AI Hallucination ResearchFindings by audienceSectorsInternational / MultilateralRetail BankingRisk › Promoting the Harmonisation of Application Programming Interfaces to Enhance Cross-Border Payments: Recommendations and Toolkit
Retail Banking × Risk — International / Multilateral · Last updated 11 Jun 2026 · methodology v2.3 · Hallucination Register
Share / Print X LinkedIn Email

AI Hallucination on Promoting the Harmonisation of Application Programming Interfaces to Enhance Cross-Border Payments: Recommendations and Toolkit for Risk teams at Retail Banking firms in international jurisdictions

📰 Read the public briefing for this regulation →
Retail Banking Risk teams: documentation and reporting gaps possible from AI reading of CPMI Cross-Border API Harmonisation 2024

Risk leads at retail banks supporting cross-border consumer payments on the CPMI API harmonisation programme are increasingly using AI to update payment-risk dashboards with CPMI connectivity figures, draft enterprise-risk-assessment annexes on the SARB pre-validation workstream, prepare board-risk-appetite papers on Africa-corridor consumer exposure, generate operational-risk metrics using fast payment system operator splits, and verify dated CPMI commitments against primary publications. The RLB Specialist Panel tested how that AI usage performs against the regulator's own primary text on CPMI's October 2024 d224 report and the related CPMI Brief and speech series.

The audit surfaced four substantive failure modes that the AI subjects delivered with regulator-fluent confidence.

Numeric Drift and False-Negative Availability Claim on CPMI API Harmonisation for Cross-Border Payments. Two frontier AI models tested by the RLB Specialist Panel returned confident, citable answers across the panel's CPMI substrate-bound question set on the October 2024 d224 report and the related CPMI Brief and speech series. The panel binds each AI finding to verbatim regulator-issued source text held as primary substrate.

Across the 2 findings in this Risk teams at Retail Banking firms briefing, the AI subjects returned a global fast payment system count of 57 sourced to the 2025 monitoring survey sample, when the authoritative CPMI figure is 70+; stated that the central-bank versus private operator split of global fast payment systems is not enumerated in public CPMI sources, when the November 2023 CPMI speech gives exact percentages.

A board-risk paper that records a CPMI cutover date the regulator never set is a factual error in a board-approved risk-appetite document. A risk dashboard that uses 57 rather than 70+ as the FPS baseline mis-sizes corridor exposure. An enterprise risk register entry recording 'no SARB pre-validation workstream identified' carries a verifiable error into a supervisory deliverable.

The findings are published with immutable RLB Citation IDs: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q010-Opus47, RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q010-Sonnet46. The full audit is published at the CPMI API Harmonisation for Cross-Border Payments hub on RegLegBrief.com.

Risk teams in retail banking calibrate corridor-concentration, FMI-counterparty exposure and operational-resilience metrics for remittance and consumer cross-border products against a tight set of CPMI numbers: global FPS count, cross-border-enabled subset, planning-pipeline, and central-bank-versus-private operator mix. Two AI failures on this regulation hit that set from opposite directions. Opus 4.7 compresses the FPS universe to 57 and drops the operator-mix breakdown; Sonnet 4.6 holds the 70-plus headline correctly but denies the operator-mix percentages exist. sp231115 supplies the full set. A risk-appetite paper built on either AI answer enters risk committee with an inflated concentration ratio and no operator-mix differentiation.

What the AI got wrong, and why it matters here

Both failures land where retail-bank risk depends on tight denominators and operator-type signal: a fabricated low count, and a denied operator-mix line. Neither has a downstream check before the paper enters committee.

Finding 1: FPS denominator compressed

Opus 4.7 cited the 2025 monitoring survey at 57 (56 in one graph) operational FPS with no operator-type breakdown. sp231115 gives 70-plus operational, 14 cross-border-enabled, 24 in the planning pipeline, 40% central-bank and 35% private. A retail-bank concentration ratio built on the AI denominator inflates the exposure share and strips the operator-mix differentiation.

Citation: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q010-Opus47.

Finding 2: Operator-mix denied

Sonnet 4.6 cited the 70-plus FPS headline correctly and denied that a precise central-bank-versus-private operator percentage exists in the Brief 10 summary. sp231115 names 40% central-bank and 35% private. Removing the operator-mix line collapses the central-bank-versus-private differentiation the risk paper depends on.

Citation: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q010-Sonnet46.

When this hits the risk calendar

Retail-bank risk pulls CPMI material on three artefacts: the corridor-concentration paper, the FMI-counterparty exposure note, and the annual risk-appetite calibration for cross-border consumer products.

Standing item Where the AI risk surfaces Failure mode
Corridor-concentration paper Denominator and operator-mix Findings 1 and 2
FMI-counterparty exposure note Operator-mix differentiation Findings 1 and 2
Annual risk-appetite calibration Pipeline forward signal and operator-mix Findings 1 and 2

Aggregate impact on the team

The same two failures collapse the operator-mix differentiation and the planning-pipeline forward signal, removing two of the three inputs risk-appetite calibration relies on.

Risk ImpactCountAffected findings
0

What this team should do

Tag the FPS count and the operator mix as known-failure outputs. Any AI draft naming those numbers must be sent through a primary-source check against sp231115 before it lands in a risk paper or a risk-appetite calibration.

Detection patterns to add to AI-review

  • FPS counts must trace to sp231115 or to a numbered CPMI brief.
  • Operator-mix denials must be cross-checked against sp231115 directly.

How RLB can help

RLB tracks AI failures on the FPS-landscape numerical anchors and refreshes the catalogue against live AI subjects on rotation. Retail-bank risk can wire the catalogue into the risk-paper review step so these two failure shapes are caught before they reach risk committee.

← Back to regulation page to see other sector × department combinations impacted by AI Hallucinations in this same regulation ← Back to Retail Banking × Risk (International / Multilateral) directory to see other regulation specific AI Hallucination impacts for your sector × department
← Back to Summary

Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.