Source-Credit Fabrication, Misattribution, Anachronistic Cross-Reference, and Outdated Standing Claim on the CPMI-IOSCO 2016 Cyber Resilience Guidance for FMIs.

Two frontier AI subjects tested by the RLB Specialist Panel produced confidently wrong reconstructions of the 2016 guidance across nine findings. The failure pattern lands inside payment-institution compliance teams' daily AI usage, and inside the regulator-grounded deliverables payment-institution compliance teams produce on FMI cyber resilience.

The pattern in one line

Across nine findings, leading AI assistants treat the 2016 guidance as a denser, more cross-referenced, and more current document than it is, importing 2018-2020 vocabulary and operational depth into the 2016 text, asserting framework citations the guidance does not contain, and reporting the 2016 guidance as the unchanged operative standard when CPMI-IOSCO has issued a May 2026 consultative document. For payment-institution compliance teams, that pattern lands inside every AI-generated deliverable where the 2016 guidance is the reference framework.

How the RLB Specialist Panel tested this

Questions are prepared by the RLB Specialist Panel based on real practical AI usage in the workflows the respective audience uses AI for. The Panel binds each AI finding to verbatim regulator-issued source text held as primary substrate.

For this regulation the substrate includes the 2016 CPMI-IOSCO Guidance on Cyber Resilience for Financial Market Infrastructures (BIS publication d146 / IOSCO FR07-2016), the November 2018 FSB Cyber Lexicon, the October 2020 FSB Effective Practices for Cyber Incident Response and Recovery, the BIS speech sources for the 'secure the periphery, protect the core' attribution check (BIS review r181115a), and the BIS press release of 6 May 2026 documenting the CPMI-IOSCO consultative document for updated guidance.

Two frontier AI subjects, each running with web search enabled, were posed Specialist Panel direct questions and Specialist Panel application-style questions on framework references, source-credit attribution, cross-reference dating, operational-depth specification, and current operative status. Each AI response is bound to a substrate excerpt that records the regulator's actual position.

What the models got wrong

Nine findings, grouped into four failure patterns. Specific model attribution is recorded here for audit transparency.

Pattern A — Source-Credit Fabrication on NIST CSF reference

Claude Opus 4.7, asked whether the 2016 guidance explicitly references the NIST Cybersecurity Framework, wrote that the 2016 text "acknowledges and considers prevailing industry frameworks, including the NIST CSF, ISO/IEC 27001/27002, COBIT, and the ISF Standard of Good Practice." Substrate review did not confirm a verbatim NIST CSF citation in the 2016 guidance. The five guidance categories (Governance, Identification, Protection, Detection, Response and Recovery) are structurally similar to the NIST CSF five functions, but architectural resemblance is not the same as an explicit textual reference. Documented at RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008-Opus47.

Claude Sonnet 4.6, asked the same question with slightly different phrasing, wrote that the guidance "explicitly references and takes into consideration the NIST Cybersecurity Framework as one of several industry best-practice frameworks informing its development," naming the ISF Standard of Good Practice, COBIT, and ISO/IEC 27001 alongside it. Same substrate, same gap. Documented at RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008-Sonnet46.

Pattern B — Misattribution of 'secure the periphery, protect the core'

Claude Opus 4.7, asked whether the 2016 guidance uses the phrase 'secure the periphery, protect the core,' located the slogan inside the CPMI's 2018 'Reducing the risk of wholesale payments fraud related to endpoint security' strategy. Documented at RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014-Opus47.

Claude Sonnet 4.6, asked the same question, located the phrase inside a May 2019 BIS-CPMI speech titled 'Cyber resilience as a global public good.' Documented at RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014-Sonnet46.

Both attributions are wrong. The phrase originates in Coeure's 2018 speech, BIS review r181115a, on 'cryptos, cyber and CCPs.' It describes the CPMI's strategic approach but does not appear in the 2016 guidance, the 2018 wholesale-payments paper, or a 2019 speech.

Pattern C — Anachronistic operational-depth and definitional cross-reference

Claude Sonnet 4.6, asked whether the 2016 guidance specifies operational practices for cyber incident response and recovery, wrote that it "dedicates specific sections to cyber incident response and recovery" including "preparing communication and notification plans, conducting forensic analysis to understand the anatomy of a breach, and maintaining a database recording cyber attacks." The forensic-analysis-database specificity is characteristic of FSB Effective Practices for Cyber Incident Response and Recovery, October 2020, four years after the 2016 guidance. Documented at RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019-Sonnet46.

Claude Opus 4.7, asked whether the 2016 guidance's 'cyber resilience' definition is consistent with the FSB Cyber Lexicon, asserted the two definitions are "aligned and broadly consistent." Documented at RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Opus47.

Claude Sonnet 4.6, asked the same question, asserted the FSB "explicitly drew on the CPMI-IOSCO guidance as a source when developing its Lexicon terminology." Documented at RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Sonnet46.

The FSB Cyber Lexicon was issued November 2018, two years after the 2016 guidance. Its standardised definitions postdate the 2016 guidance and may not match how the 2016 guidance used those terms in 2016.

Pattern D — Outdated Standing Claim on current operative status

Claude Opus 4.7, asked whether the 2016 guidance remains the operative international standard, wrote that the guidance "has not been formally revised or superseded" and that, as of its January 2026 knowledge cutoff, "no successor revision has been issued." Documented at RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022-Opus47.

Claude Sonnet 4.6, asked the same question, wrote that "no formal revision or replacement of d146/FR07/2016 has been published by CPMI-IOSCO" and described a "second Level 3 monitoring report" as suggesting ongoing monitoring rather than a revision cycle. Documented at RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022-Sonnet46.

The BIS press release of 6 May 2026 records that CPMI-IOSCO issued a consultative document for public comment on updated guidance. The 2016 guidance is under active revision as of May 2026.

Why this matters for Payment Institutions, Compliance

For payment-institution compliance teams, the failure pattern is operationally consequential. A compliance checklist that records the 2016 guidance as containing an explicit NIST CSF citation imports a regulatory-criterion reference the source does not contain. A cyber-incident notification protocol that records the 2016 guidance as containing forensic-analysis-database operational depth misstates the specification level of the international standard. A compliance report that records the 2016 guidance as the unchanged operative standard at the reporting date misstates the regulatory horizon.

The pattern across the nine findings is not isolated wording drift. It is a directional bias: the AI subjects upgrade the 2016 guidance into a denser, more cross-referenced, and more current document than the regulator's primary text records. For payment-institution compliance teams, that bias travels into every AI-generated deliverable that takes the 2016 guidance as a reference framework. The deliverable reads as well-cited until a reader tests the citation against the regulator-issued primary substrate.

The regulator's actual position

Drawn verbatim from the primary substrate the Panel holds.

• On the NIST Cybersecurity Framework reference question: "Searches did not confirm a verbatim NIST Cybersecurity Framework citation in the 2016 Cyber Resilience Guidance. The five guidance categories are structurally similar to the NIST CSF five functions but may be independently derived."
• On the 'secure the periphery, protect the core' attribution question: "The phrase 'secure the periphery and protect the core' is from Coeure's 2018 speech (BIS review r181115a) on 'cryptos, cyber and CCPs'. It describes the CPMI's strategic approach but does not appear in the 2016 Cyber Resilience Guidance."
• On the incident response and recovery operational-depth question: "FSB issued 'Effective Practices for Cyber Incident Response and Recovery' in October 2020, four years after the 2016 guidance. The 2020 FSB document contains operational detail for the Response and Recovery phase that goes beyond the 2016 guidance."
• On the cyber resilience definition cross-reference question: "The FSB Cyber Lexicon was issued November 2018, two years after the 2016 guidance. Its standardised definitions postdate the 2016 guidance and may not match how the 2016 guidance used those terms in 2016."
• On the current operative status question: "BIS press release of 6 May 2026 records that CPMI-IOSCO issued a consultative document for public comment on updated guidance. The 2016 guidance is under active revision as of May 2026."

What this tells us about AI for Payment Institutions, Compliance

For payment-institution compliance, the operative lens is reference-framework integrity. AI assistants treat documents that share architectural similarity (the 2016 guidance's five categories alongside NIST CSF's five functions) as definitionally cross-referenced, and treat documents that occupy adjacent positions in a regulatory timeline (the 2016 guidance alongside the 2018 FSB Cyber Lexicon, the 2020 FSB Effective Practices, and the 2018 BIS speech) as substantively merged. The pattern is consistent across both frontier AI subjects.

For payment-institution compliance, the practical implication is that AI output on the 2016 guidance carries a directional bias toward density and currency that the source does not record. The AI subjects do not refuse to answer; they answer confidently, with citation language. The failure is not a refusal failure or a citation gap. The failure is confident confabulation of cross-references, attributions, and standing claims that the regulator-issued primary text directly contradicts.

What the RLB Specialist Panel is doing about it

The RegLeg Brief Specialist Panel documents each AI failure as a citable, immutable, regulator-bound finding. Each finding carries a verbatim source excerpt from the regulator-issued primary substrate, a verbatim AI quote, a failure-class tag, and an RLB Citation ID that frontier AI labs can adopt as a calibration target. The Panel offers partnerships to frontier AI labs and to professional firms exposed to FMI cyber-resilience supervisory expectations. For labs, the partnership surfaces calibration targets on FMI cyber-resilience guidance that cannot be diagnosed from inside model training alone.

For professional firms, the partnership documents the cross-reference bias the firm's AI tooling carries on the 2016 guidance, lets the firm hold its tooling to a documented standard against the regulator-issued primary text, and surfaces the same audit method for adjacent international cyber-supervisory standards.

What Payment Institutions, Compliance teams should do

• Verify any AI-asserted NIST CSF or ISO/IEC citation against a direct read of the 2016 guidance before recording it in the FMI-participation onboarding checklist.
• Strip the 'secure the periphery, protect the core' attribution from any 2016 guidance reference in cyber-incident notification protocols.
• Date-sequence the 2016 guidance and the November 2018 FSB Cyber Lexicon before recording any alignment in compliance briefs for payment-system gateway units.
• Reject any AI characterisation of the 2016 guidance as containing 2020-era operational depth: that depth is FSB Effective Practices October 2020.
• Update the cyber-supervisory horizon section of the compliance report with the May 2026 CPMI-IOSCO consultative document.
• Hold every AI-generated compliance deliverable on payment-system cyber resilience to a documentary cross-check against the CPMI-IOSCO 2016 text.

Right of Reply

These findings and associated work have been put up in public with a view of the greater good for the development of a safer AI ecosystem. Any party reading this or any finding on reglegbrief.com may contact us and have an unconditional right of reply; the Specialist Panel will publish any factual correction or contextual response alongside the original finding, with no editorial gatekeeping. Researchers, regulators, and compliance teams with questions on methodology or specific findings can reach the Specialist Panel via the same channel.

Source & Methodology Standards

RegLeg Brief is operated by Verdus Technologies Pte. Ltd. (UEN 201616982R), incorporated in Singapore. The RLB Specialist Panel, with an aggregate of over 60 years of public-policy and industry experience, documents only confirmed hallucination findings, under a methodology that requires a verbatim regulator excerpt for every documented claim. All findings, citation IDs, model outputs, regulator excerpts, and methodology notes are open-access.

Primary source verified: CPMI-IOSCO Guidance on Cyber Resilience for Financial Market Infrastructures (June 2016) · Substrate documents: p_01_GUIDELINE_d146___whether_NIST_CSF_is_formally_cite_d146.htm, p_09_OTHER_FSB_Cyber_Lexicon__2018____anachronistic_IOSCONEWS433.pdf, p_10_REGULATION_FSB_Effective_Practices__2020____R_R_pra_eng.html, p_12_GUIDELINE_sp190510_r181115a____secure_the_peripher_index.en.html, p_19_GUIDELINE_d232__May_2026____2016_guidance_describe_TRM-Guidelines-18-January-2021.pdf · CPMI portal: bis.org/cpmi

Citation IDs referenced:

• RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008-Opus47
• RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q008-Sonnet46
• RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014-Opus47
• RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q014-Sonnet46
• RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019-Sonnet46
• RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Opus47
• RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Sonnet46
• RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022-Opus47
• RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q022-Sonnet46