<- Take me back to my Risk teams at Corporate Banking firms (International) overview
Executive Summary
Risk teams at Corporate Banking firms are increasingly using AI to manage risk on the October 2024 CPMI final report on FPS interlinking governance, recorded as publication d223. Two frontier AI models tested by the RLB Specialist Panel produced confident, citable answers on the count and scope of the report's oversight recommendations, the named list of public consultation respondents, and the distinction between the interim d219 and the final d223 that the regulator's own primary text directly contradicts.
This cell collects the relevant hallucination findings on the October 2024 CPMI final report, organised for risk teams at corporate banking firms working on FPS interlinking matters. Across the relevant findings the AI subjects produced confident, citable answers on questions ranging from the count of oversight recommendations to the named list of Annex 1 consultation respondents. Every finding in this cell is bound to verbatim regulator-issued source text held as primary substrate by the RLB Specialist Panel.
How AI gets this regulation wrong
The findings in this cell cluster around two failure shapes that recur across the October 2024 CPMI final report on FPS interlinking governance: inference drift on counts and named-entity lists (oversight recommendations, consultation respondents), and misstated rules on the scoping language that places certain cross-border payment models inside or outside the report's recommendation set. In each case the AI subject committed to a specific, citable, verbatim-looking answer where the regulator's own primary text in d223 records a different position.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| Ai Committed To Approximately 10 Oversight Recommendations Where The Final Repor | 1 | Finding#1 |
| Ai Scoped Single Access Point Gateway Arrangements Into The Report S Recommendat | 1 | Finding#2 |
| Ai Committed To Approximately 10 Oversight Recommendations And Conflated D219 S | 1 | Finding#3 |
What that means for your practice
Risk teams at Corporate Banking firms commonly use AI to: counterparty-risk memoranda on FPS interlinking exposures, board-paper risk sections on participation in interlinking arrangements, regulator-engagement notes on the d223 oversight regime, and risk-appetite framework inputs for cross-border FPS counterparties.
The risk concentrations across the 3 findings in this cell are summarised in the table below. Each entry maps the failure shape to its practical implications for Risk teams at Corporate Banking firms working on CPMI FPS interlinking governance matters.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Operational decision-support exposure on board briefings and oversight roadmaps anchored on a fabricated recommendation count | 1 | Finding#1 |
| Regulatory enforcement exposure where the deliverable asserts the report binds a model the regulator records as out of scope | 1 | Finding#2 |
| Operational decision-support exposure on oversight policy notes and supervisory roadmaps anchored on the wrong recommendation count and instrument status | 1 | Finding#3 |
When this affects Risk teams at Corporate Banking firms
Risk teams at Corporate Banking firms encounter the October 2024 CPMI final report when manage risk on board-level briefings, drafting oversight policy notes, preparing legal or operational opinions on cross-border interlinking arrangements, and producing stakeholder-engagement materials on the d223 outcome.
The specific findings in this cell map onto the most common questions Risk teams at Corporate Banking firms put to an AI tool on the October 2024 CPMI final report. First, what the count and scope of the report's oversight recommendations are. Second, which cross-border payment models the report's recommendations actually cover. Third, who the report's consultation respondents were. The AI subjects in this audit produced verbatim-looking answers on each that the regulator's own primary text in d223 directly contradicts.
The findings at a glance
The table below lists each finding from the AI testing on the CPMI October 2024 final report in this cell, showing the question area, the failure mode, and the immutable citation identifier for the underlying finding record.
Aggregate impact
The 3 findings in this cell, taken together, describe a specific pattern that Risk teams at Corporate Banking firms should expect to encounter when AI tools are used on the October 2024 CPMI final report. The AI subjects in this audit committed, with no hedging, to verbatim-looking answers on counts (oversight recommendations), named-entity lists (consultation respondents), and scope questions (which cross-border payment models the recommendations cover). In each case the AI subject had access to the regulator's source text at query time, and in each case the AI's output diverged from the source text on a specific, testable fact.
The pattern across the 3 findings points to a generation behaviour that Risk teams at Corporate Banking firms should treat as a near-certain failure mode in this practice area. When the question asks for a count of recommendations, a named list of consultation respondents, or a scoping statement on which payment models the report's recommendations cover, the AI subjects produced a coherent, structurally plausible answer with the wrong number, with fabricated respondent names, or with the wrong scoping treatment.
None of the AI outputs in this cell flagged uncertainty, recommended source verification, or declined to commit; each output reads as if the AI had directly retrieved the regulator's text.
For practising teams, the implication is that AI-assisted research on the CPMI October 2024 final report on FPS interlinking governance cannot be relied on for: the count of the oversight recommendations; the named list of consultation respondents; the scoping statement on the single access point and common platform models; or the distinction between the interim d219's ten considerations and the final d223's seven recommendations. Each of these is a question type the AI handles in a confident, fluent register, and each is a question type where the AI in this audit was wrong in ways the regulator's own text resolves.
Findings overview
What the AI got wrong
Finding 1: Misstated count of CPMI oversight recommendations in the October 2024 final report
Citation ID: RLB-H-INT-BIS-CPMI-CPMI-FPS-INTERLINKING-GOVERNANCE-2024-Q001-Opus47
For Corporate Banking risk officers reviewing FPS interlinking exposure, the AI's commitment to approximately ten oversight recommendations rather than the seven set out in CPMI d223 Section 5.2 lands directly in risk-framework updates, credit/operational risk committee briefings, client-portfolio exposure briefings, and the bank's CPMI guidance tracker. The wrong number anchors the team's planning on a fabricated compliance surface, drives over-implementation work against considerations carried over from the interim d219, and creates downstream inconsistencies between the team's d223 position and the recommendation set the regulator actually issued.
The risk concentrates in risk-framework reviews and credit-and-operational-risk briefings on the bank's exposure to FPS interlinking arrangements via corporate clients, where the count is a verifiable fact that supervisors, counterparties, and internal QC reviewers will check against the source.
AI's failure mode: AI committed to approximately 10 oversight recommendations where the final report sets out 7.
See the full per-finding analysis →
Finding 2: Single access point gateway model scoped into the report's recommendations (regulator records it as out of scope)
Citation ID: RLB-H-INT-BIS-CPMI-CPMI-FPS-INTERLINKING-GOVERNANCE-2024-Q003-Opus47
For Corporate Banking risk officers reviewing FPS interlinking exposure, the AI's commitment that the report's recommendations cover the single access point gateway model lands in risk-framework updates, credit/operational risk committee briefings, client-portfolio exposure briefings, and the bank's CPMI guidance tracker as a falsifiable scoping statement. CPMI d223 Section 2.2 and the Graph 2 caption record that the single access point and common platform models are not the focus of the report and are discussed only to a limited extent.
The AI's framing pulls an out-of-scope model inside the recommendation set, distorting the team's view of which arrangements the framework actually binds and exposing risk-framework reviews and credit-and-operational-risk briefings on the bank's exposure to FPS interlinking arrangements via corporate clients to a regulatory interpretation error that surfaces under supervisory review or counterparty challenge.
AI's failure mode: AI scoped single-access-point gateway arrangements into the report's recommendations where the regulator records them as out of scope.
See the full per-finding analysis →
Finding 3: Conflated interim d219 considerations with final d223 recommendations
Citation ID: RLB-H-INT-BIS-CPMI-CPMI-FPS-INTERLINKING-GOVERNANCE-2024-Q006-Opus47
For Corporate Banking risk officers reviewing FPS interlinking exposure, the AI's commitment to approximately ten oversight recommendations rather than the seven set out in CPMI d223 Section 5.2 lands directly in risk-framework updates, credit/operational risk committee briefings, client-portfolio exposure briefings, and the bank's CPMI guidance tracker. The wrong number anchors the team's planning on a fabricated compliance surface, drives over-implementation work against considerations carried over from the interim d219, and creates downstream inconsistencies between the team's d223 position and the recommendation set the regulator actually issued.
The risk concentrates in risk-framework reviews and credit-and-operational-risk briefings on the bank's exposure to FPS interlinking arrangements via corporate clients, where the count is a verifiable fact that supervisors, counterparties, and internal QC reviewers will check against the source.
AI's failure mode: AI committed to approximately 10 oversight recommendations and conflated d219's 10 considerations with d223's 7 recommendations.
See the full per-finding analysis →
AI's failure mode
Risk impact
What your team should do
Risk teams at Corporate Banking firms working on the CPMI October 2024 final report on FPS interlinking governance should treat AI tools as a research-prompt generator and outline-drafter, with a mandatory verification step against the d223 published text, the interim d219, and the BIS portal record before AI output enters a memo, board note, opinion, or external deliverable. The findings in this cell concentrate on the question types most exposed in this practice: count of recommendations, named list of respondents, and scope statements on which payment models the recommendations cover.
Practical safeguards: every recommendation count cited in a deliverable must be matched against d223 Section 5.2 directly: every named consultation respondent must be matched against d223 Annex 1: every scope statement on the single access point or common platform model must be matched against d223 Section 2.2 and the Graph 2 caption: every reference to the interim d219's ten considerations must be matched against the d219 executive summary directly, and must be kept distinct from d223's seven recommendations.
Where the AI tool quotes any of these elements as a verbatim-looking figure, name, or rule, the source document is the only reliable input.
Where AI tools are most safely used in this practice area: framing the structure of a memo on the d223 recommendations, identifying which sections of d223 and which adjacent CPMI instruments (such as the d224 API harmonisation companion) are likely relevant, drafting first-pass client-facing summaries for review against the source text, and surfacing cross-references between d223 and adjacent CPMI work. The risk concentrates in the next step, where the AI is asked to specify the actual count, the actual respondent list, or the actual scoping treatment. At that point the d223 source document is the only reliable input.
How RLB Can Help
RegLeg's published Hallucination Research is available as a free pre-flight check for Risk teams at Corporate Banking firms working across cross-border fast-payment, FPS interlinking, and CPMI oversight matters. Before relying on AI-assisted output for board briefings, regulatory interpretation, compliance documentation, or oversight roadmap work on the October 2024 CPMI final report, practitioners can consult the research to identify where AI tools have demonstrably misstated the rules: invented recommendation counts, fabricated consultation-respondent lists, and scoping treatments that pull out-of-scope payment models inside the recommendation set.
The research surfaces the exact questions where AI tools have failed, making it a practical reference rather than a general caution.
For firms where multiple teams are working the same regulatory portfolio, RegLeg offers bespoke deep-dives into individual CPMI instruments and related cross-border payment guidance. These engagements go beyond the published findings to examine the full pattern of AI failure modes relevant to the instrument: the question types, the failure mechanisms, and the risk implications for legal, compliance, risk, operations, and oversight-engagement work. The output is designed to be shared across functions and used as a durable reference, reducing duplicated due-diligence effort and creating a consistent internal standard for AI-assisted regulatory work.
RegLeg also develops training and CPD-aligned content for teams working CPMI and cross-border fast-payment matters. The material translates the failure-mode catalogue into practical guidance on the classes of error practitioners should watch for: confabulated regulatory counts, fabricated stakeholder lists, conflation of interim and final instruments, and scoping drift that distorts which payment models the recommendations cover. Separately, RegLeg offers a confidential review of a firm's existing AI-use policy against the failure-mode catalogue, identifying gaps between the policy's assumptions and the documented evidence of how AI tools perform on CPMI matters in practice.