By: Staff Writer
June 09, Colombo (LNW): Sri Lanka’s Treasury will come under unprecedented scrutiny today as Parliament’s Committee on Public Finance (CoPF) begins today Monday June 07 what is expected to be a decisive examination of the country’s most damaging public-sector cyber fraud in recent history.
Finance Ministry Secretary Dr. Harshana Suriyapperuma and a team of senior Treasury officials have been summoned before the committee chaired by MP Dr. Harsha de Silva to explain how a sophisticated cybercrime operation succeeded in diverting USD 2.5 million from the External Resources Department (ERD).
At the centre of the hearing is a newly submitted 100-page Treasury report that lawmakers have spent days studying. Members of CoPF are expected to challenge Treasury officials on apparent inconsistencies, missing timelines, and unexplained administrative failures revealed in the document.
The case has become a major test of Treasury credibility, accountability, and operational efficiency.
Investigators have established that the fraud was carried out through a Business Email Compromise (BEC) attack. Cybercriminals allegedly infiltrated routine communications between the ERD and foreign creditors, subtly altering email domain details to redirect payments into fraudulent accounts.
The stolen funds formed part of a USD 22.9 million bilateral debt settlement intended for Export Finance Australia. Authorities discovered the theft only after Australian officials raised concerns regarding the non-receipt of funds.
One of the most troubling findings concerns an automated Treasury warning issued on October 28, 2025. The financial system reportedly detected an unauthorized domain-name alteration and generated an alert. Despite the warning, a chain involving 14 officials proceeded to manually authorize payments.
Parliamentarians are expected to demand answers regarding how ten separate transfers were processed between November 2025 and January 2026 despite clear system warnings.
Another key focus will be the January 1, 2026 transition of sovereign debt management responsibilities from the Central Bank to the newly created Public Debt Management Office (PDMO). Investigators believe cybercriminals exploited weaknesses created during the administrative handover, raising questions about preparedness and cybersecurity oversight.
The hearing unfolds as criminal investigations continue to intensify. The Criminal Investigation Department (CID) has already recorded statements from 42 individuals connected to payment approvals and related procedures. Computer servers linked to the ERD have also been submitted for forensic examination.
International assistance has further elevated the significance of the investigation, with both the FBI and Australian Federal Police reportedly assisting local authorities in tracing the digital trail behind the fraud.
Public anger has intensified after revelations that authorities have recovered only USD 200 from the stolen millions. Critics argue that the negligible recovery exposes serious shortcomings in financial safeguards and asset-recovery mechanisms.
By the end of today’s proceedings, CoPF is expected to determine whether the Treasury’s response has been adequate and whether sweeping institutional reforms are necessary to protect Sri Lanka’s debt management systems from future attacks. The committee’s recommendations could ultimately shape major legislative and administrative changes across the country’s financial governance framework.