In-house legal counsel at payment institutions operating cross-border rails on the CPMI API harmonisation programme are increasingly using AI to draft legal memos on stakeholder obligations per recommendation, prepare board-paper legal annexes on the SARB pre-validation workstream, generate scoping documents for new correspondent counterparties, validate ISO 20022 structured-address commitments against regulator text, and produce regulatory horizon-scan summaries for the legal function. The RLB Specialist Panel tested how that AI usage performs against the regulator's own primary text on CPMI's October 2024 d224 report and the related CPMI Brief and speech series.
The audit surfaced four substantive failure modes that the AI subjects delivered with regulator-fluent confidence.
Confident Denial and Stakeholder Taxonomy Fabrication on CPMI API Harmonisation for Cross-Border Payments. Two frontier AI models tested by the RLB Specialist Panel returned confident, citable answers across the panel's CPMI substrate-bound question set on the October 2024 d224 report and the related CPMI Brief and speech series. The panel binds each AI finding to verbatim regulator-issued source text held as primary substrate.
Across the 2 findings in this Legal teams at Payment Institutions briefing, the AI subjects denied that any pilot partner has been named for the CPMI pre-validation API recommendation; built a recommendation-by-recommendation stakeholder breakdown from category names rather than the regulator's actual recommendation text.
A legal opinion that hedges the SARB pre-validation partnership as 'plausible but unverified' or denies it outright embeds a verifiable factual error in a partner-signed deliverable. A scoping document built on an AI per-recommendation stakeholder taxonomy carries fabricated assignments into the firm's contract pipeline. A regulatory horizon-scan annex that misses the SARB-CPMI workstream positions the firm behind a published regulator-bilateral programme.
The findings are published with immutable RLB Citation IDs: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q007-Sonnet46, RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q008-Opus47. The full audit is published at the CPMI API Harmonisation for Cross-Border Payments hub on RegLegBrief.com.
This is the consolidated view of findings. Click the Citation IDs or 'see details →' on any item for the full details for each finding.
Counsel inside a payment institution draws on CPMI material in two places: the regulatory-change clause in the system-operator integration agreement, and the corridor-risk addendum to the safeguarding-scheme trust deed. Sonnet 4.6 denies that any central bank has been named as the CPMI pre-validation pilot partner. CPMI Brief No. 9 (November 2025) names SARB. A change-of-law clause that relies on the AI's denial misses a documented bilateral workstream the system operator will eventually need to onboard against.
Counsel uses d224's stakeholder structure to assess which obligations the PI itself carries, which the system operator carries, and which sit with standards bodies, before drafting an integration-agreement schedule or a board paper on cross-border roadmap risk. Opus 4.7 returns a clean taxonomy built from category labels, not from the recommendation text. A scope schedule drafted against that taxonomy misallocates obligations between the PI and the operator counterparty, exactly where counsel later has to defend the position on counterparty challenge.
Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.