← Take me back to my Compliance × Investment Banking (INT) overview
AI on Principles for Financial Market Infrastructures (PFMI) for Compliance teams at Investment Banking firms in international jurisdictions
Executive Summary
The Principles for Financial Market Infrastructures (PFMI), published by the Committee on Payments and Market Infrastructures (CPMI) and IOSCO, sets the global risk-management standards that central counterparties (CCPs), central securities depositories, and payment systems are required to meet — standards that directly shape the obligations and exposures of every investment bank that participates in those infrastructures. Compliance teams at international investment banking firms regularly need precise, document-level detail from PFMI texts and associated guidance to map obligations, draft participation agreements, and respond to regulatory enquiries across multiple jurisdictions. Across the two questions examined for this audience, AI tools were unable to retrieve verbatim content, specific thresholds, or internal cross-references from the underlying PDF publications — producing responses that were honestly incomplete rather than confidently wrong, but which left the team without the precise material they needed. In both cases the failure mode was a knowledge gap: AI tools acknowledged they could not access the document at paragraph level and declined to fabricate, meaning the compliance workflow stalled at the exact point where regulatory precision matters most. The practical consequence is a class of AI limitations that are invisible until the team has already committed to a research path — and that create disproportionate risk when undetected in time-pressured regulatory work.
How AI gets this regulation wrong
For the PFMI and its associated guidance documents, the AI failures we observed were not cases of confident misinformation — the AI tools tested acknowledged their own limits and declined to provide verbatim text they could not reliably access. The pattern across this regulation is one of knowledge gaps at the document level: AI tools carry working familiarity with the PFMI framework but cannot reliably retrieve specific paragraph text, exact thresholds, or numbered cross-references from the underlying PDF publications, even when web search was available. The table below shows how those gaps map to distinct failure types across the questions put to AI in this cell.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| AI couldn't find the real answer even with web search enabled | 2 | Finding#1 . Finding#2 |
What that means for your team
For a Compliance team at an international investment banking firm, the PFMI knowledge gaps identified here translate most directly into a wrong-deliverable risk: the team asks AI to support a work product requiring document-level precision and receives an answer that is acknowledged as incomplete, halting the workflow without warning. Because PFMI compliance obligations are often embedded in CCP membership agreements, exchange participation rules, and cross-border regulatory submissions where specific thresholds and cross-references carry legal weight, an incomplete AI answer that is acted upon — or that causes the team to underestimate what verification remains outstanding — can carry material consequences. The table below maps each finding to the practical risk category it represents for the Compliance function.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Wrong deliverable | 2 | Finding#1 . Finding#2 |
When this affects your department
Compliance teams at international investment banking firms engage with the PFMI across a wide range of recurring workflows. When onboarding to a new CCP or reviewing an existing clearing membership in a foreign jurisdiction, the team must map the CCP's rulebook against the PFMI principles and any associated CPMI-IOSCO guidance to confirm that the infrastructure meets the standards their internal policies — and home-jurisdiction regulators — require. When a business line proposes a new cleared product, or when a jurisdiction adopts amended PFMI implementation rules, the Compliance function is expected to produce a written assessment that references specific PFMI text. In cross-border regulatory submissions or in responses to supervisory enquiries about a bank's CCP exposures, precision at the paragraph and threshold level is not optional — regulators expect citations, not summaries.
AI tools are a natural first step in those workflows because the PFMI framework is large (the main principles document, the methodology, and a substantial library of guidance papers on specific topics including CCP resilience, recovery, and resolution) and because consultative reports issued ahead of binding standards often contain the analytical reasoning that regulators later cite in enforcement. A Compliance team that uses AI to navigate that library quickly — checking which guidance paper addresses a specific risk category, or asking what thresholds appear in a particular document — is working efficiently, provided AI's answers are accurate and complete.
The risk uncovered here is that AI tools tested on the PFMI and its associated guidance could not retrieve verbatim content, specific numerical thresholds, or internal cross-references from the PDF documents at the heart of the framework. If a Compliance officer uses an AI response as the basis for an internal policy memo, a cleared-product assessment, or a submission to a home or host regulator without independently verifying the underlying source text, the firm may submit documentation that misrepresents the applicable standard. In regulated contexts, that creates remediation cost, regulatory friction, and — where a breach of a PFMI-aligned clearing obligation flows through — potential exposure to clearing suspension or capital add-ons that were not anticipated in the firm's risk planning.
The findings at a glance
The table below summarises each finding in this cell — the question area, what the AI produced, and the citation status of the sources referenced — giving the Compliance team a quick reference for the specific PFMI topics where AI tools have demonstrated knowledge limits.
| # | Finding title | Type | Citation ID |
|---|---|---|---|
| 1 | CCP resilience and recovery consultative report — verbatim content gap | Blind spot | RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q023 |
| 2 | IOSCO co-published PFMI — verbatim content gap | Blind spot | RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q026 |
Aggregate impact
Both findings in this cell follow the same pattern: when asked for verbatim text, specific thresholds, or numbered cross-references from key PFMI publications, AI tools correctly identified that they could not access the document at paragraph level and declined to provide the requested content rather than inventing it. That honesty is meaningful — it prevents the most dangerous form of AI error — but it does not make the outcome safe for the Compliance function. A workflow that reaches an acknowledged dead end at the point of regulatory precision is a workflow that has consumed time and created a false sense of progress.
The two documents at the centre of these findings cover distinct but related territory. One is the consultative report on CCP resilience and recovery issued in 2016 — a document that shaped the subsequent binding guidance on how CCPs manage stress and what banks can expect from CCP default management processes. The other is the IOSCO co-published edition of the PFMI itself. Both are core reference documents for any Compliance team maintaining a multi-jurisdictional CCP framework, and both sit at a level of detail — specific thresholds, named cross-references, numbered paragraphs — that AI tools cannot reliably reproduce from their training data alone, even when given access to web search.
For an international investment banking firm, the systemic risk is one of over-reliance compounded by jurisdictional breadth. A Compliance team covering CCP memberships across several jurisdictions may interact with PFMI text in a dozen different contexts — regulatory mapping, policy drafting, product approvals, supervisory responses — and a gap in AI's document-level recall of the core framework creates a latent error source that is easy to overlook because the AI's high-level descriptions of PFMI principles are often accurate and confident. The risk materialises when that surface-level accuracy leads the team to trust AI on the details that actually determine compliance outcomes.
Findings
Blind spots (2)
Finding#1 — CCP resilience and recovery consultative report — verbatim content gap
- Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q023
- AI's failure: AI couldn't find the real answer even with web search enabled
- Risk for Compliance at Investment Banking: Compliance manual, monitoring plan, or attestation rests on a rule that doesn't say what AI claimed
- see this finding →
Finding#2 — IOSCO co-published PFMI — verbatim content gap
- Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q026
- AI's failure: AI couldn't find the real answer even with web search enabled
- Risk for Compliance at Investment Banking: Compliance manual, monitoring plan, or attestation rests on a rule that doesn't say what AI claimed
- see this finding →
What your team should do
The default position for PFMI work should be that AI tools are reliable for orientation and unreliable for precision. AI can be used safely to identify which PFMI principles are relevant to a given topic area, to map the general structure of the framework, or to generate a first-pass list of questions to investigate — tasks where conceptual accuracy is sufficient and where the output will be independently verified before it goes anywhere. It should not be trusted for verbatim text, specific numerical thresholds, paragraph numbers, or internal cross-references without independent verification against the published source documents, because the findings here confirm that AI tools cannot consistently access those details even when they have web search available.
For workflows that require document-level precision — policy memos citing specific PFMI paragraphs, cleared-product assessments referencing particular thresholds, responses to supervisory questions — the team should build a direct-source verification step into the standard process rather than treating it as an optional check. CPMI publishes the full PFMI text, methodology, and associated guidance papers on the BIS website (www.bis.org), and IOSCO co-publishes the main framework document. Both are freely accessible in PDF form. The practical safeguard is a team protocol: any AI-generated PFMI reference that will appear in an external document or regulatory submission must be traced back to the published PDF before sign-off.
AI tools remain genuinely useful in the PFMI compliance workflow for the orientation tasks described above, and also for drafting standard-form explanatory text where exact regulatory language is not required — for example, internal training materials that explain the purpose of a PFMI principle in plain language, or initial scoping summaries that will be reviewed by a subject-matter expert before use. The discipline is knowing which outputs require a source check and building that check into the workflow rather than leaving it to individual judgment at the moment of use.
How RLB Can Help
RegLeg's published Hallucination Research gives Compliance teams at investment banks a practical pre-flight check before acting on AI-generated regulatory output. Because the research spans regulators across multiple jurisdictions and documents the specific failure modes that occur when AI tools engage with financial services rules, Compliance staff can consult the findings as an independent reference — confirming where AI-assisted research is reliable, and flagging the regulatory domains where confident-sounding output has most frequently proved incorrect.
For firms that want to go further, RegLeg offers bespoke regulator deep-dives scoped to the workflows your Compliance function actually relies on. This means mapping which AI-supported activities — regulatory horizon scanning, policy gap analysis, transaction monitoring guidance, or senior manager accountability queries — carry the highest hallucination exposure in your specific operating environment, and prioritising attention accordingly. Where an investment bank is subject to a regulator whose track record in the published research gives cause for caution, that context is built into the engagement from the outset.
RegLeg also works with Compliance teams on a confidential review of existing AI-use policies, assessing them against a structured failure-mode catalogue drawn from the research. The output is a prioritised remediation plan that identifies gaps in current oversight controls and suggests practical adjustments — including escalation triggers, secondary-verification requirements, and human sign-off thresholds suited to a regulated institution. Firms that have completed the review have used the findings directly as the basis for CPD-aligned internal training, giving Compliance staff the working knowledge they need to apply appropriate scepticism to AI tools without abandoning the efficiency gains they provide.