Statutory Boards Agencies × Compliance — International / Multilateral · published 2026-05-26 · methodology v2.1

Overconfident alignment claim between the 2016 guidance and the 2018 FSB Cyber Lexicon

RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020

What the RLB Specialist Panel found

2. Overconfident alignment claim between the 2016 guidance and the 2018 FSB Cyber Lexicon

Question (paraphrased to protect IP): How does the CPMI-IOSCO 2016 Cyber Guidance define 'cyber resilience', and how does this compare to the definition in the 2018 FSB Cyber Lexicon?
Source regulation: Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)
What AI assistants typically say: Multiple AI tools gave similar incorrect responses. In each case the AI asserted that the two definitions are broadly consistent or that the FSB Cyber Lexicon explicitly drew on the CPMI-IOSCO formulation — presenting a confident comparative judgment rather than acknowledging that the two documents are separated by two years and that their definitions may not correspond.
What the regulator actually says: The FSB Cyber Lexicon was published in November 2018 — two years after the 2016 guidance. Its standardised definitions, including of 'cyber resilience', 'cyber incident', and 'critical functions', postdate the 2016 guidance and may not match how that guidance used the same terms in 2016.
Why the AI went wrong: The AI stripped out the documented epistemic uncertainty — that the later lexicon's definitions may not match the earlier guidance — and substituted a confident alignment claim, including an unsupported assertion about directional influence between the two documents.
Cited source(s): Regulator portal: https://www.bis.org

Impact for this audience

A Compliance function that uses AI tools to compare the 2016 CPMI-IOSCO guidance with the 2018 FSB Cyber Lexicon — for example, to map the firm's definitional framework or to assess whether internal policy language aligns with both standards — may unknowingly adopt a false equivalence between the two. The 2018 Lexicon's definitions postdate the 2016 guidance and may not correspond; AI tools that assert confident alignment effectively suppress this documented uncertainty. A regulatory mapping exercise built on this incorrect alignment could result in a gap analysis that fails to surface a real definitional divergence, exposing the firm to a finding of non-compliance if the regulator applies the Lexicon's definitions to assess the firm's framework.

References — raw findings (per AI model)

RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Opus47 Claude Opus 4.7 (web search on)
RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Sonnet46 Claude Sonnet 4.6 (web search on)

This finding also affects

← Previous finding Finding 1. Misattributed source for a CPMI strategic phrase Next finding → Finding 3. False assertion that the 2016 guidance remains the operative standard

Cite this finding

Each finding has a stable Citation ID (RLB-F-… for aggregated case-study findings, RLB-H-… for raw per-model hallucinations) — like a DOI, the ID always resolves to the canonical finding even if URLs change.

Plain text

RegLeg Specialist Panel (2026). "Overconfident alignment claim between the 2016 guidance and the 2018 FSB Cyber Lexicon — Statutory Boards Agencies × Compliance — International / Multilateral." Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020. RegLegBrief AI Hallucination Research, published 2026-05-26. https://reglegbrief.com/audiences/sectors/int/statutory_boards_agencies/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/

APA 7th edition

RegLeg Specialist Panel. (2026). Overconfident alignment claim between the 2016 guidance and the 2018 FSB Cyber Lexicon [Hallucination finding RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020]. RegLegBrief AI Hallucination Research. https://reglegbrief.com/audiences/sectors/int/statutory_boards_agencies/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/

Bluebook / OSCOLA (US + UK legal)

RegLeg Specialist Panel, Overconfident alignment claim between the 2016 guidance and the 2018 FSB Cyber Lexicon [RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020], RegLegBrief AI Hallucination Research (May 26, 2026), https://reglegbrief.com/audiences/sectors/int/statutory_boards_agencies/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/.

BibTeX

@misc{reglegbrief_RLB_F_INT_BIS_CPMI_IOSCO_CYBER_RESILIENCE_FMI_2016_Q020,
  author    = {RegLeg Specialist Panel},
  title     = {Overconfident alignment claim between the 2016 guidance and the 2018 FSB Cyber Lexicon},
  year      = {2026},
  publisher = {RegLegBrief AI Hallucination Research},
  note      = {Hallucination finding Citation ID: RLB-F-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020},
  url       = {https://reglegbrief.com/audiences/sectors/int/statutory_boards_agencies/compliance/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020/}
}

← Back to case study summary Case study detail →

About Citation IDs →