The Treasury Payment Error: A Failure Of Internal Control, Not A Mere “Hacking” Excuse

By Rusiripala Tennakoon –

The reported remittance of USD 2.5 million, intended as part payment of sovereign debt to the Australian Government, to an incorrect account raises profound concerns regarding Treasury controls and public financial governance.

Attempts to reduce this grave incident to a mere case of “hacking” are neither convincing nor sufficient.

If, as reported, the legitimate claim from the Australian authorities had already been officially communicated with proper beneficiary account details, how could an alternative account allegedly conveyed by email have been accepted without rigorous independent verification?

In any payment of this nature, particularly an international sovereign debt remittance, elementary control procedures should have applied:

* Authentication of the original payment mandate

* Independent confirmation of beneficiary banking details

* Strict maker-checker authorization procedures

* Verification through official channels before alteration of payee instructions

* Compliance review before release of funds

If these established controls were absent, ignored, or overridden, the issue is not simply cyber intrusion. It is a serious breakdown in fiduciary discipline and possibly a matter warranting criminal investigation.

In banking practice, a mere email changing beneficiary details, especially involving a foreign government payment, should never supersede authenticated instructions unless independently reconfirmed with the original creditor. Failure to observe this basic principle suggests negligence at best and fraud at worst.

The public is entitled to know:

* Who processed and approved the altered payment instruction?

* Was the maker-checker control breached?

* Were beneficiary details independently reconfirmed?

* Has a forensic audit been initiated?

* What steps are being taken to recover the funds and hold responsible parties accountable?

This is not merely a lost remittance. It is a test of the integrity of Treasury management itself.

Public confidence cannot be restored through vague references to hacking, but only through transparency, accountability and corrective reform.

It is beyond doubt that this incident adds to a growing catalogue of shortcomings, suspected fraudulent practices, gross negligence, and callous disregard for public policy and established principles accumulating against the government. So far, there has been no credible or acceptable discharge of responsibility or accountability in respect of these matters; rather, the response has largely been one of evasion and avoidance.