Executive Summary
Product and Business Development teams at retail banks operating internationally depend on accurate market-structure data to build business cases, brief senior leadership, and position their cross-border payment propositions competitively. On the CPMI's API harmonisation framework for cross-border payments — which sets the landscape coordinates for where fast payment system interoperability is heading — AI tools failed on the one question that sits at the centre of every market briefing: how large is the global fast payment system universe, and how far has cross-border activation progressed?
Across two AI tools tested on that question, neither returned the CPMI's own authoritative figures intact: one substituted a survey sample count for the global universe figure, and the other correctly cited several statistics while falsely asserting the operator ownership split was unavailable in public CPMI sources — when it appears explicitly in a published CPMI speech. Both failures carry the same practical consequence: a Product and Business Development team member who builds a market briefing or business case on an AI-sourced answer would circulate materially incorrect market-structure data to senior stakeholders.
How AI gets this regulation wrong
The AI failures on this regulation cluster around a single failure pattern: confident answers on market statistics that, when probed, either collapse into a retraction or reveal that the AI scoped its search to a secondary source while ignoring a primary CPMI publication where the answer was explicit. In both cases the AI presented its initial response without signalling uncertainty, and only surfaced the error when challenged directly.
| AI's Failure Mode | Count | Affected findings |
|---|---|---|
| Exposed Fabrication | 1 | Finding#1 |
What that means for your team
For Product and Business Development teams at retail banks, the dominant risk from AI failures on this regulation falls into the wrong-deliverable category: a market briefing, a board slide deck, or a business case that embeds incorrect CPMI landscape figures will misrepresent the competitive environment to decision-makers who are acting on that framing. The practical exposure is not regulatory penalty but strategic credibility — and in cross-border payments, where partnership and product-roadmap decisions are anchored to assessments of the fast payment system landscape, a corrupted data point works quietly until it meets a counterpart who has read the primary source.
| Risk Impact | Count | Affected findings |
|---|---|---|
| Wrong deliverable | 1 | Finding#1 |
When this affects your department
The most common trigger is market intelligence production. When a Product or Business Development manager is building the competitive landscape section of a cross-border payment product proposal — or preparing the "where are fast payment systems globally?" slide for a steering committee — AI tools are a natural first stop for aggregating CPMI and BIS data quickly.
The CPMI's API harmonisation work is explicitly framed around the density and connectivity of the global fast payment system network, so the headline statistics (total systems operational, cross-border activation rate, forward pipeline of linkages, operator ownership structure) are not incidental detail — they are the foundation of any serious market narrative. Getting those numbers wrong does not just weaken a deck; it signals to anyone in the room who has read the CPMI's own publications that the team hasn't.
A second trigger is partner and network due diligence. Retail banks building or extending their cross-border rails need to assess which fast payment networks are cross-border activated and which are in the planning phase, and what the ownership structure of a prospective partner implies for governance and access terms. Accurate headline counts — 70+ systems operational globally, 14 already cross-border enabled, 24 in planning — provide the calibration against which a specific partner's claims are evaluated.
If a team is working from an AI-sourced figure of 57 operational systems, their sense of how crowded or early-stage the field is will be materially off, and so will the implied urgency and leverage position in any partnership negotiation.
A third trigger is regulatory-horizon scanning. Product teams monitoring how the CPMI API harmonisation framework may affect product design requirements — API specifications, message-format alignment, interoperability obligations — will consult AI tools to synthesise the trajectory. Here the risk is compounded: if the AI's market-structure data is wrong, the team's estimate of how quickly harmonisation pressure will land is also distorted. A team that believes the cross-border activation rate is lower than CPMI reports will under-invest in readiness; one that believes operator concentration is different from reality will misread where standards leverage sits.
The findings at a glance
The table below summarises the finding tested on this regulation, the type of AI error produced, and the risk category it maps to for Product and Business Development teams at retail banks in international jurisdictions.
| # | Finding title | Type | Citation ID |
|---|---|---|---|
| 1 | Global fast payment system landscape statistics — AI conflates survey sample with global count | Hallucination | RLB-F-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q010 |
Aggregate impact
The single finding tested on this regulation exposes a failure mode that is particularly acute for Product and Business Development teams: AI tools presenting authoritative-sounding statistics with misplaced confidence, sourcing errors to a legitimate secondary publication rather than the primary CPMI speech where the correct data lives. One AI tool substituted the 2025 CPMI monitoring survey's sample size — 57 systems — for the global universe figure of 70+, a conflation that is both plausible-sounding and directly contradicted by the CPMI's own published speech.
The second tool correctly retrieved several figures but falsely declared the operator ownership split unavailable in public CPMI sources, when Tara Rice's November 2023 CPMI speech states it explicitly: 40% central bank operated, 35% privately operated. In both cases, the AI cited a Pretextual source — a real CPMI publication that did not actually contain the specific claim being made.
The pattern that emerges is not random noise but a structural gap in how AI tools handle the CPMI's distributed publication ecosystem. The CPMI publishes data across monitoring briefs, committee speeches, and technical toolkits, and these are not always mutually consistent or co-indexed. AI tools tend to anchor on the most prominent secondary source (a monitoring brief summary, a press release) rather than triangulating across the full publication set.
For Product and Business Development teams, this is a systematic risk: any AI query about fast payment system landscape figures is more likely to surface a monitoring brief's sample size than a CPMI speech's global universe statement, and nothing in the AI's response flags that the survey sample and the global count are different constructs.
The aggregate exposure for a retail bank operating internationally is a set of market intelligence assets — briefings, business cases, partnership assessments — that are internally coherent but grounded on a corrupted data point. This kind of error travels well: a wrong figure in a Q3 business case brief gets carried into the Q4 strategic plan, then into the following year's partnership mandate. By the time it is challenged — typically by an external counterpart or a regulator who has read the primary source — it has accumulated institutional weight and is harder to correct without embarrassment.
What your team should do
The default position for this regulation is: do not use AI tools to retrieve CPMI market statistics without primary-source verification. The specific failure pattern here — AI tools anchoring on monitoring brief sample sizes rather than published global-universe figures — is not recoverable through prompt-engineering alone, because the AI's initial response gives no indication that a distinction exists between survey respondents and the full global fast payment system count. The error is not obviously wrong from the face of the output.
Any internal briefing or business case that cites CPMI figures on the number of operational fast payment systems, cross-border activation rates, planning pipelines, or operator ownership splits must be traced directly to the CPMI publication that carries the specific number — not to an AI synthesis of CPMI publications.
Practically, the team should bookmark Tara Rice's November 2023 CPMI speech directly and treat it as the primary source for the landscape statistics that appear most frequently in internal deliverables: 70+ systems operational globally, 14 cross-border enabled, 24 in planning within five years, 40% central-bank operated, 35% privately operated. These figures are not buried — they are in published CPMI speeches accessible at bis.org — but AI tools do not reliably surface them when asked for monitoring survey data, because the query maps more naturally to the monitoring brief corpus than to the speeches corpus.
The team should also distinguish between a CPMI monitoring survey's sample (the number of systems that responded to a given survey wave) and the CPMI's estimate of the global universe; these are different and AI tools conflate them without warning.
AI tools remain useful on this regulation for non-statistical tasks: summarising the API design principles, mapping the interoperability toolkit's technical layers, drafting internal explainers on the G20 cross-border payments roadmap context, or producing first-draft frameworks for assessing a prospective partner's alignment with the harmonisation recommendations. Where AI adds risk is specifically at the intersection of market intelligence and CPMI numerical claims — and that is precisely the territory that Product and Business Development outputs rely on most heavily.
How RLB Can Help
RegLeg's published Hallucination Research is available as a free pre-flight reference before your team acts on AI-assisted regulatory analysis — product eligibility reads, cross-border licensing assessments, conduct-risk scoping for new features. The findings index which regulatory texts, jurisdictions, and question types have already produced documented AI failures in controlled testing.
If your team is relying on AI output to inform a product approval decision or a market-entry call and the relevant regulation appears in the catalogue, that is the moment to cross-check: not to abandon the workflow, but to know which outputs carry weight and which need a qualified second read before they reach a credit committee or a regulator.
For Product & Business Development specifically, the highest-exposure workflows tend to cluster around the same fault lines the research surfaces repeatedly: eligibility thresholds stated with false precision, exemption conditions that AI tools assert confidently but get wrong in detail, and jurisdiction-specific carve-outs that were amended after the model's training horizon. RegLeg can run a bespoke deep-dive against the regulator set that matters to your firm's product roadmap — mapping where AI assistance is low-risk in your workflows and where the documented failure modes should change how your team stages that reliance.
The output is scoped to your regulatory perimeter, not a generic risk list.
If your firm already has an AI-use policy in place for product development and regulatory research functions, RegLeg can review it against the failure-mode catalogue under confidentiality and return a prioritised remediation view: which policy provisions are substantively protective, which create false confidence, and where the gaps sit relative to the failure patterns the research has documented. We can also develop training material and CPD-aligned content calibrated to Product & Business Development workflows — not generic AI-literacy content, but material that treats your team's existing regulatory and commercial expertise as the baseline and builds on it.