AI Hallucination ResearchAudiencesSectorsInternational / MultilateralPayment InstitutionsTechnology DataDetail › Finding
Payment Institutions × Technology Data — International / Multilateral · published 2026-05-28 · methodology v2.1

Operational detail for cyber incident response in the 2016 guidance versus later documents

RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019
What the RLB Specialist Panel found

3. Operational detail for cyber incident response in the 2016 guidance versus later documents

  • Question (paraphrased to protect IP): Does the CPMI-IOSCO 2016 Cyber Guidance specify detailed operational practices for cyber incident response and recovery, or is that level of detail addressed by a later document?
  • Source regulation: Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016) (Regulator portal: https://www.bis.org)
  • What AI assistants typically say: AI assistants answer that the 2016 guidance does contain detailed expectations for incident response and recovery, presenting a specific list that includes cyber incident response plans, the two-hour recovery time objective, secondary site requirements, and communication protocols — characterising the 2016 document as the primary source of operational-level requirements.
  • What the regulator actually says: The Financial Stability Board published 'Effective Practices for Cyber Incident Response and Recovery' in October 2020, four years after the 2016 CPMI-IOSCO guidance. That 2020 FSB publication contains the operational detail for the response and recovery phase that goes beyond what the 2016 guidance specifies.
  • Why the AI went wrong: AI tools overclaimed the depth of the 2016 document, presenting it as operationally detailed when it functions at a higher level of principle. The gap-filling role of the FSB's 2020 publication — which provides the granular practices that the 2016 guidance does not — was not acknowledged.
  • Cited source(s):
Impact for this audience

A Technology & Data team that accepts the AI's characterisation of the 2016 guidance as containing detailed operational incident response requirements may write those requirements into the firm's cyber incident response plan without consulting the FSB's 2020 Effective Practices document, which provides the granular operational detail the 2016 guidance does not. The firm's incident response plan would then be anchored to an incorrect description of what CPMI-IOSCO actually prescribes at the operational level — creating a gap that regulators, auditors, or post-incident reviews may identify. Business interruption costs and potential regulatory findings arising from an under-specified incident response capability could be significant for a Payment Institution whose operational continuity is directly supervised.

References — raw findings (per AI model)
This finding also affects
← Previous finding Finding 2. Origin of the phrase 'secure the periphery, protect the core'
Cite this finding

Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.

Plain text 
RegLeg Specialist Panel (2026). "Operational detail for cyber incident response in the 2016 guidance versus later documents — Payment Institutions × Technology Data — International / Multilateral." Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019. RegLegBrief AI Hallucination Research, published 2026-05-28. https://reglegbrief.com/audiences/sectors/int/payment_institutions/technology_data/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019/
APA 7th edition 
RegLeg Specialist Panel. (2026). Operational detail for cyber incident response in the 2016 guidance versus later documents [Hallucination finding RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/audiences/sectors/int/payment_institutions/technology_data/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019/
Bluebook / OSCOLA (US + UK legal) 
RegLeg Specialist Panel, Operational detail for cyber incident response in the 2016 guidance versus later documents [RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019], RegLegBrief AI Hallucination Research (May 28, 2026), https://reglegbrief.com/audiences/sectors/int/payment_institutions/technology_data/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019/.
BibTeX 
@misc{reglegbrief_RLB_F_INT_BIS_CPMI_IOSCO_CYBER_RESILIENCE_FMI_2016_Q019,
  author    = {RegLeg Specialist Panel},
  title     = {Operational detail for cyber incident response in the 2016 guidance versus later documents},
  year      = {2026},
  publisher = {RegLegBrief AI Hallucination Research},
  note      = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019},
  url       = {https://reglegbrief.com/audiences/sectors/int/payment_institutions/technology_data/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019/}
}
← Back to case study summary Case study detail →
About Citation IDs →