AI Hallucination ResearchFindings by audiencePractitionersInternational / MultilateralLawyers › Promoting the Harmonisation of Application Programming Interfaces to Enhance Cross-Border Payments: Recommendations and Toolkit
Practitioners — Lawyers · Last updated 11 Jun 2026 · methodology v2.3 · Hallucination Register
Share / Print X LinkedIn Email

AI Hallucination on Promoting the Harmonisation of Application Programming Interfaces to Enhance Cross-Border Payments: Recommendations and Toolkit for Lawyers in international jurisdictions

📰 Read the public briefing for this regulation →
Lawyers: AI summaries of CPMI Cross-Border API Harmonisation 2024 may understate professional obligations

Lawyers advising on the CPMI API harmonisation recommendations for cross-border payments are increasingly using AI to draft client memos on each of the 10 recommendations, map recommendation-by-recommendation stakeholder obligations onto their client books, prepare partner-level briefings on the South African Reserve Bank pre-validation workstream, validate ISO 20022 address-format commitments against the regulator-issued source text, and generate horizon-scan summaries for client risk committees. The RLB Specialist Panel tested how that AI usage performs against the regulator's own primary text on CPMI's October 2024 d224 report and the related CPMI Brief and speech series.

The audit surfaced four substantive failure modes that the AI subjects delivered with regulator-fluent confidence.

Source-Credit Fabrication, Confident Denial, Stakeholder Taxonomy Fabrication and Fabricated Date-and-Format Commitment on CPMI API Harmonisation for Cross-Border Payments. Two frontier AI models tested by the RLB Specialist Panel returned confident, citable answers across the panel's CPMI substrate-bound question set on the October 2024 d224 report and the related CPMI Brief and speech series. The panel binds each AI finding to verbatim regulator-issued source text held as primary substrate.

Across the 4 findings in this Lawyers briefing, the AI subjects downgraded a regulator-stated named partnership to a speculative hedge; denied that any pilot partner has been named for the CPMI pre-validation API recommendation; built a recommendation-by-recommendation stakeholder breakdown from category names rather than the regulator's actual recommendation text; introduced a specific November 2026 cutover commitment for structured ISO 20022 addresses that does not appear in the regulator's text.

A partner-level memo that says SARB is not a named CPMI pre-validation partner embeds a verifiable factual error into an opinion deliverable. A scoping document that adopts a fabricated stakeholder taxonomy assigns the wrong recommendation owners to client product workstreams. A client briefing that quotes a November 2026 structured-address cutover as if it were regulator language commits the firm to a mandate the regulator never issued. Each error is durable: it travels into client files, engagement letters, internal know-how and partner-level deliverables, and is hard to walk back without quietly issuing a correction.

The findings are published with immutable RLB Citation IDs: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q007-Opus47, RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q007-Sonnet46, RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q008-Opus47, RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q009-Sonnet46. The full audit is published at the CPMI API Harmonisation for Cross-Border Payments hub on RegLegBrief.com.

Executive Summary

Lawyers advising on cross-border payments, whether in-house at correspondent banks, at payment institutions, or in advisory practice, face a CPMI framework whose substantive content is locked inside an inaccessible PDF, with only a high-level landing page and a few adjacent CPMI briefs available to AI retrieval. In our research, AI tools tested on this regulation produced 4 hallucinations: invented per-recommendation stakeholder taxonomies, misstated CPMI named partnerships with central banks, and fabricated commitments about ISO 20022 message-format cutover dates. The failure mode is not random.

It concentrates on precisely the operational detail a lawyer would need to scope client advice, draft regulatory submissions, or assess corridor exposure under named CPMI implementation tracks. A lawyer using AI to brief a client on this regulation without primary-source verification ships invented obligations and misattributed institutional partnerships into the matter file.

How AI gets this regulation wrong

The table below catalogues how AI tools erred when asked about this regulation in the contexts Lawyers most often encounter it. Failures cluster around AI substituting inference for retrieval, typically reading a category name, a publication abstract, or an adjacent CPMI speech and then generating structural detail that has no support in the regulator's own primary text. The AI does not flag the substitution; the inferred detail is presented in the same register as retrieved fact.

AI's Failure ModeCountAffected findings
0
0

What that means for your practice

The errors here split between regulatory enforcement risk, where AI-sourced detail enters a submission, opinion, or attestation that a regulator may later scrutinise, and wrong-deliverable risk where AI-sourced detail enters internal client memoranda, scoping notes, or matter correspondence. Both classes of error require active correction; the regulatory enforcement class additionally exposes the firm to supervisory or contested-position consequences.

Risk ImpactCountAffected findings
0
0

When this affects your work

Lawyers interact with the CPMI API harmonisation framework at three concrete junctures: scoping a client matter on cross-border payments compliance, drafting submissions or position papers responsive to CPMI-derived national regulation, and advising on correspondent banking governance where the CPMI's ten recommendations have started to flow into bilateral counterparty due diligence. In each setting, the lawyer needs to know which recommendation a given obligation traces back to, which institutional stakeholder the recommendation actually targets, and whether the client's jurisdiction is in an active implementation track (such as SARB's pre-validation collaboration documented in CPMI Brief No. 9).

AI-sourced answers on these questions present a specific risk shape. The 10 recommendations are publicly named at category level on the landing page, but their per-recommendation stakeholder allocation and specific text live inside the inaccessible PDF. AI tools fill that gap with inference dressed as retrieval, naming ISO, BIAN, SWIFT or other bodies against specific recommendations on a basis the regulator's own document does not support. Where that detail enters a client matter file or a regulatory submission, the correction effort later, once the lawyer or the client confirms the actual text, is non-trivial.

The fabricated detail does not always read as obviously wrong, and an opposing party or supervisor citing the actual regulator text exposes the gap with no warning.

The findings at a glance

The table below summarises each finding from our research on this regulation for Lawyers, including a short title, the type of AI failure observed, and the citation reference for the finding card below.

#Finding titleTypeCitation ID
1SARB pre-validation partnership downgraded to speculationHallucinationRLB-F-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q007
2SARB pre-validation partnership deniedHallucinationRLB-F-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q007
3Per-recommendation stakeholder taxonomy fabricatedHallucinationRLB-F-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q008
4ISO 20022 structured-address fabricationHallucinationRLB-F-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q009

Aggregate impact

The four findings on this regulation share a structural pattern: AI tools failed most severely where the underlying regulatory document is technically inaccessible for direct extraction (the 10-recommendation PDF and the technical annex of the ISO 20022 data requirements update), and compensated by generating plausible-sounding detail drawn from category names, related CPMI publications, or domain priors.

The fabrication is not limited to one model: both Claude Opus 4.7 and Claude Sonnet 4.6 with web search produced structurally similar errors on the same regulation, suggesting the failure is a property of how the regulation's content is exposed publicly rather than a model-specific artefact.

For Lawyers, the operational implication is that AI is not a viable first-pass scoping tool for CPMI API harmonisation matters in the way it might be for some better-documented regulations. Specifically, the per-recommendation stakeholder mapping that a lawyer would use to advise on which CPMI obligations attach to which client institution is exactly the content most aggressively hallucinated. Treating AI-sourced stakeholder assignments, implementation-partner identifications, or quoted ISO 20022 commitments as starting points for further verification rather than as established detail is the only safe posture.

What you should do

The default posture on CPMI API harmonisation matters should be that AI is useful for orientation and high-level framing, the purpose of the framework, the categories of recommendation, why cross-border payment friction is the policy concern, and unreliable for the specific operational detail that drives client advice. Per-recommendation stakeholder obligations, named jurisdictional implementation partners, and specific ISO 20022 message-format commitments should be verified against the primary CPMI publication before they enter a client matter file, a written opinion, or a regulatory submission.

Where the AI returns a structured detail, a four-area toolkit breakdown, a stakeholder taxonomy keyed to recommendation numbers, a specific cutover date with format requirements, treat the structure itself as a hypothesis requiring confirmation rather than as retrieved fact. The fabrication pattern documented here is that the structure looks well-formed and the AI does not signal that the content under the structure was inferred rather than retrieved.

A challenge-and-source-check protocol, asking the AI to identify the exact regulator-text source for any specific claim, and treating an evasive or generic answer as a verification trigger, is appropriate before any AI-sourced detail enters work product.

For matters with a jurisdictional implementation dimension, South Africa pre-validation work, any other CPMI bilateral track that emerges, the watch list should run off the CPMI publication feed directly. AI retrieval of CPMI briefs published in late 2025 and 2026 is erratic, and an implementation track that the AI denies or hedges may in fact be live and documented in a brief the AI never surfaced.

How RLB Can Help

RegLeg's Hallucination Research gives Lawyers a documented record of where AI assistants have produced confident, wrong answers on the categories of regulatory content most relevant to legal practice: rule attribution, named institutional partnerships, specific obligations under named recommendations, and quoted regulatory language. Before a client matter relies on AI-sourced detail, whether for scoping, drafting, or negotiation, the research lets the lawyer see which AI outputs warrant independent primary-source verification and which carry lower fabrication risk.

For practices where AI-supported workflows are embedded, research memoranda, first-pass regulatory mapping, due diligence summaries, RegLeg can run a bespoke deep-dive scoped to the practice's regulatory focus areas. The output maps the practice's highest-exposure workflows against the specific failure modes documented in the research: which question types and regulatory domains have demonstrated repeated AI miscalibration, and which verification protocols are appropriate at the workflow level.

RegLeg can also review a firm's existing AI-use policy confidentially against the failure-mode catalogue and return a prioritised remediation list, gaps in scope, untested assumptions about AI accuracy on regulatory content, and disclosure or escalation triggers that are absent or under-specified. CPD-aligned training material is available, calibrated for experienced practitioners who need defensible governance evidence rather than the introductory AI overview.

← Back to regulation page to see other professionals impacted by AI Hallucinations in this same regulation ← Back to Lawyers (International / Multilateral) directory to see other regulation specific AI Hallucination impacts for your profession
← Back to Summary

Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.