AI Hallucination ResearchFindings by audienceSectorsInternational / MultilateralPayment InstitutionsOperations › Promoting the Harmonisation of Application Programming Interfaces to Enhance Cross-Border Payments: Recommendations and Toolkit
Payment Institutions × Operations — International / Multilateral · Last updated 11 Jun 2026 · methodology v2.3 · Hallucination Register
Share / Print X LinkedIn Email

AI Hallucination on Promoting the Harmonisation of Application Programming Interfaces to Enhance Cross-Border Payments: Recommendations and Toolkit for Operations teams at Payment Institutions firms in international jurisdictions

📰 Read the public briefing for this regulation →
Payment Institutions Operations teams: documentation and reporting gaps possible from AI reading of CPMI Cross-Border API Harmonisation 2024

Operations leads at payment institutions running cross-border rails under the CPMI API harmonisation programme are increasingly using AI to draft ISO 20022 message-format runbook updates, prepare operational readiness papers on the SARB pre-validation workstream, update capacity-planning briefings against published FPS connectivity figures, generate vendor-management packs against CPMI implementation milestones, and verify dated CPMI commitments against regulator publications. The RLB Specialist Panel tested how that AI usage performs against the regulator's own primary text on CPMI's October 2024 d224 report and the related CPMI Brief and speech series.

The audit surfaced four substantive failure modes that the AI subjects delivered with regulator-fluent confidence.

Fabricated Date-and-Format Commitment and Numeric Drift on CPMI API Harmonisation for Cross-Border Payments. Two frontier AI models tested by the RLB Specialist Panel returned confident, citable answers across the panel's CPMI substrate-bound question set on the October 2024 d224 report and the related CPMI Brief and speech series. The panel binds each AI finding to verbatim regulator-issued source text held as primary substrate.

Across the 2 findings in this Operations teams at Payment Institutions briefing, the AI subjects introduced a specific November 2026 cutover commitment for structured ISO 20022 addresses that does not appear in the regulator's text; returned a global fast payment system count of 57 sourced to the 2025 monitoring survey sample, when the authoritative CPMI figure is 70+.

An operational readiness paper that records a November 2026 structured-ISO-20022 cutover as a CPMI mandate triggers a remediation programme against a regulator commitment the regulator never made. A capacity-planning briefing that uses 57 as the global FPS count under-sizes corridor expansion against a regulator-stated 70+ universe. A vendor-management pack built on AI-asserted CPMI mandates accepts vendor commitments against an imaginary regulator baseline.

The findings are published with immutable RLB Citation IDs: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q009-Sonnet46, RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q010-Opus47. The full audit is published at the CPMI API Harmonisation for Cross-Border Payments hub on RegLegBrief.com.

Operations at a payment institution holds two CPMI-derived inputs in active use: the ISO 20022 address-format and message-validation regime (against d230), and the FPS-connectivity roadmap that sets the next 18 months of integration work (against the CPMI cross-border-payments brief series). Two AI failures on this regulation hit both inputs. Sonnet 4.6 manufactured a November 2026 structured-address cutover the d230 source does not state, and Opus 4.7 returned a 57-FPS 2025-survey count that erases the 70-plus operational figure and the operator-mix breakdown from the Tara Rice November 2023 speech.

Either error, lifted into an ops change-management ticket or the connectivity roadmap, displaces real CBPR+ and integration capacity against fabricated anchors.

What the AI got wrong, and why it matters here

Both errors land where ops normally trusts numerical specificity. Both are confidently delivered without any flag that the primary regulator text was not actually retrieved.

Finding 1: Fabricated November 2026 ISO 20022 cutover

Sonnet 4.6 committed to a November 2026 structured-address-only cutover for ISO 20022 cross-border payment messages, framed as a d230 commitment. The d230 source describes only standardisation and regulatory developments since 2023 and a separate technical annex; the November 2026 cutover is not in the document. Quoted into an address-validation pipeline change ticket, the line schedules ops capacity against a regulatory deadline that does not exist.

Citation: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q009-Sonnet46.

Finding 2: FPS count compressed and operator mix dropped

Opus 4.7 cited the 2025 monitoring survey at 57 (56 in one graph) operational fast payment systems with no operator-type breakdown. The Tara Rice November 2023 speech (sp231115) gives 70-plus operational, 14 cross-border-enabled, 24 in the five-year planning pipeline, 40% central-bank-operated and 35% privately operated. An ops connectivity roadmap built on the AI answer is sized too small and drops the forward-pipeline signal.

Citation: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q010-Opus47.

When this hits the ops calendar

Operations pulls CPMI material on three artefacts: the message-validation change ticket and pipeline, the correspondent-conformance schedule, and the FPS-connectivity roadmap that ops costs and product owns.

Standing item Where the AI risk surfaces Failure mode
Address-validation pipeline change ticket ISO 20022 cutover date commitment Finding 1
Correspondent-conformance schedule ISO 20022 cutover commitments and FPS connectivity sizing Findings 1 and 2
FPS-connectivity roadmap FPS count and forward-pipeline signal Finding 2

Aggregate impact on the team

The fabricated cutover books address-validation capacity against a non-existent deadline; the compressed FPS count strips the forward-pipeline signal that staffing decisions depend on.

Risk ImpactCountAffected findings
0

What this team should do

Tag the November 2026 cutover assertion and the 57-FPS figure as known-failure outputs. Any AI draft that contains either must be returned through a primary-source verification step against d230 and sp231115 before it lands in a change ticket or the connectivity roadmap.

Detection patterns to add to AI-review

  • ISO 20022 cutover dates against d230 must be verified against the d230 text and technical annex.
  • FPS counts must trace to sp231115 or to a numbered CPMI cross-border monitoring brief.

How RLB can help

RLB tracks the failure pattern on d230 and the CPMI cross-border-payments brief series and refreshes the catalogue against live AI subjects on rotation. PI ops can wire the catalogue into the change-ticket review step so these two failure shapes never reach the connectivity roadmap or the conformance schedule.

← Back to regulation page to see other sector × department combinations impacted by AI Hallucinations in this same regulation ← Back to Payment Institutions × Operations (International / Multilateral) directory to see other regulation specific AI Hallucination impacts for your sector × department
← Back to Summary

Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.