The Committee on Public Finance (CoPF) earlier this week subjected the Central Bank of Sri Lanka (CBSL) to intense scrutiny over the Rs. 13.2 billion fraud at National Development Bank PLC (NDB), with lawmakers questioning supervisory lapses, governance failures, and whether warning signs were overlooked despite the steady build-up of suspicious balances in the bank’s accounts.
Appearing before the Committee chaired by Samagi Jana Balawegaya (SJB) MP Dr. Harsha de Silva, CBSL Governor Dr. Nandalal Weerasinghe and senior officials provided an update on the independent forensic audit being conducted by Deloitte India and outlined measures taken to safeguard the bank’s stability.
The CBSL said fieldwork commenced on 2 May and an interim report is expected next week, while the final report is scheduled to be submitted on 18 July. The audit is expected to establish the nature and root cause of the fraud, examine the modus operandi, verify the loss amount, analyse financial transactions, and review internal systems, ledgers, and controls.
A significant portion of the hearing focused on the scope of the investigation. CoPF members questioned why NDB had participated in drafting the terms of reference despite being the institution under investigation.
CBSL officials clarified that while an initial draft had been prepared through the bank for procurement purposes, the regulator ultimately determined the scope and inserted all substantive requirements.
‘The mandate and scope were defined by the CBSL,’ Dr. Weerasinghe said, noting that the final authority over the audit framework rested with the CBSL.
The Committee also sought an explanation for the decision to extend the forensic review period to a decade.
The CBSL responded that the employee alleged to be at the centre of the fraud had worked in the reconciliation and transaction-input functions for more than nine years, making a 10-year review necessary to determine whether similar irregularities had occurred previously.
Lawmakers then turned their attention to the issue that has become central to the case: the unusually large balances recorded as receivables linked to Customer Electronic Fund Transfer (CEFT) transactions.
LankaPay CEO Channa de Silva explained that CEFT operates as a real-time interbank payment system where customer accounts are debited and credited immediately, while settlements between banks are completed through periodic net settlement cycles via the Real Time Gross Settlement (RTGS) system.
Under normal operating conditions, settlements are completed within hours, with longer delays occurring mainly over weekends and public holidays. Committee members questioned how balances reportedly rising from around Rs. 3 billion to more than Rs. 12 billion could accumulate under such a framework without attracting greater scrutiny.
One member observed that, based on LankaPay’s explanation, a balance of Rs. 13.2 billion within what is effectively a short settlement cycle appeared difficult to understand.
The CBSL acknowledged that the increase in ‘other financial assets’ had been identified during supervisory reviews and that inquiries had been made with NDB. However, officials maintained that banking supervision is fundamentally prudential in nature and does not involve transaction-level auditing.
‘We conduct prudential supervision and not transaction audit or forensic audit,’ a CBSL official told the Committee, adding that responsibility for transaction verification primarily rests with the Board of Directors, Audit Committee, internal audit, and external auditors.
That explanation drew criticism from several members, who argued that a balance of such magnitude should have triggered stronger supervisory intervention, particularly when the figures had increased sharply over successive reporting periods.
The CBSL nevertheless maintained that the fraud had not undermined the bank’s financial soundness.
Officials said NDB had already restated its financial statements to reflect the full Rs. 13.2 billion fraud exposure and continued to meet all regulatory requirements relating to capital adequacy and liquidity under Basel standards.
The regulator said it had intensified supervision of the bank, held discussions with current and former auditors, and required NDB to submit corrective action plans aimed at strengthening governance, risk management, and internal controls.
Among the measures already imposed are directives relating to key management personnel, strengthening oversight of reconciliation functions, revising reporting lines, and preventing redesignation of senior officers until investigations are completed. The CBSL said NDB’s capital and liquidity positions are now being monitored on a weekly basis.
Another contentious issue was whether the forensic audit would examine the conduct of the CBSL itself.
Committee members argued that the investigation should assess not only what occurred within NDB but also whether regulatory shortcomings contributed to the prolonged concealment of the fraud.
CBSL officials initially stated that the forensic audit was focused on NDB and would not specifically evaluate the performance of the regulator. However, Dr. Weerasinghe noted that elements of the mandate dealing with governance failures, control weaknesses, and oversight mechanisms could encompass wider supervisory considerations.
The hearing also revisited concerns raised by the International Monetary Fund (IMF) regarding banking supervision.
Members referred to the IMF’s 2023 Governance Diagnostic Assessment, which identified weaknesses in supervision, operational risk oversight, governance, and anti-money laundering controls.
The CBSL said most recommendations had since been addressed through reforms, including the new Banking Act enacted in 2024, strengthened corporate governance directions, and revised rules governing related-party transactions.
However, lawmakers pointed to the IMF’s latest review, released in May, which highlighted the need to strengthen supervision of operational risk management and financial integrity frameworks following the fraud at a regulated financial institution.
Concluding the discussion, Dr. de Silva said many of the outstanding questions could only be answered once the forensic audit is completed. He indicated that the CoPF would revisit the matter after the interim and final reports are received and suggested that a future session could be dedicated to reviewing the CBSL’s supervisory framework more broadly amid concerns about potential systemic vulnerabilities.