
Sri Lanka's Committee on Public Finance (COPF) has released its long-awaited final report into the USD 2.5 million cyber fraud that sent shockwaves through the country's financial and public administration landscape. The parliamentary committee's findings paint a troubling picture of institutional vulnerabilities, lapses in oversight, and systemic weaknesses that allowed the fraud to occur.
What the Report Reveals
The COPF's comprehensive investigation has produced seven major findings that shed light on how such a significant sum was fraudulently obtained and why it took so long to detect. Here is what the committee concluded:
- Weak internal controls: The report identifies serious deficiencies in internal financial controls within the relevant institutions, creating conditions that fraudsters were able to exploit without immediate detection.
- Delayed reporting: Authorities failed to flag suspicious transactions in a timely manner, allowing the fraud to progress further than it might have under a more vigilant monitoring system.
- Inadequate cyber security frameworks: The institutions involved were found to be operating without sufficiently robust cyber security protocols, leaving critical financial systems exposed to external threats.
- Accountability gaps: The committee found that clear lines of responsibility were absent, making it difficult to hold specific individuals or departments accountable once the breach was discovered.
- Lack of staff training: Employees handling sensitive financial transactions lacked adequate training in identifying and responding to cyber threats and social engineering tactics.
- Regulatory shortcomings: The report highlights gaps in existing regulatory frameworks that govern how public funds are managed and protected in the digital environment.
- Recovery challenges: Tracing and recovering the defrauded funds has proven extremely difficult, underscoring the cross-border complexities that typically accompany cyber financial crimes.
A Wake-Up Call for Public Institutions
The COPF's report is being widely viewed as a critical warning to Sri Lanka's public institutions about the growing threat of cyber fraud in an increasingly digital financial environment. The committee has stressed that the conditions that enabled this fraud are not unique to one institution, but could be replicated across multiple state bodies if urgent reforms are not undertaken.
The findings make clear that Sri Lanka's public financial management systems must be modernised and hardened against cyber threats without delay.
Calls for Immediate Reform
In light of its findings, the committee has called on the government to implement sweeping reforms to cyber security policy, staff training programmes, and internal audit mechanisms. Lawmakers have urged that independent oversight bodies be given stronger powers to investigate and act upon financial irregularities before they escalate.
The release of the report is expected to prompt significant debate in Parliament, with opposition members already calling for ministerial accountability and a transparent account of what steps are being taken to recover the lost funds and prevent a recurrence.
For the Sri Lankan public, the USD 2.5 million fraud serves as a stark reminder of the very real financial risks posed by cyber crime — and of the urgent need for the country's institutions to keep pace with the evolving digital threat landscape.
💬 Join the Discussion 2
See what readers are saying — and add your view.
2.5 million gone and nobody arrested? typical lanka story
they will form another committee to investigate the committee