---
type: "AIHallucinationFinding"
title: "What level of operational detail does the 2016 CPMI-IOSCO Cyber Resilience Guidance provide for…"
citation_id: "RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019-Sonnet46"
finding_uid: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019--sonnet-46-websearch"
question_uid: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019"
regulation_id: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016"
regulation_slug: "CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016"
regulation_title: "Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)"
regulator_short_code: "BIS-CPMI"
regulatory_body_id: "BIS-CPMI-INT-001"
jurisdiction_code: "INT"
j_level: "J1"
ai_subject: "claude-sonnet-4-6"
ai_subject_display: "Claude Sonnet 4.6 (web search on)"
ai_subject_version: "sonnet-46-websearch"
response_failure_mode: "misattributed"
substrate_document_name: "p_10_REGULATION_FSB_Effective_Practices__2020____R_R_pra_eng.html"
substrate_document_path: "https://reglegbrief.com/substrate/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/_raw_manual_substrate/p_10_REGULATION_FSB_Effective_Practices__2020____R_R_pra_eng.html"
substrate_section_anchor: "FSB Effective Practices (2020) — R&R practices attributed to d146"
citation_issue_types: ["Contradictory"]
audiences: ["ai_labs"]
published_at: "2026-06-07T07:58:33.987993+00:00"
substrate_version: 1
methodology_version: "2.3"
license: "CC-BY-4.0"
resource: "https://reglegbrief.com/regulators/j1/int/bis-cpmi/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/ai-labs/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019--sonnet-46-websearch/"
tags: ["ai-hallucination", "misattributed", "bis-cpmi", "cpmi-iosco-cyber-resilience-fmi-2016", "int"]
timestamp: "2026-06-16T00:00:00+00:00"
---

# AI Hallucination Finding: What level of operational detail does the 2016 CPMI-IOSCO Cyber Resilience Guidance provide for…

- **Citation ID.** `RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019-Sonnet46`
- **Finding UID.** `INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019--sonnet-46-websearch`
- **Regulation.** [`CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016`](/okf/regulations/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016.md) — Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)
- **Regulator.** [`BIS-CPMI-INT-001`](/okf/bodies/BIS-CPMI-INT-001.md) — Bank for International Settlements — Committee on Payments and Market Infrastructures (CPMI)
- **AI subject.** Claude Sonnet 4.6 (web search on)
- **Failure mode.** [`misattributed`](/okf/taxonomy/failure-modes.md)
- **Published.** 2026-06-07T07:58:33.987993+00:00

## Question put to the AI subject

What level of operational detail does the 2016 CPMI-IOSCO Cyber Resilience Guidance provide for incident response and recovery, and how does that compare to subsequent international publications on the same topic?

## AI subject's verbatim answer

Yes, the 2016 guidance does describe specific practices for the response and recovery phases... preparing communication and notification plans...conducting forensic analysis to understand the anatomy of a breach; maintaining a database recording cyber attacks

## Verbatim regulator text contradicting the answer

> FSB published 'Effective Practices for Cyber Incident Response and Recovery' in October 2020 — four years after d146. This contains operational detail for the Response and Recovery phase that goes beyond d146.

_Source:_ [p_10_REGULATION_FSB_Effective_Practices__2020____R_R_pra_eng.html](https://reglegbrief.com/substrate/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/_raw_manual_substrate/p_10_REGULATION_FSB_Effective_Practices__2020____R_R_pra_eng.html)
_Section anchor:_ FSB Effective Practices (2020) — R&R practices attributed to d146

## Failure mode

**`misattributed`** — Misattributed — the AI attributed a rule to the wrong source, wrong regulator, or wrong instrument.

## Citation-issue types

- **Contradictory** — <https://www.bis.org/cpmi/publ/d146.pdf>
- **Contradictory** — <https://www.iosco.org/library/pubdocs/pdf/IOSCOPD535.pdf>

## Related concepts

- Regulation: [CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016](/okf/regulations/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016.md)
- Regulator: [BIS-CPMI-INT-001](/okf/bodies/BIS-CPMI-INT-001.md)
- Failure-mode taxonomy: [misattributed](/okf/taxonomy/failure-modes.md)
- Methodology: [v2.3](/okf/methodology.md)
- Editorial standards: [right of reply](/okf/editorial-standards.md)

## Reproduction

Citation ID: `RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q019-Sonnet46`

Resource URL (HTML view of this finding):

<https://reglegbrief.com/regulators/j1/int/bis-cpmi/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/ai-labs/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-019--sonnet-46-websearch/>

This finding is reproducible against the substrate document linked above, using the same AI subject, the same methodology version, and the verbatim question text.