Corporate Banking × Compliance — International / Multilateral · published 2026-05-28 · methodology v2.1

Currency of the CPMI-IOSCO 2016 Cyber Resilience Guidance

RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022

What the RLB Specialist Panel found

2. Currency of the CPMI-IOSCO 2016 Cyber Resilience Guidance

Question (paraphrased to protect IP): Is the CPMI-IOSCO 2016 Cyber Resilience Guidance still the operative international standard for FMI cyber resilience, or has it been revised or updated?
Source regulation: Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016) (Regulator portal: https://www.bis.org)
What AI assistants typically say: Multiple AI tools gave similar incorrect responses, stating that the 2016 Guidance remains the operative international standard and has not been formally revised or superseded — presenting it as the current, canonical document without qualification.
What the regulator actually says: A BIS press release of 6 May 2026 confirms that CPMI-IOSCO published a consultative document for public comment on updated guidance. The 2016 guidance is under active revision as of May 2026.
Why the AI went wrong: AI tools' training data did not capture the May 2026 consultative publication, and the tools did not surface or flag any uncertainty about whether recent developments might affect the answer. The result was a confident, unqualified assertion of currency that was factually incorrect at the time of the response.
Cited source(s):

Impact for this audience

A Corporate Banking Compliance function that accepts AI tools' unqualified assurance that the 2016 Cyber Resilience Guidance has not been revised may fail to engage with the May 2026 CPMI-IOSCO consultative document, missing the opportunity to respond to the consultation and to begin assessing what updated guidance will require. More immediately, board-level attestations, regulatory submissions, and internal control frameworks produced in mid-2026 that describe the 2016 guidance as the current operative standard will be factually incorrect — exposing the firm to regulatory criticism, the need to re-file or correct affected documents, and the costs of an accelerated internal review once the revision process concludes.

References — raw findings (per AI model)

RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022-Opus47 Claude Opus 4.7 (web search on)
RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022-Sonnet46 Claude Sonnet 4.6 (web search on)

This finding also affects

← Previous finding Finding 1. Definitional consistency between the 2016 Cyber Guidance and the FSB Cyber Lexicon

Cite this finding

Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.

Plain text

RegLeg Specialist Panel (2026). "Currency of the CPMI-IOSCO 2016 Cyber Resilience Guidance — Corporate Banking × Compliance — International / Multilateral." Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022. RegLegBrief AI Hallucination Research, published 2026-05-28. https://reglegbrief.com/audiences/sectors/int/corporate_banking/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-022/

APA 7th edition

RegLeg Specialist Panel. (2026). Currency of the CPMI-IOSCO 2016 Cyber Resilience Guidance [Hallucination finding RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/audiences/sectors/int/corporate_banking/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-022/

Bluebook / OSCOLA (US + UK legal)

RegLeg Specialist Panel, Currency of the CPMI-IOSCO 2016 Cyber Resilience Guidance [RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022], RegLegBrief AI Hallucination Research (May 28, 2026), https://reglegbrief.com/audiences/sectors/int/corporate_banking/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-022/.

BibTeX

@misc{reglegbrief_RLB_F_INT_BIS_CPMI_IOSCO_CYBER_RESILIENCE_FMI_2016_Q022,
  author    = {RegLeg Specialist Panel},
  title     = {Currency of the CPMI-IOSCO 2016 Cyber Resilience Guidance},
  year      = {2026},
  publisher = {RegLegBrief AI Hallucination Research},
  note      = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022},
  url       = {https://reglegbrief.com/audiences/sectors/int/corporate_banking/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-022/}
}

← Back to case study summary Case study detail →

About Citation IDs →