This is the consolidated view of findings. Click 'see details →' on any item for the full details for each finding.
A Technology & Data team relying on this AI response might build a cyber resilience framework that lists NIST CSF, COBIT, and ISO/IEC 27001 alignment as CPMI-IOSCO requirements, include those frameworks in supplier due-diligence questionnaires, or represent to the business that the guidance mandates alignment with named external standards. If regulators or auditors review the firm's programme against the actual CPMI-IOSCO text, the firm faces the cost of unwinding incorrectly stated obligations, rewriting affected policies, and potentially explaining to its board or a regulator why its regulatory mapping was based on unverifiable claims. The BIS and national supervisors overseeing firms with FMI-adjacent activity have authority to require remediation of inadequate cyber resilience frameworks.
see details →A Technology & Data team that treats this AI response as accurate may design its incident response and recovery programme to the detailed checklist the AI describes — including specific recovery time objectives and secondary site requirements — believing those requirements originate in the 2016 guidance rather than in the FSB's 2020 successor document. This creates a compliance mapping gap: the firm's programme may reference the wrong source document, or fail to engage with the FSB 2020 guidance at all, leaving genuine operational obligations unaddressed. The cost of discovering this error during a regulatory review or incident debrief — when the firm's documented basis for its recovery programme is found to mischaracterise the regulatory source — includes remediation of affected documentation, potential regulatory scrutiny of the adequacy of the programme itself, and business interruption if recovery procedures must be revised.
see details →