AI Hallucination ResearchFindings by audienceSectorsInternational / MultilateralSoftware & SaaSTechnology & Data › Promoting the Harmonisation of Application Programming Interfaces to Enhance Cross-Border Payments: Recommendations and Toolkit
Software & SaaS × Technology & Data — International / Multilateral · Last updated 11 Jun 2026 · methodology v2.3 · Hallucination Register
Share / Print X LinkedIn Email

AI Hallucination on Promoting the Harmonisation of Application Programming Interfaces to Enhance Cross-Border Payments: Recommendations and Toolkit for Technology & Data teams at Software & SaaS firms in international jurisdictions

📰 Read the public briefing for this regulation →
Software & SaaS Technology & Data teams: documentation and reporting gaps possible from AI reading of CPMI Cross-Border API Harmonisation 2024

Technology and data teams at software and SaaS firms implementing ISO 20022 message-handling for cross-border payments platforms aligned to the CPMI API harmonisation programme are increasingly using AI to draft message-schema change notes, generate API specification documents against CPMI recommendations, prepare data-model impact assessments on structured-address formats, populate engineering change-control tickets with regulator-stated cutover dates, and validate vendor-supplied implementation roadmaps against CPMI source. The RLB Specialist Panel tested how that AI usage performs against the regulator's own primary text on CPMI's October 2024 d224 report and the related CPMI Brief and speech series.

The audit surfaced four substantive failure modes that the AI subjects delivered with regulator-fluent confidence.

Stakeholder Taxonomy Fabrication and Fabricated Date-and-Format Commitment on CPMI API Harmonisation for Cross-Border Payments. Two frontier AI models tested by the RLB Specialist Panel returned confident, citable answers across the panel's CPMI substrate-bound question set on the October 2024 d224 report and the related CPMI Brief and speech series. The panel binds each AI finding to verbatim regulator-issued source text held as primary substrate.

Across the 2 findings in this Technology & Data teams at Software & SaaS firms briefing, the AI subjects built a recommendation-by-recommendation stakeholder breakdown from category names rather than the regulator's actual recommendation text; introduced a specific November 2026 cutover commitment for structured ISO 20022 addresses that does not appear in the regulator's text.

An engineering change-control ticket that records a November 2026 CPMI structured-address cutover triggers a real implementation programme against a regulator commitment the regulator never issued. An API specification document built on an AI-fabricated per-recommendation stakeholder taxonomy mis-routes integration ownership across the platform engineering team.

The findings are published with immutable RLB Citation IDs: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q008-Opus47, RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q009-Sonnet46. The full audit is published at the CPMI API Harmonisation for Cross-Border Payments hub on RegLegBrief.com.

Engineering and data teams at payments-API SaaS firms land on d224 and d230 at the public API contract, the ISO 20022 schema evolution layer, the address-normalisation pipeline and the customer release-notes template. Two AI failures on this regulation hit those surfaces directly. Opus 4.7 returned a reconstructed stakeholder taxonomy against d224's 10 recommendations, and Sonnet 4.6 committed to a November 2026 ISO 20022 structured-address cutover that does not appear in the d230 source text. A backlog or capability map built off either AI output routes tickets to the wrong squad and schedules engineering capacity against an undocumented regulatory deadline.

What the AI got wrong, and why it matters here

Both failures inject content into customer-facing technical deliverables (release notes, schema-evolution tickets, capability map). The customer integrations team will catch the error before SaaS QA does.

Finding 1: Reconstructed stakeholder taxonomy

Opus 4.7 returned a clean stakeholder taxonomy across d224's 10 recommendations, built from category labels rather than the recommendation text. A SaaS backlog scoped off that taxonomy routes engineering work to the wrong integration squad and produces a capability map that breaks on customer architecture review.

Citation: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q008-Opus47.

Finding 2: Fabricated November 2026 ISO 20022 cutover

Sonnet 4.6 committed to a hard November 2026 structured-address-only cutover for ISO 20022 cross-border payment messages, framed as a d230 commitment. The d230 source describes only standardisation and regulatory developments since 2023 and a separate technical annex. A schema-evolution ticket or customer release-notes entry that quotes the AI line books engineering capacity against a non-existent regulatory deadline.

Citation: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q009-Sonnet46.

When this hits the engineering calendar

SaaS engineering and data pull CPMI material on three artefacts: the d224 capability map that drives backlog scoping, the ISO 20022 schema-evolution backlog and address-format epics, and the customer release-notes template.

Standing item Where the AI risk surfaces Failure mode
d224 capability map Stakeholder-to-recommendation routing Finding 1
ISO 20022 schema-evolution backlog Cutover-date commitments Finding 2
Customer release-notes template Both Both

Aggregate impact on the team

The two failures together corrupt both the capability map (Finding 1) and the schema-evolution backlog (Finding 2). The downstream cost is wasted engineering capacity and a release-notes line that contradicts the customer's own d230 read.

Risk ImpactCountAffected findings
0

What this team should do

Tag the d224 stakeholder taxonomy and the d230 ISO 20022 cutover date as known-failure outputs. Any AI draft for a customer-facing technical artefact must be returned through a primary-source check before it ships externally.

Detection patterns to add to AI-review

  • Stakeholder-to-recommendation mappings on d224 must be verified against the recommendation text.
  • ISO 20022 cutover-date assertions against d230 must be verified against the d230 text and technical annex.

How RLB can help

RLB tracks AI failures on d224 and d230 and refreshes the catalogue against live AI subjects on rotation. SaaS engineering can wire the catalogue into the customer-deliverable review step so these two failure shapes never reach a release-notes line or a customer architecture review.

← Back to regulation page to see other sector × department combinations impacted by AI Hallucinations in this same regulation ← Back to Software & SaaS × Technology & Data (International / Multilateral) directory to see other regulation specific AI Hallucination impacts for your sector × department
← Back to Summary

Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.