← Take me back to my Company Secretarie (INT) overview
AI on Principles for Financial Market Infrastructures (PFMI) for Company Secretaries in international jurisdictions
Executive Summary
The Principles for Financial Market Infrastructures (PFMI), issued by the Committee on Payments and Market Infrastructures (CPMI) and IOSCO, set out the global standards governing the governance, risk management, and operational conduct of financial market infrastructures such as central counterparties, central securities depositories, and payment systems. Company Secretaries supporting FMI boards — or advising entities that interact with FMIs — frequently rely on the PFMI to understand what governance obligations apply at the board level, including how risk oversight committees are structured and whether their establishment is discretionary or mandatory. In testing AI tools on specific PFMI governance questions, we found that the AI produced a confident, detailed answer that was not grounded in the actual text of the standard — fabricating a specific sub-provision citation and mischaracterising the nature of the obligation, before acknowledging under challenge that the source detail had been inferred rather than verified. For Company Secretaries who draft board governance frameworks or advise on FMI compliance, this type of failure carries direct risk: a board committee structure built on an AI-generated misreading of whether a requirement is mandatory or conditional could expose the FMI — and its advisers — to regulatory scrutiny.
How AI gets this regulation wrong
The table below breaks down the specific ways AI tools went wrong when tested on this regulation. The dominant failure pattern here is one of invented precision: the AI fabricated a specific sub-provision reference and invented quoted committee language, presenting both as if drawn directly from the standard — and only retracted the claim when its reasoning was challenged. This matters for PFMI in particular because the standard's governance principles hinge on fine distinctions between what boards "should" do conditionally and what they "shall" do as a hard requirement, and those distinctions are exactly where confident-sounding but unverifiable AI output creates the greatest practical risk.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| AI confidently answered incorrectly; when challenged, it admitted it didn't really know — right or wrong | 1 | Finding#1 |
What that means for your practice
The table below maps findings to the category of risk each creates for a practitioner relying on AI output in their work on this regulation. For Company Secretaries advising FMI boards in international jurisdictions, the concentrated risk is a wrong deliverable: governance advice, board committee charters, or compliance opinions built on a mischaracterised PFMI requirement. Because the PFMI is a global standard applied across many jurisdictions, errors of this kind can propagate quickly — the same AI-generated misreading used in a board paper in one jurisdiction may be replicated across affiliated FMIs in others before anyone checks the source.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Wrong deliverable | 1 | Finding#1 |
When this affects Company Secretaries
Company Secretaries working with or for financial market infrastructures — central counterparties, central securities depositories, trade repositories, and systemically important payment systems — encounter the PFMI as the primary international governance standard against which their board structures are assessed. In practice, this means consulting the PFMI when drafting terms of reference for board committees, preparing board governance reviews, advising on the scope of the risk committee's mandate, or supporting regulatory self-assessments. AI tools are increasingly used to get a rapid first read of what a principle requires before the practitioner turns to the primary text — and it is precisely in that early-stage framing step that a fabricated citation can anchor the entire analysis in the wrong place.
The specific risk is sharpest where the PFMI's language turns on conditionality. Knowing whether a governance structure is "recommended where appropriate" or "required in all cases" determines whether a board has discretion or faces a hard compliance obligation — a distinction that directly affects how a Company Secretary frames advice, what goes into a board resolution, and what gap an FMI can justify leaving open. When AI tools invent sub-provision numbers and attribute quoted language to them, a Company Secretary who does not verify against the actual standard may draft committee terms of reference, or sign off on a self-assessment, based on an obligation that does not exist in the form the AI described.
The PFMI's application across multiple jurisdictions adds a further dimension. Many FMIs operate in several regulatory environments simultaneously, and their Company Secretaries coordinate governance documentation that must satisfy both the PFMI baseline and local transpositions. An AI-generated mischaracterisation of a PFMI principle does not stay contained to one jurisdiction — it is likely to be embedded in template documents, board packs, and subsidiary governance frameworks before anyone discovers the underlying error. Company Secretaries in international practice therefore carry a disproportionate responsibility to catch these failures before they replicate.
The findings at a glance
The table below summarises each finding from our testing of AI tools on this regulation, including the question area, the type of failure, and its assessed risk category for Company Secretaries in international jurisdictions.
| # | Finding title | Type | Citation ID |
|---|---|---|---|
| 1 | PFMI Principle 2 board risk committee — mandatory or conditional? | Hallucination | RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q022 |
Aggregate impact
The finding in this cell points to a specific and recurring vulnerability in AI responses to the PFMI: the standard is a long, technically structured PDF document, and AI tools that cannot reliably access and parse its full text tend to reconstruct its contents from training-data impressions rather than from the source. The result is a response that sounds authoritative — complete with a numbered sub-provision reference and attributed quoted text — but is not grounded in what the document actually says. The particular danger is that the AI does not signal this reconstruction as uncertain until challenged; it presents invented precision as established fact.
For Company Secretaries in international practice, the aggregate risk is one of compounding errors. The PFMI's governance principles are frequently cited in board-level documents that travel across multiple entities and jurisdictions: a mischaracterised committee obligation that enters a parent-company governance framework will typically be replicated in subsidiary charters and regional board templates without further verification. The fact that the AI's fabrication concerned whether a committee is mandatory or merely recommended makes the error harder to spot — both versions are plausible on their face, and the error only becomes visible when someone reads the actual standard side by side with the AI-generated text.
The finding also highlights a source-quality problem that practitioners should treat as a structural concern, not a one-off incident. The source cited in support of the AI's answer was drawn from a third-party document — a commercial clearing entity's own compliance filing — rather than from the CPMI/IOSCO primary text. Using a regulated entity's self-reported interpretation of the PFMI as the authoritative basis for advice on what the PFMI requires creates a compounded reliability gap. A Company Secretary who identifies this citation pattern in an AI-generated memo should treat the entire analysis as unverified, not just the specific citation flagged.
Findings
Hallucinations (1)
Finding#1 — PFMI Principle 2 board risk committee — mandatory or conditional?
- Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q022
- AI's failure: AI confidently answered incorrectly; when challenged, it admitted it didn't really know — right or wrong
- Risk for the Company Secretaries: Statutory filing or board pack rests on a procedural requirement that doesn't exist
- see this finding →
What your team should do
The default position for Company Secretaries advising on PFMI compliance should be that AI tools are not reliable as primary sources for questions about specific governance requirements — particularly where the answer turns on whether a requirement is conditional or mandatory. The failure pattern found in testing is precisely the kind that is easy to miss: a specific sub-provision number and a plausible-sounding quoted phrase are the hallmarks of a well-researched answer, and distinguishing a fabricated citation from a real one requires going back to the source document. Before any AI-generated analysis of a PFMI principle is used in a board paper, committee charter, or self-assessment, a qualified practitioner should verify the specific provisions cited directly against the CPMI/IOSCO published text.
Practically, this means establishing a two-step discipline for PFMI governance work: use AI freely for background orientation and to identify which principles are likely relevant to a given governance question, but require primary-source verification for any specific obligation, sub-provision reference, or quoted text before that material enters a deliverable. Where the AI cites a source to support its answer, check whether that source is the CPMI/IOSCO standard itself or a third-party document such as an FMI's own compliance filing — the latter carries no interpretive authority for what the PFMI requires of other FMIs. A citation labelled Pretextual in our findings indicates that the source provided does not support the claim made.
AI tools are genuinely useful for Company Secretaries working on the PFMI in lower-stakes applications: drafting background briefings for new board members on what the PFMI framework is and why it exists, generating first-draft agendas for governance review projects, or structuring a list of questions to bring to a compliance review. For these uses the risk of an undetected fabrication is low, because the output is framed as orientation rather than authoritative legal or regulatory analysis. The boundary to enforce firmly is between orientation and advice — and within the advice category, between AI as a drafting aid and AI as a primary authority on what the standard requires.
How RLB Can Help
RegLeg's published Hallucination Research gives Company Secretaries a practical pre-flight check before acting on AI-generated answers to regulatory questions. Each research entry documents the specific ways AI tools have misrepresented a regulation — wrong thresholds, fabricated obligations, outdated requirements presented as current — so that a Company Secretary can cross-reference those documented failure modes against any AI output before it reaches a board paper, a filing, or a governance record. The research is freely accessible and structured around the failure types most relevant to secretarial practice: misstatement of procedural deadlines, incorrect attribution of disclosure obligations, and confusion between jurisdictional variants of the same rule.
For firms where multiple Company Secretaries work across a shared regulatory portfolio, RegLeg offers bespoke regulation deep-dives tailored to the specific instruments in scope. These engagements go beyond the published research to examine the precise provisions your team relies on most heavily, map the failure modes that carry the greatest secretarial risk for your firm, and produce a reference document your team can embed in its own AI-use workflow. The output is designed to be updated as regulations are amended, giving your team a living resource rather than a one-off snapshot.
RegLeg also develops training material and CPD-aligned content that equips Company Secretaries to recognise AI failure modes independently — not just to distrust AI output, but to interrogate it intelligently. Separately, RegLeg can conduct a confidential review of a firm's existing AI-use policy against its failure-mode catalogue, identifying where current controls adequately address known hallucination patterns and where gaps exist. Both services are delivered collaboratively, working alongside your governance and legal teams rather than as an external audit imposed on them.