Sri Lanka’s economic collapse did not merely empty wallets. It hollowed out the country’s financial defences. As inflation soared, wages stagnated and credit tightened, a new class of digital lenders entered the vacuum. They promised relief in minutes. No collateral. No paperwork. No questions asked. What many borrowers encountered instead was a coordinated system of extraction, one that begins with a small loan and escalates into digital intimidation, reputational destruction and, in some cases, tragedy.

A small loan, a widening net

The mechanics are deceptively simple. A teacher, whom we identify as Thyaga, borrowed Rs. 15,000 to cover family expenses. Within a week, she says, the amount due rose to Rs. 25,000. When she failed to meet the repayment deadline, she was directed to other lending platforms. What appeared to be an exit route was, in fact, an entry point into a cycle of interlinked debt. The escalation was not confined to numbers on a screen. The pressure extended into her social life. She says her family and friends disowned her amid the fallout. She later attempted suicide. The pattern is stark, a modest, urgent loan rapidly mutates into a spiraling obligation, driven by daily interest rates, penalties and opaque charges.

The weaponisation of data

The real leverage lies not in contracts, but in contacts. These predatory lending apps request access to contacts, photographs and social media profiles at installation. Once a payment is delayed, sometimes by mere hours, the data becomes ammunition. Borrowers report that their photographs, occasionally alongside images of their National Identity Cards, are circulated to family members, employers and acquaintances. Others received calls from individuals claiming to be legal representatives. This is not debt collection in the traditional sense. It is reputational coercion. It transforms financial default into public spectacle.

The consequences are severe. The reported deaths of a four-member family in Kadamakkudy, Kerala, in 2023, allegedly linked to a lending cycle involving numbers registered in Sri Lanka, highlight the cross-border dimension of this crisis.

An interest rate beyond reason

The economic architecture underpinning these platforms is as aggressive as their collection methods. Following the removal of Sri Lanka’s 35 percent annual interest cap in 2022, a decision taken amid soaring treasury bond rates, digital lenders have operated in a regulatory grey zone . Borrowers report daily interest rates of between 1 percent and 2.5 percent. Compounded with fees, this can translate into annualised rates exceeding 300 percent, and in some cases far higher.

The onboarding process is engineered for speed. Some services advertise that only a valid ID is required, with no collateral or income verification. The absence of rigorous Know Your Customer procedures is framed as convenience. In practice, it accelerates entrapment.

More revealing still is the apparent interconnectedness of brands. Investigative findings link Fino.lk and Monigo.lk to the same Latvian parent entity, Sun Finance (SF Group). Borrowers moving from one app to another may, unknowingly, remain within the same overarching financial structure. The appearance of choice masks a closed loop.

Transnational crime

The ecosystem extends beyond Sri Lanka’s borders, not only in ownership, but in operational reach. StarVIP, an organization accused of predatory online lending, has been linked to Chinese nationals, and Sri Lanka’s Computer Crimes Investigation Division (CCID) has previously conducted a raid in connection with alleged unlawful debt collection operations involving foreign actors. Senior law enforcement officers familiar with ongoing stated that many of these digital lenders have failed to transparently disclose how customers’ personal data are collected, processed and stored or whether that data are hosted on servers in Sri Lanka, China or other overseas jurisdictions. Investigators say borrowers are seldom informed that granting access to their phone contacts may enable large-scale data harvesting. According to officers, those contact lists are not only used as leverage during recovery but are also allegedly repurposed to market loans to additional targets, expanding the cycle of recruitment. 

Authorities further indicated that while ownership structures and digital infrastructure may sit offshore, certain operations rely on locally recruited callers to carry out collection and intimidation campaigns within Sri Lanka.

Under Sri Lanka’s Computer Crime Act, No. 24 of 2007, such practices may attract criminal liability. Section 3 criminalises intentional unauthorised access to a computer or information within it. Section 4 addresses unauthorised access carried out with intent to commit an offence. Section 5 makes it an offence to cause a computer to perform functions without lawful authority, including unauthorised modification or impairment of data. Law enforcement officials stated that, subject to evidentiary findings, certain forms of unauthorised data extraction and misuse observed in these cases could fall within the scope of these statutory provisions.

The social media machine

If offshore infrastructure is the skeleton, social media advertising is the bloodstream.

Analysis of Meta’s Ad Library shows recurring slogans: “10 minutes to cash”, “instant approval”, and “interest-free first loan”. Identical creative templates appear across supposedly competing brands. Testimonials and stock images are recycled. Multiple pages are launched in close succession.

The targeting appears deliberate. Advertisements are pushed towards users facing acute financial pressure, medical bills, rent arrears, or utility disconnections. The coordinated rollout of pages and messaging bears resemblance to patterns observed in digital influence operations, including simultaneous page creation, synchronised narratives and cross-platform amplification.

Despite the visible overlap in creative assets and recurring promotional themes, many of these advertisements have remained active for extended periods. Meta has policies governing harmful financial practices and harassment, yet the continued circulation of such campaigns suggests enforcement gaps. Even where individual pages are removed, new ones often appear in their place, allowing the promotional cycle to persist.

Beyond crime: A resilience question

Viewed in isolation, each case resembles a consumer protection failure. Viewed collectively, the pattern raises broader concerns. The investigation assesses these operations against indicators associated with Foreign Information Manipulation and Interference (FIMI): offshore domain registration, foreign hosting, coordinated page launches and cross-platform amplification .

Definitive attribution requires further data exclusive to law enforcement. Yet the structural features, offshore control, jurisdictional evasion and synchronised digital behaviour, align with interference-style operational resilience . The effect is to extract wealth from a crisis-stricken population while evading domestic accountability.

A vacuum of regulation

Sri Lanka’s legal framework has struggled to catch up. The Microfinance Act No. 6 of 2016 does not comprehensively regulate digital lenders. A proposed Micro Finance and Credit Regulatory Authority Bill in 2023 was withdrawn. Some digital lenders reportedly register as “software companies”, placing themselves outside direct financial oversight .

Meanwhile, social media platforms continue to host advertisements and, according to victims, have not consistently prevented the circulation of private data and manipulated images. Enforcement agencies face a familiar dilemma: how to police entities with no physical presence and infrastructure hosted offshore. Efforts to obtain comment from the Sri Lanka Financial Sector Computer Security Incident Response Team (FinCSIRT), formerly known as BankCSIRT and established in 2014, were unsuccessful at the time of publication.

The larger reckoning

Digital lending is not inherently malign. In many contexts, it expands access to credit for those excluded from traditional banking. But when the collateral becomes a person’s reputation, when the enforcement mechanism is humiliation, and when ownership structures stretch across borders, the equation changes. Sri Lanka’s crisis created fertile ground for rapid innovation. It also exposed the cost of regulatory inertia.

The question now is whether policymakers will treat this as a series of isolated scams or as evidence of a coordinated, cross-border ecosystem exploiting both financial distress and digital vulnerability. For borrowers like Thyaga, the consequences were personal and immediate. For Sri Lanka, the implications are systemic.

This investigation draws on open-source intelligence (OSINT) techniques, including analysis of the Meta Ad Library, archived website records via the Wayback Machine, full-page capture documentation, domain registration records (WHOIS) and publicly available enforcement notices. Digital infrastructure overlaps, advertising patterns and historical domain data were cross-referenced to identify structural similarities between platforms. This investigation was independently reported. The journalists received training and mentorship under the Indo-Pacific Media Resilience Programme (IPMR) organised by Internews.