Risk teams in payment institutions calibrate corridor-concentration, FMI-exposure and operational-resilience metrics against two CPMI inputs: which d224 recommendations actually create PI-side obligation versus operator-side obligation, and the global FPS count and operator-mix denominators that anchor concentration ratios. Two AI failures on this regulation hit those two inputs. Opus 4.7 returned a reconstructed stakeholder taxonomy on the 10 d224 recommendations, and Opus 4.7 returned a compressed 57-FPS count with no operator-mix breakdown. The Tara Rice November 2023 speech (sp231115) supplies the right denominator set.
A risk-appetite paper built on either AI answer enters risk committee with misallocated obligation scope and an inflated concentration ratio against the wrong denominator.
What the AI got wrong, and why it matters here
Both failures land where risk depends on tight numerical or scope detail: a stakeholder mapping that drives obligation routing, and an FPS denominator that drives concentration ratios.
Finding 1: Reconstructed per-recommendation stakeholder taxonomy
Opus 4.7 returned a clean stakeholder taxonomy across d224's 10 recommendations, built from category labels rather than the recommendation text. A PI risk-appetite paper written off that taxonomy will misroute obligation scope between the PI and its system-operator counterparty.
Citation: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q008-Opus47.
Finding 2: Compressed FPS denominator
Opus 4.7 cited the 2025 monitoring survey at 57 operational FPS with no operator-type breakdown. sp231115 gives 70-plus operational, 14 cross-border-enabled and a 40%/35% operator mix. A concentration ratio built on the AI denominator inflates exposure share materially and strips operator-type differentiation.
Citation: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q010-Opus47.
When this hits the risk calendar
PI risk pulls CPMI material on three artefacts: the corridor-concentration paper, the FMI-exposure note for the system-operator integration, and the annual risk-appetite calibration.
| Standing item | Where the AI risk surfaces | Failure mode |
|---|---|---|
| Corridor-concentration paper | FPS denominator and operator mix | Finding 2 |
| FMI-exposure note for the system-operator integration | Stakeholder-obligation taxonomy | Finding 1 |
| Annual risk-appetite calibration | Both | Both |
Aggregate impact on the team
The fabricated taxonomy misroutes the obligation scope; the compressed FPS denominator inflates the concentration ratio. Together, they corrupt both the numerator-side and the denominator-side of the corridor-concentration view.
| Risk Impact | Count | Affected findings |
|---|---|---|
| 0 |
What this team should do
Tag the d224 stakeholder taxonomy and any AI-quoted FPS count as known-failure outputs. Any draft containing either must be returned through a primary-source check (d224 recommendation text and sp231115) before it lands in a risk-appetite paper or a corridor-concentration view.
Detection patterns to add to AI-review
- Stakeholder taxonomies on d224 must be verified against the recommendation text.
- FPS denominators must trace to sp231115 or to a numbered CPMI brief.
How RLB can help
RLB tracks AI failures on d224 and the CPMI cross-border-payments brief series and refreshes the catalogue against live AI subjects on rotation. PI risk can wire the catalogue into the risk-paper review step so these two failure shapes are caught before they reach risk committee.