FINANCIAL CHRONICLE – The recent internal fraud incident at National Development Bank PLC (NDB), a publicly traded financial institution in Sri Lanka, emerged in early April 2026 as one of the most significant operational risk failures in the country’s banking sector history. While both the bank and the regulatory authorities have taken steps to manage the aftermath, the timing of their disclosures and the magnitude of the financial loss have prompted serious concerns regarding oversight and transparency.
What Transpired in the Rs. 13.2 Billion Fraud?
According to official communications and statements from the Central Bank of Sri Lanka (CBSL), the situation unfolded in two notable phases. The first phase began on April 2, 2026, when NDB officially notified the Colombo Stock Exchange (CSE) about discovering fraudulent activities perpetrated by certain employees “in connivance with a third party or parties.” At this juncture, the bank minimized the financial implications, estimating the loss to be around Rs. 380 million, albeit cautioning that the final figure could be “substantially greater.”
However, just four days later, on April 6, NDB issued a subsequent disclosure revealing a staggering escalation in the estimated loss. The revised assessment indicated that the fraud, confined to a “certain area of operations,” had reached approximately Rs. 13.2 billion—nearly 35 times the original estimate. Despite the enormity of the loss, both NDB and CBSL reassured stakeholders that customer deposits and account balances remained secure and unaffected, with the financial impact being absorbed by the bank’s capital and reserves.
In response to the situation, the Central Bank intervened on April 6, providing regulatory support. It confirmed that NDB’s capital adequacy and liquidity ratios were still above the required minimums, despite the significant loss. However, strict austerity measures were enforced, including the suspension of dividend payments. Cash dividends scheduled for distribution on April 6 were canceled, and all discretionary expenditures and branch expansions were halted. The Central Bank also stated that NDB could access emergency liquidity facilities if necessary to avert a potential bank run or panic withdrawals.
Unresolved Issues and Delays in Disclosure
Despite the official communications, several crucial questions remain regarding the incident:
1. The 3,373% Estimate Discrepancy
The most pressing concern is how the bank’s internal audit and risk management systems initially assessed a loss of Rs. 380 million, only to revise it to Rs. 13.2 billion within 96 hours. This significant inconsistency raises doubts about either the bank’s initial understanding of the fraud’s extent or a delayed disclosure strategy that has unsettled investors. The bank has not clarified how the estimate shifted so dramatically in such a short time.
2. Nature of the “Area of Operations”
NDB stated that the fraud was confined to a “certain area of operations,” yet has not clarified whether this pertains to treasury functions, corporate lending, or digital banking. For a fraud totaling Rs. 13.2 billion (approximately US$ 44 million) to occur without impacting customer accounts, it likely involved the misappropriation of the bank’s proprietary funds or complex inter-bank transactions. The lack of information on how and why this internal fraud occurred, and why it went undetected initially, remains a concern.
3. Disclosure Delays
Under CSE Listing Rules, publicly listed companies are obligated to disclose “material information” promptly. Reports indicate that rumors about the fraud had been circulating since late the previous year, yet NDB did not address them until April 2. Market observers noted that other listed companies often make disclosures even concerning rumors to mitigate stock price sensitivity. NDB’s silence on prior reports, including one suggesting that the Criminal Investigation Department (CID) had investigated several senior officials regarding a Rs. 290 million fraud, raises questions about the bank’s integrity. If investigations were underway before April 2, why was the market only informed then? The four-day gap in revealing the true scale of Rs. 13.2 billion suggests that the bank may have been negotiating regulatory support with CBSL before making its public statement.
4. Identity of the “Third Party”
The bank mentioned “connivance with a third party,” yet the identity of this entity remains a matter of speculation within the financial sector. The bank has not disclosed the nature of the third party involved in the fraud or who benefited from it. The seriousness of the situation could vary significantly depending on whether the third party is a corporate entity, a political figure, or an international stakeholder.
Systems Failures
A loss of this magnitude typically implies the circumvention of multiple “Red Flag” systems. The ongoing investigation has not clarified how such a substantial amount could be transferred without triggering the Automated Risk Management systems required by CBSL’s Pillar II Basel III guidelines.
(Colombo/April 06/2026)
