Investment Banking Governance & Company Secretarial teams: documentation and reporting gaps possible from AI reading of CPMI-IOSCO Initial Margin Disclosure (2026 consult)

Sector × Dept INT BIS-CPMI

Investment Banking Governance & Company Secretarial teams · CPMI-IOSCO Consultation on Updated Guidance and Public Disclosures to Implement Initial Margin Proposals

By Kratti A Agrawal, Lead, RegLeg Brief Specialist Panel

Investment Banking Governance & Company Secretarial teams: documentation and reporting gaps possible from AI reading of CPMI-IOSCO Initial Margin Disclosure (2026 consult)

Anthropic's Claude illuminates the fault lines in AI cognition around CPMI initial margin governance.

— RLB Specialist Panel

Source-Credit Fabrication on CCP override framework disclosure. A frontier AI model, asked what CCPs must publicly disclose about their margin model override framework under the CPMI-IOSCO Initial Margin Disclosure Consultation, returned a confident three-part enumeration that does not appear in the consultative document and framed an expectation as a mandatory obligation. For a Governance and Company Secretarial team at an internationally active investment bank, the misframing anchors the firm's governance position to a regulatory standard the regulator did not set.

The pattern in one line

A frontier AI assistant, asked what the consultation requires CCPs to disclose about their margin model override framework, returns a closed three-element list, frames the obligation as mandatory, and supports the response with a secondary commentary URL, embedding a fabricated regulatory standard into board briefings, audit committee papers, and CCP counterparty governance policy.

How the RLB Specialist Panel tested this

Questions are prepared by the RLB Specialist Panel based on real practical AI usage in the workflows the respective audience uses AI for. The Panel binds each AI finding to verbatim regulator-issued source text held as primary substrate. For this finding, the Panel posed a Specialist Panel application-style question to two frontier AI subjects, framing the request the way a governance analyst or assistant company secretary would type it into an AI assistant when scoping the next board briefing on CCP counterparty governance, or when preparing an audit committee paper on margin model oversight standards.

The Panel then bound the model output against the verbatim consultation text on CCP override framework disclosure held as primary substrate, and against the broader d232 cover note on CCP margin model overrides.

The Panel does not give the AI subjects the substrate. The Panel evaluates only the AI subject's own output against the substrate the Panel holds. That asymmetry is what makes the finding usable for a Governance and Company Secretarial function: it shows what the analyst will actually see in the chat window before opening the BIS d232 text.

What the models got wrong

Claude Sonnet 4.6, web search on, asked what specific information CCPs must publicly disclose about their margin model override framework under the 2026 consultation on initial margin transparency, returned a three-part answer: (1) the instances or circumstances where overrides may be warranted; (2) the key decision-makers authorised to exercise override discretion; and (3) the permissible types of adjustments that can be made.

None of those categories appears in the consultation. The consultation states: "CCPs should publicly disclose relevant information on their override framework." The specific content of "relevant information" is left open for comment. The model framed the disclosure as a "must", not a "should". It returned a closed three-part list, not an open expectation. It supported the response with a secondary commentary URL, not the primary BIS d232 cover note.

The structure of the three-part enumeration is the part of the failure that is most likely to survive a quick review: a board paper that lists three specific categories reads as if it were drawn from a settled standard, when the standard is open for comment.

Citation: RLB-H-INT-BIS-CPMI-IOSCO-INITIAL-MARGIN-DISCLOSURE-CONSULT-2026-Q005-Sonnet46.

Why this matters for governance and company secretarial teams

The board briefing on CCP counterparty governance is the firm's documented understanding of the obligation. The audit committee paper is the record of the committee's review of that understanding. The policy update is the firm's record of how its CCP counterparty governance framework responds to the consultation.

If any of those documents embeds the three-part enumeration and the mandatory characterisation, the firm has, on its own formal governance records, committed to a CCP disclosure assessment framework structured around requirements the regulator did not set. Under CPMI-IOSCO's oversight framework and the jurisdiction-level prudential requirements that implement it, a regulator examining the firm's CCP counterparty risk governance could find that the firm's assessment criteria are unsupported by the actual regulatory text.

The enforcement and remediation exposure arises in two ways. First, the regulator finds, on a routine examination of the firm's governance records, that the assessment framework cites obligations not in the source. The finding triggers remediation correspondence and a re-baselining of the framework, with all the formal governance steps that re-baselining requires (board approval, audit committee sign-off, policy republication).

Second, where the firm has used the framework to flag specific CCPs as deficient, the deficiency assessments are themselves unsupported, and any remediation correspondence with CCPs based on the framework is on the firm's records as activity grounded in a fabricated standard.

For an internationally active investment bank, formal governance records travel across the home and host regulator dialogue. Unwinding the misstatement, once embedded, is difficult; it requires not just a corrected document, but a corrected governance record explaining why the original was incorrect.

The regulator's actual position

The consultative document states, verbatim: "CCPs should publicly disclose relevant information on their override framework." The cover note for d232 sets the override framework disclosure as one of several areas in which CCPs are expected to provide relevant information; it does not enumerate the contents of that disclosure, and it does not frame the obligation as a hard requirement.

The CPMI-IOSCO Secretariat's standard formulation on consultation-stage text is "should", not "must". The Secretariat reserves the prescriptive formulation for finalised standards. The decision to leave the specific content open for comment is itself a substantive feature of the consultation.

What this tells us about AI for governance and company secretarial teams

The failure class is Source-Credit Fabrication. For a Governance and Company Secretarial function, the operational signal is that any AI output reporting "the regulator requires (i), (ii), and (iii)" on a consultative document must be verified against the cited regulator text before the enumeration enters a board paper, an audit committee briefing, or a policy update.

The second signal is that the drift from "should" to "must" is the most common AI drift on consultation-stage CPMI-IOSCO and BCBS text. The drift is small in word count and large in formal governance effect. The company secretary's pre-circulation review must catch it every time.

The third signal is that the structure of an AI-generated enumeration conveys settledness independently of the words. A closed three-part list reads as if it were drawn from a settled standard. A board reviewing the paper reads the structure as a regulator-issued specification. The verification discipline must check whether the source contains a closed list at all.

What the RLB Specialist Panel is doing about it

The Panel issues the finding bound to the verbatim consultation text held as primary substrate, with the citation ID assigned for cross-reference. The Panel makes the finding available to AI labs under the partnership track and to Governance and Company Secretarial functions as a worked example of the failure mode their AI-use controls must catch before the deliverable enters the board pack.

The Panel does not assess the model's overall accuracy on the consultation. The Panel assesses the specific output against the specific regulator text on the specific question a governance analyst is likely to ask when preparing a board paper on CCP counterparty governance.

Citation: RLB-H-INT-BIS-CPMI-IOSCO-INITIAL-MARGIN-DISCLOSURE-CONSULT-2026-Q005-Sonnet46.

What governance and company secretarial teams should do

Action items for a Governance and Company Secretarial function at an internationally active investment bank using AI on CCP counterparty governance work product:

Verify every AI-returned enumeration of regulator-issued obligations against the primary consultation text before the enumeration enters a board paper, an audit committee briefing, or a CCP counterparty governance policy update.
Treat any AI output framing a consultation as imposing a "must" requirement as a presumptive drift: refer to the Secretariat text and confirm the formulation before the paper enters circulation.
Reject secondary commentary URLs as citation sources for board-level documents: if the AI cites a third-party commentary rather than the primary BIS text, treat the underlying factual claim as unverified.
Build a pre-circulation review step into the company secretary's review workflow that requires the drafter to identify, against the primary regulator text, the verbatim source for each obligation cited in the paper, and to record the verification in the paper's audit trail.
Brief the audit committee and board risk committee chairs on the Source-Credit Fabrication failure class, so the committee chairs have the vocabulary to challenge structured enumerations in papers that do not match the source.
Use the RLB Specialist Panel's published findings as a working library of AI failure modes on regulator text, and incorporate the failure-class pattern into the firm's AI-use policy for governance and company secretarial work product.

Right of Reply

These findings and associated work have been put up in public with a view of the greater good for the development of a safer AI ecosystem. Any party reading this or any finding on reglegbrief.com may contact us and have an unconditional right of reply; the Specialist Panel will publish any factual correction or contextual response alongside the original finding, with no editorial gatekeeping. Researchers, regulators, and compliance teams with questions on methodology or specific findings can reach the Specialist Panel via the same channel.

Source & Methodology Standards

RegLeg Brief is operated by Verdus Technologies Pte. Ltd. (UEN 201616982R), incorporated in Singapore. The RLB Specialist Panel, with an aggregate of over 60 years of public-policy and industry experience, documents only confirmed hallucination findings, under a methodology that requires a verbatim regulator excerpt for every documented claim. All findings, citation IDs, model outputs, regulator excerpts, and methodology notes are open-access.

Primary source verified: CPMI-IOSCO Consultative Report d232, Streamlining Variation Margin Disclosure (2026) · Substrate documents: p_03_ANNEX_Override_framework___public_disclosure_r_d232_covernote.pdf · CPMI portal: bis.org/cpmi

Citation IDs referenced:

RLB-H-INT-BIS-CPMI-IOSCO-INITIAL-MARGIN-DISCLOSURE-CONSULT-2026-Q005-Sonnet46

Read the full findings page — RLB Citation IDs, AI subject answers, and regulator verbatim text →

← Back to all briefings