AI Hallucination ResearchAudiencesSectorsInternational / MultilateralCorporate BankingTechnology DataDetail › Finding
Corporate Banking × Technology Data — International / Multilateral · published 2026-05-28 · methodology v2.1

Detail level of incident response and recovery provisions in the 2016 Guidance

RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019
What the RLB Specialist Panel found

2. Detail level of incident response and recovery provisions in the 2016 Guidance

  • Question (paraphrased to protect IP): Does the CPMI-IOSCO 2016 Cyber Guidance specify detailed operational practices for cyber incident response and recovery, or is that level of detail addressed by a later document?
  • Source regulation: Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016) (Regulator portal: https://www.bis.org)
  • What AI assistants typically say: AI tools answer affirmatively that the 2016 guidance dedicates specific sections to incident response and recovery, characterising it as providing detailed expectations for financial market infrastructures — including a cyber incident response plan, the 2-hour recovery time objective, secondary site requirements, recovery and resumption planning, and communication protocols during incidents.
  • What the regulator actually says: The FSB published "Effective Practices for Cyber Incident Response and Recovery" in October 2020 — four years after the 2016 CPMI-IOSCO Cyber Resilience Guidance — and that later document contains operational detail for the response and recovery phase that goes beyond what the 2016 guidance specifies.
  • Why the AI went wrong: The AI overclaimed the detail level of the 2016 document, presenting it as the source of granular operational requirements without acknowledging that a subsequent document was needed precisely because the 2016 guidance did not provide that depth. The response did not account for the gap-filling role of the FSB 2020 publication.
  • Cited source(s):
Impact for this audience

A Technology & Data team that treats this AI response as accurate may design its incident response and recovery programme to the detailed checklist the AI describes — including specific recovery time objectives and secondary site requirements — believing those requirements originate in the 2016 guidance rather than in the FSB's 2020 successor document. This creates a compliance mapping gap: the firm's programme may reference the wrong source document, or fail to engage with the FSB 2020 guidance at all, leaving genuine operational obligations unaddressed. The cost of discovering this error during a regulatory review or incident debrief — when the firm's documented basis for its recovery programme is found to mischaracterise the regulatory source — includes remediation of affected documentation, potential regulatory scrutiny of the adequacy of the programme itself, and business interruption if recovery procedures must be revised.

References — raw findings (per AI model)
This finding also affects
← Previous finding Finding 1. NIST Cybersecurity Framework citation in the CPMI-IOSCO 2016 Guidance
Cite this finding

Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.

Plain text 
RegLeg Specialist Panel (2026). "Detail level of incident response and recovery provisions in the 2016 Guidance — Corporate Banking × Technology Data — International / Multilateral." Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019. RegLegBrief AI Hallucination Research, published 2026-05-28. https://reglegbrief.com/audiences/sectors/int/corporate_banking/technology_data/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019/
APA 7th edition 
RegLeg Specialist Panel. (2026). Detail level of incident response and recovery provisions in the 2016 Guidance [Hallucination finding RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/audiences/sectors/int/corporate_banking/technology_data/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019/
Bluebook / OSCOLA (US + UK legal) 
RegLeg Specialist Panel, Detail level of incident response and recovery provisions in the 2016 Guidance [RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019], RegLegBrief AI Hallucination Research (May 28, 2026), https://reglegbrief.com/audiences/sectors/int/corporate_banking/technology_data/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019/.
BibTeX 
@misc{reglegbrief_RLB_F_INT_BIS_CPMI_IOSCO_CYBER_RESILIENCE_FMI_2016_Q019,
  author    = {RegLeg Specialist Panel},
  title     = {Detail level of incident response and recovery provisions in the 2016 Guidance},
  year      = {2026},
  publisher = {RegLegBrief AI Hallucination Research},
  note      = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019},
  url       = {https://reglegbrief.com/audiences/sectors/int/corporate_banking/technology_data/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019/}
}
← Back to case study summary Case study detail →
About Citation IDs →