AI Hallucinations Affecting Compliance Teams at Investment Banking Firms in international jurisdictions
This page aggregates AI hallucination findings affecting Compliance teams at Investment Banking firms in international jurisdictions across 2 regulation(s).
Findings overview
| Regulation | Hallucinations | Blind spots | Total |
|---|---|---|---|
| Guidance on Cyber Resilience for Financial Market Infrastructures | 2 | 0 | 2 |
| Principles for Financial Market Infrastructures (PFMI) | 0 | 2 | 2 |
| Total | 2 | 2 | 4 |
Guidance on Cyber Resilience for Financial Market Infrastructures
Hallucinations (2)
Currency of 2016 CPMI-IOSCO cyber resilience standard
-
AI's failure: AI gave outdated information as if it were current
-
Risk for Compliance at Investment Banking: Direct supervisory finding against the compliance function; section-166-style skilled person review possible
An AI tool told the Compliance team the 2016 CPMI-IOSCO Cyber Resilience Guidance 'has not been formally revised or superseded' — when CPMI-IOSCO had published a consultative document for updated guidance just 22 days earlier. Any internal policy review, board risk report, or FMI counterparty assessment that relied on this response would proceed on the assumption that the 2016 text is the settled, current standard — not one under active public consultation. For an investment bank operating across international jurisdictions, this creates direct regulatory enforcement exposure: supervisors who are themselves engaged with the consultation process will expect counterparts to be aware of the revision, and a firm that signals otherwise in regulatory correspondence or due-diligence submissions risks appearing inattentive to a systemic risk category that CPMI-IOSCO has flagged for update.
Active revision of 2016 CPMI-IOSCO cyber resilience guidance
-
AI's failure: AI gave outdated information as if it were current
-
Risk for Compliance at Investment Banking: Direct supervisory finding against the compliance function; section-166-style skilled person review possible
A second AI tool, tested independently, gave the same incorrect answer: the June 2016 CPMI-IOSCO guidance 'remains the operative primary international standard' and 'has not been formally revised or replaced.' The convergence of two AI tools on the same hallucination compounds the risk for a Compliance team that might treat agreement between tools as validation. Any downstream work product — a regulatory mapping, a supplier risk assessment, an internal training deck — that cites this AI response as authority will embed the same error. The firm's exposure is not limited to a single document: the 2016 guidance underpins how the bank assesses its FMI counterparties, how it responds to supervisory cyber resilience questionnaires, and how it frames its own cyber risk appetite. Remediation after the error is identified requires re-running each of those processes against the correct regulatory baseline.
Principles for Financial Market Infrastructures (PFMI)
Blind spots (2)
CCP resilience and recovery consultative report — verbatim content gap
-
AI's failure: AI couldn't find the real answer even with web search enabled
-
Risk for Compliance at Investment Banking: Compliance manual, monitoring plan, or attestation rests on a rule that doesn't say what AI claimed
When a Compliance team at an international investment banking firm asks AI tools for specific thresholds, paragraph cross-references, or verbatim text from the CPMI-IOSCO 2016 consultative report on CCP resilience and recovery, the AI correctly declines to fabricate content it cannot access — but the team is left without the precise information they needed. This document is a key reference for understanding how CCPs manage stress scenarios and what obligations flow to clearing members during a default management process, so Compliance teams working on CCP due diligence, new cleared-product approvals, or supervisory responses may find themselves unable to complete the task efficiently. If the team proceeds without recognising the gap — treating the AI's high-level summary as sufficient — an internal assessment or regulatory submission may omit or misstate a material threshold, creating remediation risk and the possibility of regulatory challenge when the firm's CCP risk framework is reviewed.
IOSCO co-published PFMI — verbatim content gap
-
AI's failure: AI couldn't find the real answer even with web search enabled
-
Risk for Compliance at Investment Banking: Compliance manual, monitoring plan, or attestation rests on a rule that doesn't say what AI claimed
When a Compliance team at an international investment banking firm asks AI tools for verbatim text, specific thresholds, or numbered cross-references from the IOSCO co-published edition of the PFMI, the AI acknowledges it cannot access the PDF at paragraph level and declines to provide the content — leaving the workflow incomplete at the point where regulatory precision is required. The IOSCO-published PFMI is a primary reference for Compliance teams working across jurisdictions where IOSCO membership and co-authorship carries direct regulatory weight, including in product approval processes and in multi-jurisdictional regulatory mapping exercises. A team that does not recognise this gap and relies on AI's accurate-but-imprecise summary-level knowledge risks producing policy documents or regulatory submissions that cannot be traced to authoritative source text, weakening the firm's position in any supervisory review and potentially triggering requests for remediation of non-compliant documentation.
Related case studies
Other sectors / departments in international jurisdictions
-
compliance_(superseded_pre_v2_3_full_regen)_2026-05-30 at Corporate Banking
-
technology_data_(superseded_pre_v2_3_full_regen)_2026-05-30 at Payment Institutions
-
compliance_(superseded_pre_v2_3_full_regen)_2026-05-30 at Statutory Boards & Agencies