failures occurring within the institutions it supervises? The answer is a BIG no.
The CBSL grants banking licences and charges substantial annual regulatory fees to licensed banks. More importantly, the public entrusts its savings and deposits to these institutions largely because they operate under the supervision and regulatory oversight of the CBSL. That supervisory relationship creates not only legal authority, but also a broader public responsibility.
While the Central Bank may not be directly responsible for the operational failures or fraudulent acts within individual institutions, it cannot entirely wash its hands of accountability when serious governance, risk management, and control failures emerge within banks under its supervision. Public confidence in the banking system ultimately rests on the credibility and effectiveness of the regulator itself.
At a time when governments globally are tightening fiscal policy, recalibrating subsidies, and prioritising money saving measures to preserve macroeconomic stability, governance credibility becomes even more critical. Similarly, in an environment where exchange rate pressure, and fiscal stress, the resilience of financial oversight systems is no longer a technical issue — it is a core pillar of national stability.Sri Lanka, still navigating post-crisis recovery, cannot afford weaknesses in institutional trust.
Treasury heist
The Treasury incident, involving fraudulent external debt service payments amounting to US$ 2.5 million across multiple tranches, has already triggered investigations by the Criminal Investigation Department (CID), Parliamentary oversight committees, financial intelligence authorities, and international counterparts. The breach has exposed vulnerabilities in payment authentication systems and institutional controls within the public financial management architecture.
At the same time, the large-scale fraud uncovered at NDB has intensified scrutiny over bank-level governance, internal controls, and the effectiveness of supervisory oversight. While the Governor has correctly noted that depositor funds remain unaffected and that the institution remains stable in terms of capital and liquidity, the scale of the fraud inevitably raises questions about risk detection, escalation mechanisms, and the robustness of early warning systems.
Outdated Thinking
Dr. Weerasinghe’s comparison of CBSL’s role to that of a bank executing customer instructions reflects a formal interpretation of the Bank’s operational mandate. However, central banking in practice extends beyond procedural execution and macroprudential oversight. It also carries the burden of safeguarding confidence in the entire financial system — including trust in controls, governance discipline, and regulatory vigilance.
While supervision is not designed to monitor every transaction, modern financial systems are increasingly exposed to sophisticated frauds that exploit precisely the gaps between governance, compliance, and oversight boundaries. In such an environment, regulatory credibility is judged not only by compliance frameworks, but by the system’s ability to anticipate and prevent institutional failure.
Ultimately, the issue at stake is not whether the CBSL can distance itself from operational responsibility in specific incidents. It is whether the overall architecture of oversight is strong enough to prevent such failures — and whether accountability is clearly owned when they occur.
Conclusion
Financial stability today cannot be separated from fiscal discipline, energy security, and institutional credibility. Cost saving measures may stabilise budgets, and other strategies may cushion external shocks, but neither can succeed if confidence in financial governance is weakened.
Stability is ultimately a question of trust — trust that systems work, risks are escalated, and institutions are accountable when failures occur.
In that sense, the issue is not whether the Central Bank of Sri Lanka can “wash its hands off” responsibility. The real issue is whether Sri Lanka can afford a framework where responsibility appears fragmented precisely at a moment when coherence, accountability, and public confidence are most needed.
The Governor, already under considerable public scrutiny over the declaration of bankruptcy without parliamentary approval, must exercise caution in his public statements. While the current Government’s limited experience in governance may have provided some political space for such remarks to pass without immediate consequence, public patience will be far less forgiving if people begin to lose their livelihoods, savings, and confidence in the financial system.
At moments of institutional stress, credibility is not built through technical distinctions alone. It is built through leadership, accountability, and the assurance that regulators fully appreciate the gravity of public trust placed in them.