Sri Lanka’s biggest banking fraud scandal is rapidly evolving into a case study of systemic regulatory failure, digital manipulation, and institutional complacency, as confidential forensic findings reveal how Rs. 13.2 billion allegedly vanished from National Development Bank PLC (NDB) over nearly two years.
Investigators now believe the operation exploited multiple weaknesses buried deep inside the bank’s payments infrastructure. Highly sensitive forensic findings from Deloitte India — appointed under direct supervision of the Central Bank of Sri Lanka (CBSL) — show that the transfers were not random acts of theft, but carefully timed and technically engineered movements executed during “weekend blindspots.”
According to forensic investigators, the suspects carried out fraudulent ledger transfers almost exclusively on Friday nights and public holiday weekends, periods when NDB’s automated monitoring systems allegedly operated under lower fraud-detection sensitivity. The reduced scrutiny created ideal conditions for large-scale manipulation of general ledger accounts without immediate detection.
The forensic audit has also reportedly uncovered an extensive cryptocurrency laundering network. Investigators traced the siphoned funds through dozens of micro-transactions routed across approximately 64 intermediary accounts before conversion into cryptocurrency using global exchanges, primarily Binance. Sources familiar with the investigation say the transaction layering techniques closely resemble international cyber-financial laundering operations.
Court-linked investigative findings indicate the fraud may have remained undetected because the bank’s general ledger systems allegedly escaped meaningful audit validation since 2024. CID investigators are also probing claims that senior operators manipulated internal logs and erased transaction histories immediately after fund movements occurred.
Perhaps most alarming are findings surrounding “batch processing exploitation.” Investigators believe fraudulent ledger entries were inserted minutes before overnight processing cycles closed, enabling transactions to pass through the system before automated fraud engines scanned balances individually. The suspects allegedly split billions of rupees into hundreds of smaller entries deliberately designed to remain below alert thresholds.
The investigation has widened dramatically beyond frontline employees. Colombo Chief Magistrate Asanga S. Bodaragama has reportedly directed authorities to arrest any senior executive found to have suppressed or ignored early warning signals flagged internally or by regulators. The court has also ordered the seizure of internal audit division logs after investigators questioned how massive ledger discrepancies repeatedly escaped scrutiny.
Deloitte’s role itself highlights the severity of the crisis. Interim findings are reportedly bypassing NDB’s executive management entirely and are being delivered directly to the CBSL and the CID Computer Crimes Division to prevent possible internal interference.
The scandal has already triggered serious institutional fallout. Fitch Ratings downgraded NDB to ‘A-(lka)’ with a Negative Outlook, citing weakened internal controls and uncertainty surrounding the ongoing investigation.
Meanwhile, the Parliamentary Committee on Public Finance (CoPF), chaired by Dr. Harsha de Silva, has begun scrutinising whether CBSL supervision departments failed to identify growing irregularities that allegedly accumulated since mid-2024.
Although the CBSL insists depositor funds remain secure and capital adequacy ratios remain above minimum requirements, the scandal has exposed vulnerabilities at the core of Sri Lanka’s banking oversight structure.