The investigation into Sri Lanka’s US$2.5 million Treasury diversion has expanded into a complex international probe, revealing how a tightly controlled financial system was bypassed through a combination of procedural failures and possible internal manipulation.
Authorities confirm that the funds were transferred through official banking channels, not through unauthorized systems. This has intensified scrutiny, as it shows that the breach occurred within the established financial framework.
The payments originated from the External Resources Department and the Public Debt Management Office, where at least 14 officials reportedly reviewed and approved the documentation before final execution. This extensive approval chain is now a central focus of the investigation.
The method used appears to involve altering beneficiary details before final authorization. Instead of reaching Export Finance Australia, the funds were redirected to unrelated accounts in five separate transfers, suggesting a deliberate attempt to avoid detection.
A critical safeguard in this process was the surveillance code verification system, which is meant to confirm the authenticity of payment instructions using pre-agreed validation codes. Investigators are now examining whether these codes were bypassed, manipulated, or ignored during the approval process.
The SWIFT system itself requires secure authentication through digital tokens held by authorized officials. Investigators are examining whether these tokens were misused or accessed without proper authorization, allowing the transfers to be completed.
International cooperation has been activated to trace the funds, with Interpol and Australian authorities assisting in tracking transactions that reportedly passed through accounts in Australia. Experts estimate that recovering the funds could take between 10 and 24 months.
The fraud was discovered only after a second attempt was made to divert another payment, indicating that those responsible may have had continued access to the system. Additional concerns have emerged with reports of missing records related to a future loan repayment, raising fears of further attempts.
A separate investigation is also underway into a missing US$625,000 payment intended for the United States Postal Service, suggesting a possible pattern.
The government’s refusal to allow a full parliamentary debate has added to public concern. Critics argue that delaying discussion undermines transparency and accountability.
The Committee on Public Finance is expected to examine the matter in detail. Its chairman has already raised concerns about the failure of key safeguards, including verification processes and internal controls, and is expected to question the Central Bank.
The Central Bank’s responsibility remains a central issue. As the final authority responsible for executing transactions, it is expected to ensure that all verification procedures including SWIFT authentication and surveillance code checks are properly completed. The failure to detect discrepancies has placed the institution under intense scrutiny.
This investigation is no longer just about recovering lost funds. It is about understanding how multiple layers of security approvals, authentication systems, and verification codes failed at the same time. The outcome will have lasting consequences for accountability, reform, and public trust in Sri Lanka’s financial system.
By a Special Correspondent