Risk leads at statutory boards and public agencies engaging with the CPMI API harmonisation programme are increasingly using AI to update agency-level CPMI risk dashboards, draft enterprise-risk-assessment annexes on the SARB pre-validation workstream, prepare board-risk-appetite papers on cross-border payments oversight, generate operational-risk metrics using fast payment system operator splits, and verify dated CPMI commitments against primary publications. The RLB Specialist Panel tested how that AI usage performs against the regulator's own primary text on CPMI's October 2024 d224 report and the related CPMI Brief and speech series.
The audit surfaced four substantive failure modes that the AI subjects delivered with regulator-fluent confidence.
Numeric Drift and False-Negative Availability Claim on CPMI API Harmonisation for Cross-Border Payments. Two frontier AI models tested by the RLB Specialist Panel returned confident, citable answers across the panel's CPMI substrate-bound question set on the October 2024 d224 report and the related CPMI Brief and speech series. The panel binds each AI finding to verbatim regulator-issued source text held as primary substrate.
Across the 2 findings in this Risk teams at Statutory Boards & Agencies briefing, the AI subjects returned a global fast payment system count of 57 sourced to the 2025 monitoring survey sample, when the authoritative CPMI figure is 70+; stated that the central-bank versus private operator split of global fast payment systems is not enumerated in public CPMI sources, when the November 2023 CPMI speech gives exact percentages.
A board-risk paper that records a CPMI cutover date the regulator never set is a factual error in a board-approved agency document. A risk dashboard that uses 57 rather than 70+ as the FPS connectivity baseline mis-sizes the agency's oversight scope. An enterprise risk register entry recording 'no SARB pre-validation workstream identified' carries a verifiable error into an official deliverable.
The findings are published with immutable RLB Citation IDs: RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q010-Opus47, RLB-H-INT-BIS-CPMI-API-HARMONISATION-CROSS-BORDER-2024-Q010-Sonnet46. The full audit is published at the CPMI API Harmonisation for Cross-Border Payments hub on RegLegBrief.com.
This is the consolidated view of findings. Click the Citation IDs or 'see details →' on any item for the full details for each finding.
Risk and surveillance teams inside statutory boards (national payments oversight, systemic-risk units, FMI supervisors) calibrate the domestic FPS-landscape view against CPMI-published counts. Opus 4.7 cites the 2025 monitoring survey at 57 operational FPS with no operator-type breakdown. The Tara Rice November 2023 speech (sp231115) gives 70-plus operational, 14 cross-border-enabled, 24 in the five-year pipeline, 40% central-bank and 35% private. A systemic-risk surveillance memo built on the AI denominator inflates the domestic share of cross-border-enabled FPS exposure and strips the operator-type signal that drives oversight-perimeter calibration.
Sonnet 4.6 cites the 70-plus FPS headline correctly and denies that a precise central-bank-versus-private operator percentage is enumerated in the Brief 10 summary. sp231115 names 40% central-bank and 35% private. For statutory-body risk teams calibrating systemic-risk views and FMI-designation thresholds, removing the operator-mix line collapses the central-bank-versus-private differentiation the oversight memo is built on.
Every finding on this page compares an AI subject's account of the rule against the regulator's verbatim text from the regulator's own portal. Both are linked. Each delta, its root causes, and impact analysis are documented and published with immutable Citation IDs.