---
type: "AIHallucinationFinding"
title: "How does the 2016 CPMI-IOSCO Cyber Resilience Guidance define 'cyber resilience,' and is that…"
citation_id: "RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Sonnet46"
finding_uid: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020--sonnet-46-websearch"
question_uid: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020"
regulation_id: "INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016"
regulation_slug: "CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016"
regulation_title: "Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)"
regulator_short_code: "BIS-CPMI"
regulatory_body_id: "BIS-CPMI-INT-001"
jurisdiction_code: "INT"
j_level: "J1"
ai_subject: "claude-sonnet-4-6"
ai_subject_display: "Claude Sonnet 4.6 (web search on)"
ai_subject_version: "sonnet-46-websearch"
response_failure_mode: "inference_drift"
substrate_document_name: "p_09_OTHER_FSB_Cyber_Lexicon__2018____anachronistic_IOSCONEWS433.pdf"
substrate_document_path: "https://reglegbrief.com/substrate/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/_raw_manual_substrate/p_09_OTHER_FSB_Cyber_Lexicon__2018____anachronistic_IOSCONEWS433.pdf"
substrate_section_anchor: "FSB Cyber Lexicon (2018) — anachronistic definitions applied to d146"
citation_issue_types: ["Contradictory"]
audiences: ["ai_labs"]
published_at: "2026-06-07T07:58:33.988069+00:00"
substrate_version: 1
methodology_version: "2.3"
license: "CC-BY-4.0"
resource: "https://reglegbrief.com/regulators/j1/int/bis-cpmi/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/ai-labs/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020--sonnet-46-websearch/"
tags: ["ai-hallucination", "inference_drift", "bis-cpmi", "cpmi-iosco-cyber-resilience-fmi-2016", "int"]
timestamp: "2026-06-16T00:00:00+00:00"
---

# AI Hallucination Finding: How does the 2016 CPMI-IOSCO Cyber Resilience Guidance define 'cyber resilience,' and is that…

- **Citation ID.** `RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Sonnet46`
- **Finding UID.** `INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020--sonnet-46-websearch`
- **Regulation.** [`CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016`](/okf/regulations/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016.md) — Guidance on Cyber Resilience for Financial Market Infrastructures (CPMI-IOSCO 2016)
- **Regulator.** [`BIS-CPMI-INT-001`](/okf/bodies/BIS-CPMI-INT-001.md) — Bank for International Settlements — Committee on Payments and Market Infrastructures (CPMI)
- **AI subject.** Claude Sonnet 4.6 (web search on)
- **Failure mode.** [`inference_drift`](/okf/taxonomy/failure-modes.md)
- **Published.** 2026-06-07T07:58:33.988069+00:00

## Question put to the AI subject

How does the 2016 CPMI-IOSCO Cyber Resilience Guidance define 'cyber resilience,' and is that definition consistent with the FSB Cyber Lexicon definition published two years later in 2018?

## AI subject's verbatim answer

The two definitions are substantively consistent, with the FSB Lexicon adding language around 'adapting to changes in the environment' that slightly broadens the scope. The FSB explicitly drew on the CPMI-IOSCO guidance as a source when developing its Lexicon terminology.

## Verbatim regulator text contradicting the answer

> The FSB Cyber Lexicon was published November 2018 — two years after d146. Its standardised definitions (e.g., of 'cyber resilience', 'cyber incident', 'critical functions') postdate d146 and may not match d146's definitions exactly.

_Source:_ [p_09_OTHER_FSB_Cyber_Lexicon__2018____anachronistic_IOSCONEWS433.pdf](https://reglegbrief.com/substrate/INT/BIS-CPMI/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/_raw_manual_substrate/p_09_OTHER_FSB_Cyber_Lexicon__2018____anachronistic_IOSCONEWS433.pdf)
_Section anchor:_ FSB Cyber Lexicon (2018) — anachronistic definitions applied to d146

## Failure mode

**`inference_drift`** — Inference drift — the AI inferred a conclusion the regulator's text does not warrant, often by combining unrelated provisions.

## Citation-issue types

- **Contradictory** — <https://www.bis.org/cpmi/publ/d146.pdf>
- **Contradictory** — <https://www.fsb.org/uploads/P121118-1.pdf>

## Related concepts

- Regulation: [CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016](/okf/regulations/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016.md)
- Regulator: [BIS-CPMI-INT-001](/okf/bodies/BIS-CPMI-INT-001.md)
- Failure-mode taxonomy: [inference_drift](/okf/taxonomy/failure-modes.md)
- Methodology: [v2.3](/okf/methodology.md)
- Editorial standards: [right of reply](/okf/editorial-standards.md)

## Reproduction

Citation ID: `RLB-H-INT-BIS-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-Q020-Sonnet46`

Resource URL (HTML view of this finding):

<https://reglegbrief.com/regulators/j1/int/bis-cpmi/CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016/ai-labs/finding/INT-BIS-CPMI-INT-001-CPMI-IOSCO-CYBER-RESILIENCE-FMI-2016-v1-020--sonnet-46-websearch/>

This finding is reproducible against the substrate document linked above, using the same AI subject, the same methodology version, and the verbatim question text.