← Take me back to my Legal × Payment Institutions (INT) overview
AI on Principles for Financial Market Infrastructures (PFMI) for Legal teams at Payment Institutions firms in international jurisdictions
Executive Summary
The Principles for Financial Market Infrastructures (PFMI), published by the Bank for International Settlements through its Committee on Payments and Market Infrastructures (CPMI), establish the global regulatory baseline for payment systems, central counterparties, and trade repositories — a framework directly operative for Legal teams at Payment Institutions firms navigating international obligations. When Legal professionals at Payment Institutions firms in international jurisdictions put AI tools to work on PFMI questions, our testing found that the AI failed to retrieve accurate, usable information on 1 aggregated question. The failure observed here is not a fabricated rule or an outdated citation: instead, the AI encountered a question it could not answer — returning an acknowledgement of its own limits rather than the requested regulatory detail. For a Legal team that relies on AI to surface primary source text quickly, this kind of retrieval gap means the team leaves a task incomplete and must invest additional time to obtain the information from the regulator directly.
How AI gets this regulation wrong
The table below sets out the ways AI tools fell short when tested against PFMI questions relevant to Legal teams at Payment Institutions firms. For this regulation, the failure pattern is one of retrieval rather than invention: the AI was unable to surface specific primary source content, even when web access was available, and acknowledged the gap rather than filling it with invented material. That kind of honest silence carries its own operational cost — the team still leaves empty-handed.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| AI couldn't find the real answer even with web search enabled | 1 | Finding#1 |
What that means for your team
The table below maps each AI failure to the specific operational risk it creates for a Legal team at a Payment Institutions firm working under PFMI obligations in international jurisdictions. For this regulation, the risk falls in the category of producing a wrong or incomplete deliverable — work product built on an AI answer that turned out to be empty or unavailable. In a Legal function where the accuracy of regulatory references feeds compliance advice, policy documents, and board-level reporting, a gap in retrieved content is not a minor inconvenience: it is a potential gap in the firm's regulatory position.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Wrong deliverable | 1 | Finding#1 |
When this affects your department
Legal teams at Payment Institutions firms operating across international jurisdictions consult the PFMI framework at several points in their working year. They use it when mapping the firm's payment infrastructure obligations against the baseline principles — particularly when assessing whether systems meet the requirements for credit risk, liquidity risk, and operational risk management set out in CPMI-IOSCO guidance. They return to it when regulators issue supplementary guidance, such as the 2022 stablecoin guidance that extended PFMI principles to new asset classes, and they need to understand exactly what was said and when — down to the specific language used in official communications. AI tools have become a practical shortcut for surfacing that kind of primary source detail quickly, without manual portal navigation.
The problem arises when the AI tool reaches the boundary of what it can retrieve. For a Legal team asking about the specific text of a regulatory press release or announcement — information that forms part of the evidentiary record of what the regulator said and when — an AI that cannot return the verbatim content leaves the team with an unanswered question. If that gap is not noticed, the team may draft internal guidance, board papers, or regulatory submissions that omit or misrepresent a material update to the PFMI framework. Payment Institutions firms operating in multiple jurisdictions face particular exposure here, because the CPMI-IOSCO guidance has been adopted unevenly and at different speeds, making the precise content and timing of regulatory statements directly relevant to legal analysis.
The risk compounds when AI limitations are not flagged internally. A Legal team member who receives an AI-generated briefing that simply does not address a question — rather than actively giving a wrong answer — may not immediately recognise the omission as a regulatory gap. The result can be compliance advice or product-launch legal opinions that treat a regulatory development as either unknown or unimportant, when in fact the information was available from the regulator's own portal and should have been included.
The findings at a glance
The table below summarises each finding from our testing of AI tools on PFMI questions relevant to Legal teams at Payment Institutions firms in international jurisdictions, showing the question area, the type of AI failure, and the risk it creates for the firm.
| # | Finding title | Type | Citation ID |
|---|---|---|---|
| 1 | BIS press release verbatim content — AI retrieval failure | Blind spot | RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q025 |
Aggregate impact
Across the PFMI findings relevant to this audience, the pattern we observed is not one of confident misinformation but of deliberate limitation: AI tools declined to provide the requested content, citing an inability to guarantee accuracy from a specific regulatory publication. Both tools tested gave substantively the same response — acknowledging that the question targeted a specific BIS press release and declining to quote it verbatim. This convergence is notable. It suggests the failure is systemic to how current AI tools handle requests for primary source text from regulatory portals, not a one-off failure of a single tool.
For Legal teams at Payment Institutions firms, this matters most when the question is about the record of what a regulator communicated and when — information that shapes how firms frame their compliance timelines, their interpretation of regulatory scope, and their responses to enforcement enquiries. The July 2022 BIS press release on stablecoin guidance is a concrete example: it marks the formal extension of PFMI principles to stablecoin arrangements, a development with direct operational implications for Payment Institutions firms handling digital assets. A Legal team that cannot retrieve the precise language of that communication is working with a gap in its understanding of when and how the firm's obligations changed.
The systemic risk for firms is that this kind of AI retrieval failure is invisible in the work product. An AI that invents a wrong rule produces text that can be checked against the source. An AI that simply declines to retrieve the source leaves the Legal team with nothing to verify — and the team may proceed on the basis that the question has no publicly available answer, when in fact the answer exists at the regulator's portal and is directly material to the firm's legal position.
Findings
Blind spots (1)
Finding#1 — BIS press release verbatim content — AI retrieval failure
- Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-PFMI-2012-Q025
- AI's failure: AI couldn't find the real answer even with web search enabled
- Risk for Legal at Payment Institutions: Internal legal opinion or contract clause rests on a misstated rule
- see this finding →
What your team should do
The default position for Legal teams at Payment Institutions firms should be to treat AI tools as a starting point for PFMI research, not a terminal source. For questions about the core framework — the twenty-four principles, their structure, and the high-level obligations they impose — AI tools provide reasonable orientation. Where the risk materialises is in questions that require verbatim primary source text: specific press releases, specific annexes, specific amendments issued on specific dates. For those questions, the AI's acknowledged inability to retrieve content from the regulator's portal means the team must go directly to the BIS website.
Practically, Legal teams should build a verification step into any PFMI research workflow that involves AI. If an AI tool responds by declining to provide specific text — rather than providing a substantive answer — that is a signal to retrieve the original document rather than treating the gap as an acceptable outcome. For materials tied to regulatory developments after the core 2012 PFMI publication, including the 2022 stablecoin guidance, the team should navigate directly to the BIS portal and download the primary source before citing or summarising it in any internal or external document.
Where AI tools are genuinely useful for Legal teams working on PFMI is in tasks that do not depend on verbatim retrieval: structuring a regulatory mapping exercise, drafting an initial framework for an internal PFMI compliance review, explaining the relationships between principles at a conceptual level, or generating a list of questions to put to external counsel. These are tasks where the AI's synthesising capability adds value without creating the verbatim-retrieval risk identified in our testing. The rule of thumb is straightforward: use AI to think, go to the regulator's portal to quote.
How RLB Can Help
RegLeg's published Hallucination Research gives the Legal team at a Payment Institutions firm a free, ready-to-use pre-flight check before placing weight on AI-generated output for regulatory questions. Each research entry documents the specific ways AI tools have misrepresented rules, cited non-existent provisions, or conflated requirements across payment frameworks — giving your team concrete, evidenced failure patterns rather than abstract caution. Running that check takes minutes and can prevent the kind of reliance on plausible-sounding but incorrect regulatory positions that carries real compliance and reputational risk.
Beyond the published research, RegLeg offers bespoke regulator deep-dives scoped to the workflows your Legal function actually uses. For Payment Institutions operating across multiple jurisdictions, that typically means mapping AI-supported tasks — licence condition reviews, regulatory correspondence drafts, horizon-scanning, and cross-border equivalence analysis — against the hallucination failure modes most prevalent in each relevant framework. The output is a prioritised exposure map your team can act on directly: knowing which tasks benefit most from AI assistance and which require tighter human review before outputs are relied upon.
For firms with an existing AI-use policy, RegLeg can conduct a confidential review against our failure-mode catalogue, identifying gaps and producing a prioritised remediation plan aligned to your current workflows and governance structure. We also develop training materials and CPD-aligned content tailored for Legal teams — practical, case-grounded sessions that build the critical fluency your lawyers need to work productively with AI tools without inadvertently accepting flawed regulatory analysis.