Practitioners — Public Auditors · Last updated 26 May 2026 · methodology v2.1 · Hallucination Register

Currency of the 2016 Cyber Resilience Guidance as the operative international standard

RLB Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022

AI's failure:Outdated Risk for Public Auditors:Wrong deliverable on cybersecurity framework alignment

What the RLB Specialist Panel found

4. Currency of the 2016 Cyber Resilience Guidance as the operative international standard

Question (paraphrased to protect IP): Is the CPMI-IOSCO 2016 Cyber Resilience Guidance still the operative international standard, or has it been updated or put out for revision?
Source regulation: Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)
What AI assistants typically say: Multiple AI tools gave similar incorrect responses, each stating that the 2016 guidance remains the operative international standard for FMI cyber resilience and has not been formally revised or superseded.
What the regulator actually says: In May 2026, CPMI-IOSCO published a consultative document for public comment on updated guidance, placing the 2016 guidance under active formal revision.
Why the AI went wrong: The 2026 CPMI-IOSCO consultation was published after the training data cutoff for the AI tools tested. Both AI tools stated with confidence that no revision had occurred, when the absence of that information from their training data simply reflects a knowledge boundary — not the current regulatory reality. Practitioners have no way to detect this failure mode from the AI's response alone, as the AI presents its outdated information as a current fact.
Cited source(s): Regulator portal: https://www.bis.org

Impact for Public Auditors in international jurisdictions advising on the Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)

For public auditors reporting on cyber programme alignment as at the audit period, missing the May 2026 CPMI-IOSCO consultative document creates a subsequent-event gap in the audit-report communication. A statement that the 2016 guidance is the standing operative standard, without flagging the open consultation, exposes the audit team if the consultation is surfaced by another party during the audit-report review.

References — raw findings (per AI model)

RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022-Opus47 Claude Opus 4.7 (web search on)
RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022-Sonnet46 Claude Sonnet 4.6 (web search on)

This finding also affects

← Previous finding Definition of 'cyber resilience' and alignment with the 2018 FSB Cyber Lexicon

Cite this finding

Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.

RLB Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022

Plain text Download

RegLeg Specialist Panel (2026). "Currency of the 2016 Cyber Resilience Guidance as the operative international standard — Practitioners — Public Auditors." Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022. RegLegBrief AI Hallucination Research, published 2026-05-26. https://reglegbrief.com/regulators/j1/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-022/

APA 7th edition Download

RegLeg Specialist Panel. (2026). Currency of the 2016 Cyber Resilience Guidance as the operative international standard [Hallucination finding RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/regulators/j1/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-022/

Bluebook / OSCOLA (US + UK legal) Download

RegLeg Specialist Panel, Currency of the 2016 Cyber Resilience Guidance as the operative international standard [RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022], RegLegBrief AI Hallucination Research (May 26, 2026), https://reglegbrief.com/regulators/j1/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-022/.

BibTeX Download

@misc{reglegbrief_RLB_F_INT_BIS_CPMI_IOSCO_CYBER_RESILIENCE_FMI_2016_Q022,
  author    = {RegLeg Specialist Panel},
  title     = {Currency of the 2016 Cyber Resilience Guidance as the operative international standard},
  year      = {2026},
  publisher = {RegLegBrief AI Hallucination Research},
  note      = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022},
  url       = {https://reglegbrief.com/regulators/j1/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/practitioners/public-auditors/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-022/}
}

← Back to case study summary Case study detail →

About Citation IDs →

Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.