← Take me back to my Governance & Company Secretarial × Investment Banking (INT) overview
AI on Principles for Financial Market Infrastructures (PFMI) for Governance & Company Secretarial teams at Investment Banking firms in international jurisdictions
Executive Summary
The Principles for Financial Market Infrastructures (PFMI), published by the Committee on Payments and Market Infrastructures (CPMI) and IOSCO, sets internationally recognised governance and risk management standards for central counterparties, payment systems, and other financial market infrastructures — standards that investment banking firms operating across jurisdictions must understand in order to assess their obligations as participants in, and overseers of, those infrastructures. Governance and Company Secretarial teams are directly implicated: board committee structures, risk oversight mandates, and the distinction between mandatory and conditional requirements all fall within their remit. In our research, AI tools were tested on questions from this regulation and produced incorrect answers — in one aggregated case, the AI presented fabricated cited text and an invented key concept number as if they were established regulatory fact. The failure pattern centres on the AI's inability to reliably distinguish what the regulation actually mandates from what it recommends, a distinction that carries material consequences for board papers, governance policy documents, and regulatory submissions.
How AI gets this regulation wrong
The table below catalogues how AI tools erred when asked about this regulation's governance requirements. The dominant failure in our research was the AI inventing specific regulatory citations — assigning a precise key-concept number and fabricating quoted regulatory language — and presenting them with enough confidence that the error only surfaced when the AI was challenged directly. Even then, the AI acknowledged uncertainty rather than withdrawing the answer, which means the initial response remains the one most likely to be acted upon.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| AI confidently answered incorrectly; when challenged, it admitted it didn't really know — right or wrong | 1 | Finding#1 |
What that means for your team
The table below maps how AI errors on this regulation translate into concrete risk for Governance and Company Secretarial teams at investment banking firms. When the AI misrepresents whether a governance requirement is mandatory or conditional, the most direct consequence is a wrong deliverable — a board policy, a governance framework update, or a regulatory mapping document that misstates what the PFMI actually requires. For teams that support board-level oversight of infrastructure participation and risk committee composition, that mismatch can propagate through governance documentation without triggering an obvious red flag until a regulatory review or board challenge exposes it.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Wrong deliverable | 1 | Finding#1 |
When this affects your department
Governance and Company Secretarial teams at investment banking firms encounter the PFMI most often when the firm participates in, accesses, or evaluates its relationship with financial market infrastructures — central counterparties, payment systems, securities settlement systems — that are themselves subject to these principles. The team may be asked to confirm what governance standards the firm should expect those infrastructures to meet, to help draft board papers on oversight obligations, or to map PFMI requirements against internal governance policies and committee charters. Increasingly, teams are using AI tools to accelerate the initial research leg of this work: getting a quick read on what a specific principle requires before engaging legal or compliance teams for formal sign-off.
Where AI tools are used in this way, the risk is that a plausible-sounding but incorrect answer becomes the working assumption that frames all subsequent analysis. The specific failure we documented — the AI fabricating a precise regulatory reference (a key-concept sub-number and accompanying quoted text) that does not exist in the regulation — is particularly hazardous in this context. A Governance or Company Secretary relying on that answer to draft a board paper on risk committee obligations under PFMI Principle 2 would produce a document asserting that a particular governance arrangement is "conditional" when the regulation may in fact treat it differently. That framing then passes to the board, to minutes, and potentially to regulators or counterparties as the firm's stated governance position.
The stakes are amplified by the international scope. Investment banking firms operating across jurisdictions may face PFMI-aligned requirements through multiple regulators simultaneously — domestic central bank guidance, IOSCO-consistent rules, and bilateral requirements from foreign regulators — all of which track back to the same source document. An error in understanding a foundational PFMI principle can therefore cascade across multiple regulatory frameworks and governance documents in parallel, requiring coordinated remediation rather than a single correction.
The findings at a glance
The table below summarises each finding from our research on this regulation for this audience, including the question area tested, the type of AI failure observed, and the risk category that failure creates for Governance and Company Secretarial teams at investment banking firms.
| # | Finding title | Type | Citation ID |
|---|---|---|---|
| 1 | PFMI Principle 2 board risk committee — mandatory vs conditional | Hallucination | RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q022 |
Aggregate impact
The error pattern we observed on this regulation clusters tightly around the AI's handling of governance specificity: rather than acknowledging the limits of its knowledge of a detailed regulatory text, the AI supplied invented precision — a fabricated key-concept reference and quoted regulatory language — as a substitute for actual content. This failure mode is especially consequential on a regulation like the PFMI, which is a dense technical document where the difference between a "should" and a "shall", or between a numbered key consideration and a general principle, carries direct legal significance for how obligations are structured and disclosed.
For Governance and Company Secretarial teams, the systemic risk is not simply that one answer is wrong. It is that the AI's confident, structured presentation of the incorrect answer closely mimics the format of a well-researched regulatory summary. The invented citation — presented as a specific key concept with a sub-number — is indistinguishable in format from a genuine regulatory reference. Without independent verification against the PFMI text itself, a team working under time pressure has limited means to detect the error before it is embedded in board documentation.
The broader pattern across this regulation's findings suggests that AI tools perform worst precisely where Governance and Company Secretarial teams most need accuracy: the mandatory versus conditional distinction, the specific committee requirements attached to individual principles, and the interplay between the PFMI's overarching standards and the detailed key considerations that operationalise them. These are not edge questions — they are the core of what the regulation says about FMI board governance, and they are exactly the questions a team is most likely to ask when updating governance frameworks or advising senior leadership.
Findings
Hallucinations (1)
Finding#1 — PFMI Principle 2 board risk committee — mandatory vs conditional
- Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q022
- AI's failure: AI confidently answered incorrectly; when challenged, it admitted it didn't really know — right or wrong
- Risk for Governance & Company Secretarial at Investment Banking: Board pack, statutory filing, or AGM resolution rests on a procedural rule that doesn't exist
- see this finding →
What your team should do
The default position for Governance and Company Secretarial teams should be to treat AI-generated answers on PFMI governance requirements as a starting point for research orientation, not as a reliable source for the content of specific obligations. The PFMI is available in full from the BIS website, and its structure — principles, key considerations, and explanatory notes — is designed to be read directly. Any question about whether a specific requirement is mandatory or conditional, or about what a numbered key consideration actually says, should be resolved by reading the source text rather than relying on an AI summary of it.
Where AI tools add genuine value in this workflow is at the framing stage: identifying which principles are likely to be relevant to a specific governance question, suggesting the categories of obligation worth examining, or drafting the structure of a board paper before the specific regulatory content is filled in from primary sources. Teams can also use AI to help explain the broader policy rationale behind PFMI principles — why certain governance structures are encouraged, what systemic risk considerations drive the framework — since this contextual framing is less vulnerable to the fabrication risk that affects specific citation and mandatory/conditional determinations.
The practical safeguard for any work product that will be presented to the board or submitted to a regulator is a verification step against the PFMI text itself, explicitly documented in the drafting record. Where the AI has supplied a specific citation — a principle number, a key consideration reference, a quoted phrase — that citation should be located and confirmed in the published document before it is included in any governance document. Given that the AI we tested admitted uncertainty when challenged on its fabricated reference, teams should also consider a simple challenge protocol: asking the AI to identify the exact source and page location for any specific claim, and treating an evasive or hedged response as a signal to verify independently.
How RLB Can Help
RegLeg's published Hallucination Research gives Governance & Company Secretarial teams a structured pre-flight check before relying on AI tools for regulatory questions. Before an AI-assisted board pack, disclosure review, or statutory filing is finalised, the research identifies precisely which areas of the regulatory text — filing deadlines, directorship thresholds, consent and notification triggers — have historically generated confident but incorrect AI output. That forewarning lets the team apply targeted human scrutiny rather than blanket scepticism, making AI assistance genuinely efficient without importing undetected compliance risk into governance workflows.
Beyond the published research, RegLeg works with Investment Banking firms on bespoke regulator deep-dives that map AI-supported workflows within the Governance & Company Secretarial function to their actual hallucination exposure. Activities such as drafting board resolutions, tracking regulatory change for director briefings, or coordinating cross-border subsidiary compliance carry different risk profiles, and the deep-dive surfaces which ones warrant additional controls or independent verification steps. RegLeg also conducts a confidential review of the firm's existing AI-use policy against the RegLeg failure-mode catalogue, delivering a prioritised remediation plan that distinguishes low-risk efficiency gains from higher-risk applications where AI output should be treated as a first draft only.
For teams that want to build durable in-house capability, RegLeg develops training material and CPD-aligned content tailored to the Governance & Company Secretarial context. This covers how to interpret AI-generated regulatory summaries critically, how to structure escalation where AI confidence is high but human verification is essential, and how to document AI-assisted decision-making in a manner consistent with good governance standards. The material can be delivered as standalone workshops or integrated into the firm's existing compliance training calendar.