Risk leads at payment institutions running cross-border rails on the CPMI API harmonisation programme are increasingly using AI to update payment-risk dashboards with CPMI connectivity figures, draft enterprise-risk-assessment annexes on the SARB pre-validation workstream, prepare board-risk-appetite papers, generate operational-risk metrics using fast payment system operator splits, and verify dated CPMI commitments against primary publications. The RLB Specialist Panel tested how that AI usage performs against the regulator's own primary text on CPMI's October 2024 d224 report and the related CPMI Brief and speech series. The audit surfaced four substantive failure modes that the AI subjects delivered with regulator-fluent confidence.
Stakeholder Taxonomy Fabrication and Numeric Drift on CPMI API Harmonisation for Cross-Border Payments. Two frontier AI models tested by the RLB Specialist Panel returned confident, citable answers across the panel's CPMI substrate-bound question set on the October 2024 d224 report and the related CPMI Brief and speech series. The panel binds each AI finding to verbatim regulator-issued source text held as primary substrate.
Across the 2 findings in this Risk teams at Payment Institutions briefing, the AI subjects built a recommendation-by-recommendation stakeholder breakdown from category names rather than the regulator's actual recommendation text; returned a global fast payment system count of 57 sourced to the 2025 monitoring survey sample, when the authoritative CPMI figure is 70+.
A board-risk paper that records a CPMI cutover date the regulator never set is a factual error in a board-approved risk-appetite document. A risk dashboard that uses 57 rather than 70+ as the FPS connectivity baseline mis-sizes corridor exposure. An enterprise risk register entry recording 'no SARB pre-validation workstream identified' carries a verifiable error into a supervisory deliverable.
The findings are published with immutable RLB Citation IDs: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q008-Opus47, RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q010-Opus47. The full audit is published at the CPMI API Harmonisation for Cross-Border Payments hub on RegLegBrief.com.
This is the consolidated view of findings. Click the Citation IDs or 'see details →' on any item for the full details for each finding.
Risk teams inside a payment institution scope which d224 recommendations actually create PI-side concentration or operational-resilience exposure, versus those that bind the system operator the PI integrates with. Opus 4.7 returns a clean per-recommendation stakeholder taxonomy reconstructed from category labels rather than the recommendation text. A PI risk-appetite paper or second-line scope note written off that taxonomy will misroute concentration analysis between the PI and the system operator and will not survive a second-line challenge against the primary text.
PI risk teams calibrate corridor-concentration and FMI-exposure metrics against the global FPS denominator. Opus 4.7 cites the 2025 monitoring survey at 57 operational FPS with no operator-type breakdown. sp231115 gives 70-plus operational, 14 cross-border-enabled, 24 in the planning pipeline, 40% central-bank-operated and 35% privately operated. A concentration ratio built on the AI denominator overstates exposure share by close to 20% and strips the operator-type signal that the risk-appetite line is calibrated against.
Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.