Statutory Boards Agencies × Compliance — International / Multilateral · Last updated 26 May 2026 · methodology v2.1 · Hallucination Register

Overconfident alignment claim between the 2016 guidance and the 2018 FSB Cyber Lexicon

RLB Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020

AI's failure:Inference Drift Risk for Statutory Boards Agencies × Compliance:Wrong deliverable on cybersecurity framework alignment

What the RLB Specialist Panel found

2. Overconfident alignment claim between the 2016 guidance and the 2018 FSB Cyber Lexicon

Question (paraphrased to protect IP): How does the CPMI-IOSCO 2016 Cyber Guidance define 'cyber resilience', and how does this compare to the definition in the 2018 FSB Cyber Lexicon?
Source regulation: Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)
What AI assistants typically say: Multiple AI tools gave similar incorrect responses. In each case the AI asserted that the two definitions are broadly consistent or that the FSB Cyber Lexicon explicitly drew on the CPMI-IOSCO formulation — presenting a confident comparative judgment rather than acknowledging that the two documents are separated by two years and that their definitions may not correspond.
What the regulator actually says: The FSB Cyber Lexicon was published in November 2018 — two years after the 2016 guidance. Its standardised definitions, including of 'cyber resilience', 'cyber incident', and 'critical functions', postdate the 2016 guidance and may not match how that guidance used the same terms in 2016.
Why the AI went wrong: The AI stripped out the documented epistemic uncertainty — that the later lexicon's definitions may not match the earlier guidance — and substituted a confident alignment claim, including an unsupported assertion about directional influence between the two documents.
Cited source(s): Regulator portal: https://www.bis.org

Impact for Compliance Teams in Statutory Boards & Agencies Sector in international jurisdictions working with the Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)

For Compliance teams at Statutory Boards & Agencies, an asserted consistency between the 2016 guidance and the November 2018 FSB Cyber Lexicon collapses a two-year vocabulary gap into a single asserted alignment. A definitional reference in policy, KRI documentation, or control library tagging that uses the asserted alignment as evidence of vocabulary grounding imports terminology that may not match the 2016 source, and exposes the team on a definition-by-definition test against either document.

References — raw findings (per AI model)

RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Opus47 Claude Opus 4.7 (web search on)
RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Sonnet46 Claude Sonnet 4.6 (web search on)

This finding also affects

← Previous finding Misattributed source for a CPMI strategic phrase Next finding → False assertion that the 2016 guidance remains the operative standard

Cite this finding

Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.

RLB Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020

Plain text Download

RegLeg Specialist Panel (2026). "Overconfident alignment claim between the 2016 guidance and the 2018 FSB Cyber Lexicon — Statutory Boards Agencies × Compliance — International / Multilateral." Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020. RegLegBrief AI Hallucination Research, published 2026-05-26. https://reglegbrief.com/regulators/j1/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/sectors/statutory_boards_agencies/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/

APA 7th edition Download

RegLeg Specialist Panel. (2026). Overconfident alignment claim between the 2016 guidance and the 2018 FSB Cyber Lexicon [Hallucination finding RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/regulators/j1/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/sectors/statutory_boards_agencies/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/

Bluebook / OSCOLA (US + UK legal) Download

RegLeg Specialist Panel, Overconfident alignment claim between the 2016 guidance and the 2018 FSB Cyber Lexicon [RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020], RegLegBrief AI Hallucination Research (May 26, 2026), https://reglegbrief.com/regulators/j1/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/sectors/statutory_boards_agencies/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/.

BibTeX Download

@misc{reglegbrief_RLB_F_INT_BIS_CPMI_IOSCO_CYBER_RESILIENCE_FMI_2016_Q020,
  author    = {RegLeg Specialist Panel},
  title     = {Overconfident alignment claim between the 2016 guidance and the 2018 FSB Cyber Lexicon},
  year      = {2026},
  publisher = {RegLegBrief AI Hallucination Research},
  note      = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020},
  url       = {https://reglegbrief.com/regulators/j1/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/sectors/statutory_boards_agencies/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/}
}

← Back to case study summary Case study detail →

About Citation IDs →

Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.