On 17 September 2025, Central Bank Governor Dr P. Nandalal Weerasinghe argued that artificial intelligence is no longer optional for Sri Lanka’s financial sector. He called AI a “strategic imperative” for banks and finance companies, highlighting gains in efficiency, fraud prevention, inclusion, and sustainable finance while warning about privacy, bias, and governance risks that demand robust oversight.
The message matters. After stabilising inflation and rates, the next leg of recovery will be productivity. Finance is a system-wide lever. If banks use AI to cut costs, price risk better, and widen access to credit, those gains ripple across households and firms. The Governor’s remarks align with the Central Bank’s broader agenda on financial stability, digital payments, and supervisory modernisation, and follow earlier warnings about deepfake scams misusing the Governor’s image proof that AI’s upside and downside now coexist in Sri Lanka’s economy.
What exactly did the Governor emphasise
Two ideas stood out. First, AI will redefine banking operations and customer engagement. Second, the benefits must be secured through strong governance. He underscored real-time anomaly detection for fraud and financial crime, where algorithms process billions of transactions faster and more accurately than human teams, strengthening the integrity of the financial system. At the same time, he cautioned on data privacy, algorithmic bias, and transparency, calling for frameworks that make models explainable and accountable.
Why this timing?
The sector is exiting crisis mode and entering an efficiency cycle. The Central Bank has normalised policy rates and prioritised credit growth consistent with medium-term inflation targets. As balance sheets heal, management attention is shifting to cost-to-income ratios, credit analytics, and operational resilience. AI sits at the intersection of all three. Internationally, supervisors are also adopting “suptech” to analyse risks using machine learning; Sri Lanka’s stance is consistent with that trend.
Where AI delivers near-term value
1) Credit decisioning and inclusion.
Banks can use machine learning to improve probability-of-default and loss-given-default models, especially for thin-file customers such as micro-enterprises and first-time borrowers. Alternative data, e-commerce sales, payment histories, telecom patterns where lawful, and verified cash-flow data can enrich underwriting.
The payoff: lower manual processing, faster loan approvals, and risk-based pricing for segments long excluded from formal credit. These goals are aligned with national financial literacy and inclusion initiatives launched in 2024–2025.
Bank for International Settlements
2) Financial crime and cyber defence.
Supervised and unsupervised models can flag unusual transaction clusters, mule accounts, and sanctions-evasion typologies. Generative AI can assist investigators by summarising case files, while graph analytics map networks across institutions. The Governor explicitly framed AI as one of the most effective anti-fraud tools when combined with human oversight and strong governance.
3) Customer service and cost reduction.
AI assistants handle high-volume queries, disputes, and routine form-filling in multiple languages, freeing human agents for complex cases. For banks with large branch networks, this can cut service costs while improving response times.
4) Collections and NPL management.
Propensity-to-pay models schedule outreach and restructure offers at the right time and channel, reducing roll rates and write-offs.
5) Sustainable finance and risk.
AI can scan invoices, shipping documents, satellite data, and corporate disclosures to classify exposures by sector, emissions intensity, and physical-risk hotspots. This supports the sustainable finance roadmap and the pricing of climate risk into credit.
The risk surface Sri Lanka must manage
Fraud and deepfakes.
The Central Bank has already warned the public about fraudulent AI-generated videos misusing the Governor’s image. The same tools can forge IDs, payslips, or video KYC sessions. Banks will need deepfake detection, secure device binding, and step-up verification on high-risk actions.
Data protection and lawful basis.
AI thrives on data. Sri Lanka needs clear, enforceable data-protection rules for consent, purpose limitation, retention, cross-border transfers, and security. Banks should apply privacy-by-design and maintain data inventories that map every attribute, its source, its legal basis, and each model that touches it.
Bias and explainability.
Models can embed past discrimination. Lenders must test for disparate impact across protected groups, log model features and thresholds, and provide adverse-action explanations in plain language. This is both an ethical duty and a prudential safeguard.
Model risk management.
Every material model should have an owner, a validation schedule, drift monitoring, challenger models, and clear decommission criteria. Version control and audit trails are non-negotiable.
Third-party dependence.
Most AI capability will be delivered by vendors or hyperscale clouds. Contracts must include audit rights, data-residency options, incident reporting timelines, and exit plans to avoid lock-in.
What regulators can do next
1) Issue a Supervisory Statement on AI Use in Finance.
Clarify expectations on data governance, explainability, testing for bias, documentation, and incident reporting. Align with global principles while adapting to local law and market structure. This can sit alongside existing risk and IT circulars and a future data-protection regime.
2) Build a suptech toolkit.
Use machine learning on supervisory data to spot emerging risks: connected exposures, liquidity stress signals, and unusual customer complaints. Establish a secure pipeline for anonymised transaction and model-risk data, with encryption and strict access controls.
3) Create an AI Model Registry.
Require systemically important banks and large finance companies to register material models: purpose, data sources, performance metrics, validation dates, and key risk controls. Start with credit, fraud, AML, and collections. Scale later to trading and treasury.
4) Expand the regulatory sandbox.
Prioritise AI use-cases with clear public-interest benefits: inclusion, SME lending, and fraud reduction. Time-bound trials with customer safeguards allow learning without system-wide risk.
5) Coordinate on public datasets.
Work with statistical agencies to improve machine-readable economic and geospatial data. High-quality public data raises model accuracy across the market. It also reduces the temptation to scrape low-quality sources.
Click to read “Overhauling Sri Lanka’s Outdated Statistics Law: A Blueprint for Credible Data and Modern Governance“
What banks should prioritise in the next 12 months
Data foundations.
Clean, labelled, well-governed data beats exotic algorithms. Build a feature store, implement role-based access, and automate lineage tracking. Without this, models will be brittle.
Human-in-the-loop.
Keep people in control for credit decisions, suspicious-activity reports, and collections hardship cases. Use AI to propose, not to decide, where stakes are high.
Controls and documentation.
Adopt a model risk policy. Document training data, feature importance, validation results, and monitoring thresholds. Log every override. Treat prompts and outputs for generative systems as regulated records when they influence customer outcomes.
Operational resilience.
Plan for AI system outages, vendor failures, and adversarial attacks. Run red-team exercises. Ensure fallbacks to manual processes.
Customer communication.
If a decision was assisted by AI, say so. Offer a path to challenge decisions and to request a human review. Transparency builds trust.
What citizens should expect
If implemented well, customers will see faster onboarding, fewer fraud losses, and more tailored credit, especially for SMEs and informal-to-formal transitions. They should also expect clearer notices on data use and more consistent explanations for declined applications. Enforcement against deepfake scams should intensify, backed by joint action from banks, telecoms, and the Central Bank.
The Governor’s signal is clear about AI in Sri Lanka’s Financial Sector
AI belongs at the centre of Sri Lanka’s financial modernisation, not at the margins. But technology does not absolve institutions of responsibility. The prize is lower intermediation costs, wider inclusion, and a more resilient system. The price of admission is rigorous governance, privacy, and fairness. The Central Bank’s stance captures both truths. Sri Lanka should move deliberately and transparently to make them real.
To read more news – ceylonpublicaffairs.com
