← Take me back to my Governance & Company Secretarial × Payment Institutions (INT) overview

AI on Principles for Financial Market Infrastructures (PFMI) for Governance & Company Secretarial teams at Payment Institutions firms in international jurisdictions

Executive Summary

The Principles for Financial Market Infrastructures (PFMI), published by the Committee on Payments and Market Infrastructures (CPMI) and IOSCO, is the international standard governing the design, operation, and oversight of systemically important financial market infrastructures — including payment systems, central counterparties, and securities settlement systems. For Governance and Company Secretarial teams at Payment Institutions firms operating across international jurisdictions, the PFMI sets the baseline against which board governance structures, risk committee mandates, and disclosure obligations are assessed by regulators and counterparties alike.

Across the two questions put to AI assistants on this regulation, AI tools produced one confirmed hallucination and one documented blind spot. The hallucination involved AI tools inventing a specific citation and fabricating quoted regulatory text about board risk committee obligations — text that does not appear in the source document. The blind spot involved AI tools correctly acknowledging they could not retrieve verbatim content from the co-published IOSCO disclosure framework, leaving teams without the precise thresholds and cross-references they needed.

Both failures strike at governance-critical questions: whether a risk committee is mandated, and what the disclosure framework actually requires in precise terms. Either error, carried into board papers, governance frameworks, or regulatory mapping exercises, exposes the firm to material compliance and reputational risk.

How AI gets this regulation wrong

AI assistants struggle with the PFMI in two distinct ways: inventing specific regulatory citations and quoted text with apparent confidence, and being unable to retrieve the precise verbatim content of co-published framework documents even when web search is available. The table below breaks down how these failure modes distribute across the findings in this cell.

What that means for your team

For Governance and Company Secretarial teams at Payment Institutions firms, AI errors on the PFMI translate into two distinct categories of operational harm: regulatory enforcement exposure when fabricated governance requirements are embedded in board-level documents, and wasted effort or wrong deliverables when teams cannot access the precise standards they need to fulfil disclosure and self-assessment obligations. The table below maps each finding to the risk category it creates for the firm.

When this affects your department

Governance and Company Secretarial teams at Payment Institutions firms in international jurisdictions regularly encounter the PFMI when establishing or reviewing board committee structures, drafting terms of reference for risk and audit committees, preparing regulatory mapping documents for new payment system activities, and supporting the firm's self-assessment against applicable PFMI principles. Teams may also consult AI tools when preparing board papers that reference international governance standards, when briefing non-executive directors on the regulatory baseline, or when responding to due-diligence questionnaires from central bank overseers or correspondent institutions.

When AI assistants produce errors on these questions, the consequences flow directly into governance infrastructure. A board paper that mischaracterises a PFMI governance obligation as conditional rather than mandatory — or cites a specific sub-provision that does not exist — may remain unchallenged until a regulatory examination or third-party assessment surfaces the discrepancy. Payment Institutions that operate under PFMI-aligned oversight regimes (whether directly or through jurisdictional transposition) face supervisory scrutiny of their governance arrangements; an inaccurate internal framework built on a fabricated AI citation is difficult and costly to unwind once it has been approved at board level.

The disclosure framework dimension compounds this risk. Payment Institutions that need to complete PFMI-based self-assessments or respond to regulator requests for disclosure against specific PFMI principles require verbatim accuracy on thresholds, cross-references, and assessment methodology. If AI tools cannot retrieve that precision and the team does not recognise the gap, the firm may submit an assessment built on paraphrased or generalised content rather than the actual standard — a material deficiency in any regulatory review.

The findings at a glance

The two findings below cover the questions put to AI assistants on the PFMI that are most relevant to Governance and Company Secretarial teams at Payment Institutions firms — one producing a hallucination with a fabricated citation, one producing a blind spot on verbatim framework content.

Aggregate impact

The two findings in this cell cluster on a single underlying problem: AI assistants cannot reliably access the PFMI's source documents at the level of precision that governance work requires. The PFMI and its co-published IOSCO disclosure framework are detailed PDF publications; AI tools have limited or no reliable access to their verbatim text at the sub-provision level. This produces two failure paths — fabrication when the AI attempts to answer with confidence despite the gap, and an honest blind spot when the AI correctly acknowledges it cannot retrieve the content but leaves the team without the information it needs.

What distinguishes these findings for Governance and Company Secretarial teams is that both failures strike at the regulatory architecture questions the function is specifically responsible for getting right. Whether a risk committee is mandated under PFMI Principle 2 is not a peripheral detail — it is the kind of governance requirement that feeds directly into terms of reference, board approval processes, and regulatory correspondence. The AI's fabricated citation (attributing a "should consider" formulation to a specific sub-provision it invented) is particularly dangerous because it reaches a conclusion that is plausible in tone and defensible-sounding in form, while being unverifiable and incorrect in substance.

Across both findings, the systemic risk for Payment Institutions firms is that the PFMI's international scope creates an environment where teams may rely on AI assistants precisely because in-house expertise on the source standard is limited. The more a team depends on AI to fill that expertise gap, the more exposed it is to errors that no internal check will catch — because the team consulted AI in the first place due to a lack of in-house familiarity with the document.

Findings

Hallucinations (1)

Finding#1 — Fabricated PFMI board risk committee citation

• Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q022
• AI's failure: AI confidently answered incorrectly; when challenged, it admitted it didn't really know — right or wrong
• Risk for Governance & Company Secretarial at Payment Institutions: Companies registry or listing authority action against the Payment Institutions entity
• see this finding →

Blind spots (1)

Finding#2 — Blind spot on IOSCO disclosure framework verbatim content

• Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q027
• AI's failure: AI couldn't find the real answer even with web search enabled
• Risk for Governance & Company Secretarial at Payment Institutions: Board pack, statutory filing, or AGM resolution rests on a procedural rule that doesn't exist
• see this finding →

What your team should do

The default position for Governance and Company Secretarial teams using AI tools on PFMI questions should be to treat any AI-generated statement about specific sub-provisions, key consideration numbering, or quoted regulatory text as unverified until traced to the published source document. The PFMI and its associated IOSCO co-publications are publicly available from the BIS website; for any governance question with a board-level or regulatory consequence, teams should retrieve the relevant section directly from the source PDF rather than accepting an AI summary at face value.

A practical safeguard for the most common use cases: when drafting terms of reference for board committees or preparing regulatory mapping documents, use AI tools for structural scaffolding and drafting assistance only — not as the source of record for what the PFMI actually requires. If the AI cites a specific key consideration number or quotes regulatory text, flag it for manual verification before the document is circulated or approved. Where the AI acknowledges it cannot provide verbatim content, that is a signal to retrieve the source document directly; do not proceed on the basis of paraphrased AI summaries for precision-dependent outputs such as self-assessments or regulatory submissions.

AI tools remain useful for Governance and Company Secretarial workflows on the PFMI in areas that do not depend on sub-provision precision: drafting background briefings for board members, summarising the high-level structure of the PFMI's 24 principles, preparing first-draft agendas for governance reviews, or identifying which principles are most relevant to a given business activity. For those tasks, AI assistants can accelerate work substantially. The discipline is to know which tasks require source-level precision and to reserve those tasks for direct engagement with the CPMI and IOSCO published documents.

How RLB Can Help

RegLeg's published Hallucination Research is available free of charge and serves as a practical pre-flight check for Governance and Company Secretarial teams at payment institutions before placing reliance on AI-assisted output on regulatory questions. The research identifies specific failure modes — including confidently stated but inaccurate procedural rules, misattributed board obligations, and outdated licensing thresholds — that arise when AI tools are applied to payment regulation. Reviewing the relevant findings before drafting board papers, statutory filings, or regulatory correspondence takes minutes and materially reduces the risk of importing an AI error into a document that carries the firm's name.

Beyond the published research, RegLeg works directly with payment institution governance teams on bespoke regulator deep-dives that map AI-supported workflows to their actual hallucination exposure. This typically covers the workflows where Governance and Company Secretarial functions most commonly turn to AI tools: drafting board minutes and committee terms of reference, tracking regulatory change for director briefings, preparing licensing and authorisation submissions, and maintaining the corporate record against evolving jurisdictional requirements. The output is a prioritised exposure map specific to the firm's operational footprint and the regulators it faces, not a generic framework.

Where a firm already has an AI-use policy in place, RegLeg offers a confidential review against our failure-mode catalogue, with prioritised remediation recommendations the Governance and Company Secretarial team can act on without external disclosure. We also develop training material and CPD-aligned content tailored to the governance function — giving the team a shared reference point for where AI tools can be used with confidence, where additional verification steps are warranted, and how to document that judgement in a way that satisfies regulatory expectations around AI governance.

Where to next

• Are other sectors / departments in international jurisdictions also affected? →

• Does this affect Governance & Company Secretarial teams in other jurisdictions? →

• Which other sectors / departments are impacted by CPMI-IOSCO-PFMI-2012? →