AI Hallucination ResearchAudiencesSectorsInternational / MultilateralStatutory Boards AgenciesComplianceDetail › Finding
Statutory Boards Agencies × Compliance — International / Multilateral · published 2026-05-26 · methodology v2.1

Misattributed source for a CPMI strategic phrase

RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014
What the RLB Specialist Panel found

1. Misattributed source for a CPMI strategic phrase

  • Question (paraphrased to protect IP): Does the CPMI-IOSCO 2016 Cyber Guidance contain the phrase 'secure the periphery, protect the core', and if not, where does it originate?
  • Source regulation: Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)
  • What AI assistants typically say: The AI tool correctly states that the phrase does not appear in the 2016 guidance, but then misidentifies the origin — attributing it to a CPMI document on reducing the risk of wholesale payments fraud related to endpoint security, rather than to the speech in which it actually appeared.
  • What the regulator actually says: The phrase 'secure the periphery and protect the core' originates in a 2018 speech by a senior CPMI official (published as BIS Review r181115a), which describes the CPMI's strategic approach but is entirely separate from the 2016 guidance document.
  • Why the AI went wrong: The AI identified related CPMI material from approximately the same period and substituted a plausible-sounding document for the actual source — a cross-reference error that is easy to miss because the misidentified document is genuine and thematically adjacent.
  • Cited source(s): Regulator portal: https://www.bis.org
Impact for this audience

A Compliance team at a Statutory Boards and Agencies firm that asks AI tools to trace the origin of CPMI strategic language — for example, when drafting a board paper on cyber resilience strategy or preparing a response to a regulatory enquiry — risks citing the wrong source document. If the firm characterises a phrase as originating in a specific CPMI endpoint security publication when it actually appeared in a senior official's speech, a regulator reviewing that characterisation may identify the error as evidence of inadequate due diligence. Correcting the record after submission carries both direct administrative cost and reputational exposure in an ongoing supervisory relationship.

References — raw findings (per AI model)
This finding also affects
Next finding → Finding 2. Overconfident alignment claim between the 2016 guidance and the 2018 FSB Cyber Lexicon
Cite this finding

Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.

Plain text 
RegLeg Specialist Panel (2026). "Misattributed source for a CPMI strategic phrase — Statutory Boards Agencies × Compliance — International / Multilateral." Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014. RegLegBrief AI Hallucination Research, published 2026-05-26. https://reglegbrief.com/audiences/sectors/int/statutory_boards_agencies/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014/
APA 7th edition 
RegLeg Specialist Panel. (2026). Misattributed source for a CPMI strategic phrase [Hallucination finding RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/audiences/sectors/int/statutory_boards_agencies/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014/
Bluebook / OSCOLA (US + UK legal) 
RegLeg Specialist Panel, Misattributed source for a CPMI strategic phrase [RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014], RegLegBrief AI Hallucination Research (May 26, 2026), https://reglegbrief.com/audiences/sectors/int/statutory_boards_agencies/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014/.
BibTeX 
@misc{reglegbrief_RLB_F_INT_BIS_CPMI_IOSCO_CYBER_RESILIENCE_FMI_2016_Q014,
  author    = {RegLeg Specialist Panel},
  title     = {Misattributed source for a CPMI strategic phrase},
  year      = {2026},
  publisher = {RegLegBrief AI Hallucination Research},
  note      = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014},
  url       = {https://reglegbrief.com/audiences/sectors/int/statutory_boards_agencies/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-014/}
}
← Back to case study summary Case study detail →
About Citation IDs →